Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:36, on 31.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\documents and settings\jitka\local settings\temp\pb1e9c\spoolvsf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14672&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jitka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jitka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Intel i386] C:\servces.exe
O4 - HKLM\..\Run: [test] Windows2.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [msngers] c:\documents and settings\jitka\local settings\temp\pb1e9c\spoolvsf.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca49bdfba8f4f0) (gupdate1ca49bdfba8f4f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 13542 bytes
Prosim o kontrolu logu
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Vítej na fóru
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Odinstaluj přes Přidat nebo odebrat programy, pokud nutně nepotřebuješ tyto toolbary:
Ask Toolbar
free-downloads.net Toolbar
Winamp Toolbar
ICQ ToolBar
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Odinstaluj přes Přidat nebo odebrat programy, pokud nutně nepotřebuješ tyto toolbary:
Ask Toolbar
free-downloads.net Toolbar
Winamp Toolbar
ICQ ToolBar
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosim o kontrolu logu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4373
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31.7.2010 17:49:45
mbam-log-2010-07-31 (17-49-45).txt
Typ skenu: Rychlý sken
Skenované objekty: 127890
Uplynulý čas: 23 minuta(y), 18 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 2
Infikované klíče registru: 31
Infikované hodnoty registru: 6
Infikované datové položky registru: 3
Infikované složky: 19
Infikované soubory: 39
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intel i386 (Backdoor.IRCBot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> No action taken.
Infikované soubory:
C:\servces.exe (Backdoor.IRCBot) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\cqsgf.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\insnts.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\mqpp.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\vdolew.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\7149.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\uzso.exe (Trojan.FakeAlert) -> No action taken.
C:\mirc.ini (Malware.Trace) -> No action taken.
C:\remote.ini (Malware.Trace) -> No action taken.
C:\update.exe (Trojan.Agent) -> No action taken.
www.malwarebytes.org
Verze databáze: 4373
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31.7.2010 17:49:45
mbam-log-2010-07-31 (17-49-45).txt
Typ skenu: Rychlý sken
Skenované objekty: 127890
Uplynulý čas: 23 minuta(y), 18 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 2
Infikované klíče registru: 31
Infikované hodnoty registru: 6
Infikované datové položky registru: 3
Infikované složky: 19
Infikované soubory: 39
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intel i386 (Backdoor.IRCBot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> No action taken.
Infikované soubory:
C:\servces.exe (Backdoor.IRCBot) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\cqsgf.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\insnts.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\mqpp.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\vdolew.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\7149.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\uzso.exe (Trojan.FakeAlert) -> No action taken.
C:\mirc.ini (Malware.Trace) -> No action taken.
C:\remote.ini (Malware.Trace) -> No action taken.
C:\update.exe (Trojan.Agent) -> No action taken.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Odinstaluj přes Přidat nebo odebrat programy:
Internet Saving Optimizer
Media Access Startup
System Search Dispatcher
pokud by jsi je nenašel v seznamu, tak udělej toto.
Jdi postupně do těchto složek a spusť soubory označené modře, tím spustíš odinstalační rutinu.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Pokud používáš program mIRC, tak zruš zatřžení u položky Malware.Trace
C:\mirc.ini (Malware.Trace) -> No action taken.
C:\remote.ini (Malware.Trace) -> No action taken.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vypni rez. ochranu u antiviru a antispywaru, před spuštěním ComboFixu
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Internet Saving Optimizer
Media Access Startup
System Search Dispatcher
pokud by jsi je nenašel v seznamu, tak udělej toto.
Jdi postupně do těchto složek a spusť soubory označené modře, tím spustíš odinstalační rutinu.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Pokud používáš program mIRC, tak zruš zatřžení u položky Malware.Trace
C:\mirc.ini (Malware.Trace) -> No action taken.
C:\remote.ini (Malware.Trace) -> No action taken.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vypni rez. ochranu u antiviru a antispywaru, před spuštěním ComboFixu
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosim o kontrolu logu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4373
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31.7.2010 22:43:02
mbam-log-2010-07-31 (22-43-02).txt
Typ skenu: Rychlý sken
Skenované objekty: 127720
Uplynulý čas: 22 minuta(y), 58 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 24
Infikované hodnoty registru: 4
Infikované datové položky registru: 3
Infikované složky: 2
Infikované soubory: 10
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intel i386 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
C:\servces.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\cqsgf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\insnts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\mqpp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\vdolew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\7149.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\uzso.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\mirc.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\remote.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
www.malwarebytes.org
Verze databáze: 4373
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31.7.2010 22:43:02
mbam-log-2010-07-31 (22-43-02).txt
Typ skenu: Rychlý sken
Skenované objekty: 127720
Uplynulý čas: 22 minuta(y), 58 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 24
Infikované hodnoty registru: 4
Infikované datové položky registru: 3
Infikované složky: 2
Infikované soubory: 10
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intel i386 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
C:\servces.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\cqsgf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\insnts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\mqpp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\vdolew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\7149.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\uzso.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\mirc.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\remote.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Re: Prosim o kontrolu logu
a tady ten druhej log po te modre obrazovce:
ComboFix 10-07-31.01 - Jitka 31.07.2010 23:29:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.277 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - WINDOWS: deleted 29176816 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jitka\Data aplikací\ibyqnm.exe
c:\documents and settings\Jitka\Data aplikací\tlxz.exe
C:\l4m3r.exe
C:\MediaTube_ver1.1573.0.exe
C:\StarCodec_ver1.5897.0.exe
c:\windows\1350.exe
c:\windows\37086.exe
c:\windows\435260.exe
c:\windows\system32\_000000_.tmp.dll
c:\windows\system32\_000001_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\vbzlib1.dll
c:\windows\Windows2.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-31 )))))))))))))))))))))))))))))))
.
2010-07-31 15:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 15:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 15:20 . 2010-07-31 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 15:04 . 2010-07-31 15:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-18 14:58 . 2010-07-18 14:58 -------- d-----w- c:\program files\EA GAMES
2010-07-14 09:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-04 13:45 . 2010-07-04 13:45 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 20:47 . 2008-05-17 22:23 -------- d-----w- c:\program files\Steam
2010-07-31 15:04 . 2009-07-07 12:24 -------- d-----w- c:\program files\free-downloads.net
2010-07-31 15:01 . 2009-10-05 07:02 -------- d-----w- c:\program files\QIP
2010-07-28 12:59 . 2008-05-17 21:21 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-07-28 12:53 . 2009-07-30 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-28 12:43 . 2009-07-30 17:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 20:49 . 2009-02-28 23:37 -------- d-----w- c:\program files\Opera
2010-06-24 13:47 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-06-24 13:47 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2008-05-17 15:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 15:55 . 2009-07-09 11:02 -------- d-----w- c:\program files\Valve
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Google Update"="c:\documents and settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 10:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman123\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [1.9.2008 14:28 17408]
S2 gupdate1ca49bdfba8f4f0;Služba Google Update (gupdate1ca49bdfba8f4f0);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 17:26 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [22.7.2009 20:53 26736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp --> c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [1.9.2008 14:28 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [1.9.2008 14:28 9856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 15:38 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14672&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://seznam.cz/
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
HKLM-Run-test - Windows2.exe
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-mIRC - c:\documents and settings\jitka\local settings\temp\pb1e9c\spoolvsf.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 23:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-448539723-484763869-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Celkový čas: 2010-07-31 23:49:24
ComboFix-quarantined-files.txt 2010-07-31 21:49
Před spuštěním: Volných bajtů: 18 701 361 152
Po spuštění: Volných bajtů: 18 800 058 368
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 8CA368C98DD61ABDEBFE5DFD7D457C58
ComboFix 10-07-31.01 - Jitka 31.07.2010 23:29:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.277 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - WINDOWS: deleted 29176816 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jitka\Data aplikací\ibyqnm.exe
c:\documents and settings\Jitka\Data aplikací\tlxz.exe
C:\l4m3r.exe
C:\MediaTube_ver1.1573.0.exe
C:\StarCodec_ver1.5897.0.exe
c:\windows\1350.exe
c:\windows\37086.exe
c:\windows\435260.exe
c:\windows\system32\_000000_.tmp.dll
c:\windows\system32\_000001_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\vbzlib1.dll
c:\windows\Windows2.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-31 )))))))))))))))))))))))))))))))
.
2010-07-31 15:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 15:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 15:20 . 2010-07-31 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 15:04 . 2010-07-31 15:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-18 14:58 . 2010-07-18 14:58 -------- d-----w- c:\program files\EA GAMES
2010-07-14 09:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-04 13:45 . 2010-07-04 13:45 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 20:47 . 2008-05-17 22:23 -------- d-----w- c:\program files\Steam
2010-07-31 15:04 . 2009-07-07 12:24 -------- d-----w- c:\program files\free-downloads.net
2010-07-31 15:01 . 2009-10-05 07:02 -------- d-----w- c:\program files\QIP
2010-07-28 12:59 . 2008-05-17 21:21 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-07-28 12:53 . 2009-07-30 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-28 12:43 . 2009-07-30 17:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 20:49 . 2009-02-28 23:37 -------- d-----w- c:\program files\Opera
2010-06-24 13:47 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-06-24 13:47 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2008-05-17 15:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 15:55 . 2009-07-09 11:02 -------- d-----w- c:\program files\Valve
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Google Update"="c:\documents and settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 10:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman123\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [1.9.2008 14:28 17408]
S2 gupdate1ca49bdfba8f4f0;Služba Google Update (gupdate1ca49bdfba8f4f0);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 17:26 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [22.7.2009 20:53 26736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp --> c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [1.9.2008 14:28 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [1.9.2008 14:28 9856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 15:38 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14672&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://seznam.cz/
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
HKLM-Run-test - Windows2.exe
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-mIRC - c:\documents and settings\jitka\local settings\temp\pb1e9c\spoolvsf.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 23:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-448539723-484763869-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Celkový čas: 2010-07-31 23:49:24
ComboFix-quarantined-files.txt 2010-07-31 21:49
Před spuštěním: Volných bajtů: 18 701 361 152
Po spuštění: Volných bajtů: 18 800 058 368
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 8CA368C98DD61ABDEBFE5DFD7D457C58
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
V logu CF je vidět, že nemáš aktualizovaný Nod, proto ho zkus aktualizovat ručně, před tím než bude dále postupovat.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna a vypni opět po dobu běhu ComboFixu rezidentní ochranu u anitiviru.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Jdi přes Start -> Spustit... a napiš/zkopíruj do okna tento příkaz označený modře
cmd /c Find /i /n "Adobe" "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Jlog.txt&Jlog.txt&del Jlog.txt
a dej Ok.
Vlož sem pak obsah souboru, který se ti zobrazí.
a jště pak tento příkaz a vlož sem výsledek:
cmd /c Find /i /n "Java" "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Jlog.txt&Jlog.txt&del Jlog.txt
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
FileLook::
c:\program files\Winamp\winamp.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
DDS::
uStart Page = hxxp://eu.ask.com?o=14672&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
Firefox::
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://seznam.cz/Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna a vypni opět po dobu běhu ComboFixu rezidentní ochranu u anitiviru.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Jdi přes Start -> Spustit... a napiš/zkopíruj do okna tento příkaz označený modře
cmd /c Find /i /n "Adobe" "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Jlog.txt&Jlog.txt&del Jlog.txt
a dej Ok.
Vlož sem pak obsah souboru, který se ti zobrazí.
a jště pak tento příkaz a vlož sem výsledek:
cmd /c Find /i /n "Java" "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Jlog.txt&Jlog.txt&del Jlog.txt
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosim o kontrolu logu
dneska uz to nestiham..prijedu za tyden.tak to udelam.jinak zatim dekuju za rady
Re: Prosim o kontrolu logu
1/2 -cele se to sem neveslo
ComboFix 10-08-20.01 - Jitka 21.08.2010 15:01:01.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.212 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jitka\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-21 do 2010-08-21 )))))))))))))))))))))))))))))))
.
2010-07-31 15:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 15:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 15:20 . 2010-07-31 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 15:04 . 2010-07-31 15:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 12:55 . 2008-05-17 22:23 -------- d-----w- c:\program files\Steam
2010-08-12 12:48 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:48 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 15:04 . 2009-07-07 12:24 -------- d-----w- c:\program files\free-downloads.net
2010-07-31 15:01 . 2009-10-05 07:02 -------- d-----w- c:\program files\QIP
2010-07-28 12:59 . 2008-05-17 21:21 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-07-28 12:53 . 2009-07-30 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-28 12:43 . 2009-07-30 17:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 14:58 . 2010-07-18 14:58 -------- d-----w- c:\program files\EA GAMES
2010-07-04 13:45 . 2010-07-04 13:45 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 20:49 . 2009-02-28 23:37 -------- d-----w- c:\program files\Opera
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-05-17 15:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\program files\Winamp\winamp.exe ---
Company: Nullsoft, Inc.
File Description: Winamp
File Version: 5,5,7,2830
Product Name: Winamp
Copyright: Copyright © 1997-2010, Nullsoft, Inc.
Original Filename: Winamp.exe
File size: 1552736
Created time: 2010-01-12 20:03
Modified time: 2010-01-12 20:03
MD5: 57C3C2E607488858CDBD26A3E168D9B5
SHA1: A60748761AAA6A68ADD9D0B948C55436005E07B5
((((((((((((((((((((((((((((( SnapShot@2010-07-31_21.41.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-21 12:53 . 2010-08-21 12:53 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
- 2006-03-02 12:00 . 2010-06-24 13:47 71138 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-08-12 12:48 71138 c:\windows\system32\perfc009.dat
- 2009-03-08 02:31 . 2010-05-06 10:35 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 02:31 . 2010-06-24 12:27 55296 c:\windows\system32\msfeedsbs.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-25 21:26 . 2010-06-24 12:27 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-25 21:26 . 2010-05-06 10:35 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-29 08:52 . 2010-06-24 12:27 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-07-29 08:52 . 2010-05-06 10:35 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:33 . 2010-05-06 10:35 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 02:33 . 2010-06-24 12:27 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 12:56 . 2010-08-12 12:56 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 12:52 . 2010-08-12 12:52 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 13:52 . 2010-08-12 13:52 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 13:46 . 2010-06-24 13:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-03-02 12:00 . 2010-08-12 12:48 440820 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-06-24 13:47 440820 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2010-06-24 12:27 206848 c:\windows\system32\occache.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 611840 c:\windows\system32\mstime.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 611840 c:\windows\system32\mstime.dll
- 2009-03-08 02:32 . 2010-05-06 10:35 599040 c:\windows\system32\msfeeds.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 599040 c:\windows\system32\msfeeds.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-02 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-02 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2008-05-17 17:27 . 2010-06-11 11:59 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-17 17:27 . 2010-08-12 18:04 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-21 06:45 . 2010-06-24 12:27 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:45 . 2010-05-06 10:35 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 12:27 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:57 . 2010-06-30 12:33 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-03-08 02:34 . 2010-06-24 12:27 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:34 . 2010-05-06 10:35 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:32 . 2010-05-06 10:35 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-07-29 08:52 . 2010-05-06 10:35 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-29 08:52 . 2010-06-24 12:27 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-25 21:26 . 2010-05-06 10:35 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-25 21:26 . 2010-06-24 12:27 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 02:31 . 2010-05-06 10:35 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 02:31 . 2010-06-24 12:27 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 07:29 . 2010-06-24 12:27 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 07:29 . 2010-05-06 10:35 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 12:09 . 2010-06-24 12:27 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 12:09 . 2010-05-06 10:35 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 02:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 02:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-12 12:33 . 2010-02-22 14:21 391032 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-12 12:33 . 2009-05-26 09:01 233848 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-12 12:32 . 2010-05-06 10:35 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-12 12:32 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 13:09 . 2010-08-12 13:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 13:08 . 2010-08-12 13:08 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-13 11:27 . 2010-08-13 11:27 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-12 13:58 . 2010-08-12 13:58 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-12 13:00 . 2010-08-12 13:00 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-12 13:53 . 2010-08-12 13:53 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 1210368 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
+ 2006-03-02 12:00 . 2010-04-28 18:15 2192128 c:\windows\system32\ntoskrnl.exe
- 2006-03-02 12:00 . 2010-02-17 12:09 2192128 c:\windows\system32\ntoskrnl.exe
+ 2004-08-17 15:45 . 2010-04-28 05:45 2068992 c:\windows\system32\ntkrnlpa.exe
- 2004-08-17 15:45 . 2010-02-16 19:09 2068992 c:\windows\system32\ntkrnlpa.exe
+ 2006-03-02 12:00 . 2010-06-24 12:27 5951488 c:\windows\system32\mshtml.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 1986560 c:\windows\system32\iertutil.dll
+ 2008-10-16 12:27 . 2010-06-24 09:02 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:14 . 2010-06-24 12:27 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 12:27 . 2010-04-28 18:15 2192128 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 12:27 . 2010-02-17 12:09 2192128 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:09 2068992 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2068992 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-13 13:08 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-13 13:08 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-21 06:45 . 2010-06-24 12:27 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 04:41 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 04:41 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-06-25 21:26 . 2010-06-24 12:27 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2008-10-16 12:27 . 2010-02-17 12:09 2192128 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 12:27 . 2010-04-28 18:15 2192128 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:09 2068992 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2068992 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-12 12:52 . 2010-08-12 12:52 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 12:52 . 2010-08-12 12:52 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 13:08 . 2010-08-12 13:08 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-13 11:27 . 2010-08-13 11:27 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-12 13:06 . 2010-08-12 13:06 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 13:06 . 2010-08-12 13:06 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 13:03 . 2010-08-12 13:03 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-12 13:03 . 2010-08-12 13:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 12:52 . 2010-08-12 12:52 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-05-17 18:00 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2010-06-24 15:57 11077120 c:\windows\system32\ieframe.dll
+ 2009-06-25 21:26 . 2010-06-24 15:57 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\b6e59.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\38216.msp
+ 2010-08-12 12:32 . 2010-05-06 10:35 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-08-12 13:07 . 2010-08-12 13:07 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-12 12:59 . 2010-08-12 12:59 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 12:55 . 2010-08-12 12:55 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 12:51 . 2010-08-12 12:51 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
ComboFix 10-08-20.01 - Jitka 21.08.2010 15:01:01.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.212 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jitka\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-21 do 2010-08-21 )))))))))))))))))))))))))))))))
.
2010-07-31 15:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 15:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 15:20 . 2010-07-31 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 15:04 . 2010-07-31 15:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 12:55 . 2008-05-17 22:23 -------- d-----w- c:\program files\Steam
2010-08-12 12:48 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:48 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 15:04 . 2009-07-07 12:24 -------- d-----w- c:\program files\free-downloads.net
2010-07-31 15:01 . 2009-10-05 07:02 -------- d-----w- c:\program files\QIP
2010-07-28 12:59 . 2008-05-17 21:21 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-07-28 12:53 . 2009-07-30 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-28 12:43 . 2009-07-30 17:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 14:58 . 2010-07-18 14:58 -------- d-----w- c:\program files\EA GAMES
2010-07-04 13:45 . 2010-07-04 13:45 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 20:49 . 2009-02-28 23:37 -------- d-----w- c:\program files\Opera
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-05-17 15:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\program files\Winamp\winamp.exe ---
Company: Nullsoft, Inc.
File Description: Winamp
File Version: 5,5,7,2830
Product Name: Winamp
Copyright: Copyright © 1997-2010, Nullsoft, Inc.
Original Filename: Winamp.exe
File size: 1552736
Created time: 2010-01-12 20:03
Modified time: 2010-01-12 20:03
MD5: 57C3C2E607488858CDBD26A3E168D9B5
SHA1: A60748761AAA6A68ADD9D0B948C55436005E07B5
((((((((((((((((((((((((((((( SnapShot@2010-07-31_21.41.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-21 12:53 . 2010-08-21 12:53 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
- 2006-03-02 12:00 . 2010-06-24 13:47 71138 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-08-12 12:48 71138 c:\windows\system32\perfc009.dat
- 2009-03-08 02:31 . 2010-05-06 10:35 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 02:31 . 2010-06-24 12:27 55296 c:\windows\system32\msfeedsbs.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-25 21:26 . 2010-06-24 12:27 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-25 21:26 . 2010-05-06 10:35 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-29 08:52 . 2010-06-24 12:27 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-07-29 08:52 . 2010-05-06 10:35 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:33 . 2010-05-06 10:35 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 02:33 . 2010-06-24 12:27 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 12:56 . 2010-08-12 12:56 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 12:52 . 2010-08-12 12:52 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 13:52 . 2010-08-12 13:52 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 13:46 . 2010-06-24 13:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-03-02 12:00 . 2010-08-12 12:48 440820 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-06-24 13:47 440820 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2010-06-24 12:27 206848 c:\windows\system32\occache.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 611840 c:\windows\system32\mstime.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 611840 c:\windows\system32\mstime.dll
- 2009-03-08 02:32 . 2010-05-06 10:35 599040 c:\windows\system32\msfeeds.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 599040 c:\windows\system32\msfeeds.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-02 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-02 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2008-05-17 17:27 . 2010-06-11 11:59 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-17 17:27 . 2010-08-12 18:04 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-21 06:45 . 2010-06-24 12:27 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:45 . 2010-05-06 10:35 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 12:27 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:57 . 2010-06-30 12:33 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-03-08 02:34 . 2010-06-24 12:27 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:34 . 2010-05-06 10:35 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:32 . 2010-05-06 10:35 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-07-29 08:52 . 2010-05-06 10:35 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-29 08:52 . 2010-06-24 12:27 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-25 21:26 . 2010-05-06 10:35 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-25 21:26 . 2010-06-24 12:27 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 02:31 . 2010-05-06 10:35 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 02:31 . 2010-06-24 12:27 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 07:29 . 2010-06-24 12:27 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 07:29 . 2010-05-06 10:35 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 12:09 . 2010-06-24 12:27 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 12:09 . 2010-05-06 10:35 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 02:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 02:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-12 12:33 . 2010-02-22 14:21 391032 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-12 12:33 . 2009-05-26 09:01 233848 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-12 12:32 . 2010-05-06 10:35 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-12 12:32 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 13:09 . 2010-08-12 13:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 13:08 . 2010-08-12 13:08 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-13 11:27 . 2010-08-13 11:27 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-12 13:58 . 2010-08-12 13:58 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-12 13:00 . 2010-08-12 13:00 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-12 13:53 . 2010-08-12 13:53 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 1210368 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
+ 2006-03-02 12:00 . 2010-04-28 18:15 2192128 c:\windows\system32\ntoskrnl.exe
- 2006-03-02 12:00 . 2010-02-17 12:09 2192128 c:\windows\system32\ntoskrnl.exe
+ 2004-08-17 15:45 . 2010-04-28 05:45 2068992 c:\windows\system32\ntkrnlpa.exe
- 2004-08-17 15:45 . 2010-02-16 19:09 2068992 c:\windows\system32\ntkrnlpa.exe
+ 2006-03-02 12:00 . 2010-06-24 12:27 5951488 c:\windows\system32\mshtml.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 1986560 c:\windows\system32\iertutil.dll
+ 2008-10-16 12:27 . 2010-06-24 09:02 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:14 . 2010-06-24 12:27 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 12:27 . 2010-04-28 18:15 2192128 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 12:27 . 2010-02-17 12:09 2192128 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:09 2068992 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2068992 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-13 13:08 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-13 13:08 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-21 06:45 . 2010-06-24 12:27 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 04:41 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 04:41 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-06-25 21:26 . 2010-06-24 12:27 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2008-10-16 12:27 . 2010-02-17 12:09 2192128 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 12:27 . 2010-04-28 18:15 2192128 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:09 2068992 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2068992 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-12 12:52 . 2010-08-12 12:52 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 12:52 . 2010-08-12 12:52 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 13:08 . 2010-08-12 13:08 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-13 11:27 . 2010-08-13 11:27 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-12 13:06 . 2010-08-12 13:06 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 13:06 . 2010-08-12 13:06 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 13:03 . 2010-08-12 13:03 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-12 13:03 . 2010-08-12 13:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 12:52 . 2010-08-12 12:52 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-05-17 18:00 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2010-06-24 15:57 11077120 c:\windows\system32\ieframe.dll
+ 2009-06-25 21:26 . 2010-06-24 15:57 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\b6e59.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\38216.msp
+ 2010-08-12 12:32 . 2010-05-06 10:35 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-08-12 13:07 . 2010-08-12 13:07 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-12 12:59 . 2010-08-12 12:59 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 12:55 . 2010-08-12 12:55 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 12:51 . 2010-08-12 12:51 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
Re: Prosim o kontrolu logu
2/2
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Google Update"="c:\documents and settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\documents and settings\Jitka\Data aplikací\djjqs.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 10:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"Firewalboverride"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman123\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [1.9.2008 14:28 17408]
S2 gupdate1ca49bdfba8f4f0;Služba Google Update (gupdate1ca49bdfba8f4f0);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 17:26 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [22.7.2009 20:53 26736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp --> c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [1.9.2008 14:28 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [1.9.2008 14:28 9856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 15:38 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 15:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-448539723-484763869-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\TGTSoft\StyleXP\TGT_BHO.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2010-08-21 15:27:50
ComboFix-quarantined-files.txt 2010-08-21 13:27
ComboFix2.txt 2010-07-31 21:49
Před spuštěním: Volných bajtů: 18 238 812 160
Po spuštění: Volných bajtů: 18 300 633 088
- - End Of File - - 9F14BE07914999EAFC9761667F69B3D6
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Google Update"="c:\documents and settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\documents and settings\Jitka\Data aplikací\djjqs.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 10:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"Firewalboverride"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman123\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [1.9.2008 14:28 17408]
S2 gupdate1ca49bdfba8f4f0;Služba Google Update (gupdate1ca49bdfba8f4f0);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 17:26 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [22.7.2009 20:53 26736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp --> c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [1.9.2008 14:28 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [1.9.2008 14:28 9856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 15:38 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 15:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-448539723-484763869-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\TGTSoft\StyleXP\TGT_BHO.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2010-08-21 15:27:50
ComboFix-quarantined-files.txt 2010-08-21 13:27
ComboFix2.txt 2010-07-31 21:49
Před spuštěním: Volných bajtů: 18 238 812 160
Po spuštění: Volných bajtů: 18 300 633 088
- - End Of File - - 9F14BE07914999EAFC9761667F69B3D6
Re: Prosim o kontrolu logu
---------- C:\QOOBOX\ADD-REMOVE PROGRAMS.TXT
[3]Adobe Flash Player 10 ActiveX
[4]Adobe Flash Player 10 Plugin
[5]Adobe Reader 9.3.4 - Czech
*******************************************
---------- C:\QOOBOX\ADD-REMOVE PROGRAMS.TXT
[156]Java(TM) 6 Update 15
[3]Adobe Flash Player 10 ActiveX
[4]Adobe Flash Player 10 Plugin
[5]Adobe Reader 9.3.4 - Czech
*******************************************
---------- C:\QOOBOX\ADD-REMOVE PROGRAMS.TXT
[156]Java(TM) 6 Update 15
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Z logu se ti úplně vytratil antivir, tak si ho tam doinstaluj.
Objevila se ti tam část červa co se šíří přes výměnná zařízení, tak pokud jsi měl k tomu PC připojený nějaký externí disk, flešku, tak si ji nachystej.
Zatím si stáhni:
Flash Disinfector (by sUBs)
AVPTool
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
regedit /e "C:\RegLog.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
a dej Ok.
- na disku C se ti objeví soubor RegLog.txt tak sem vlož jeho obsah. Zajímá mě jen ta část co bude hned na začátku přímo pod klíčem (včetně všech values které k němu patří)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
zbytek logu sem nemusíš vkládat.
Po vložení logu, ti napíši další postup.
Objevila se ti tam část červa co se šíří přes výměnná zařízení, tak pokud jsi měl k tomu PC připojený nějaký externí disk, flešku, tak si ji nachystej.
Zatím si stáhni:
Flash Disinfector (by sUBs)
AVPTool
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
regedit /e "C:\RegLog.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
a dej Ok.
- na disku C se ti objeví soubor RegLog.txt tak sem vlož jeho obsah. Zajímá mě jen ta část co bude hned na začátku přímo pod klíčem (včetně všech values které k němu patří)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
zbytek logu sem nemusíš vkládat.
Po vložení logu, ti napíši další postup.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 116 hostů