Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:17:52, on 27.4.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\IVA~1\LOCALS~1\Temp\mexe.com
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/r ... key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1137292057-2898072761-59917179-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Bels')
O4 - HKUS\S-1-5-21-1137292057-2898072761-59917179-1005\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe (User 'Bels')
O4 - HKUS\S-1-5-21-1137292057-2898072761-59917179-1005\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 (User 'Bels')
O4 - HKUS\S-1-5-21-1137292057-2898072761-59917179-1005\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Bels')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1137292057-2898072761-59917179-1005 Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe (User 'Bels')
O4 - S-1-5-21-1137292057-2898072761-59917179-1005 User Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe (User 'Bels')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 6544 bytes
prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado Vyřešeno
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
Nevidím žádný antivir 
V HJT fixni:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
V HJT fixni:
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/r ... key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-21-1137292057-2898072761-59917179-1005\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe (User 'Bels')
O4 - S-1-5-21-1137292057-2898072761-59917179-1005 Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe (User 'Bels')
O4 - S-1-5-21-1137292057-2898072761-59917179-1005 User Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe (User 'Bels')
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTARTStáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:28:38, on 27.4.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 4152 bytes
ATF probehl.... vzcisteno
Na ten vir jsem prisel tak, ze jsem si cvicne spustil program MWAV.
Nemuzu na stranky antiviru, microsoftu, nainstalovat FREE AVG, upgradovat SUPERANTISPYWARE...
Ted jsem pouzil strasi verzi Malwarebytes' Anti-Malware.
Log vlozim za chvili.... zatim diky
Scan saved at 20:28:38, on 27.4.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 4152 bytes
ATF probehl.... vzcisteno
Na ten vir jsem prisel tak, ze jsem si cvicne spustil program MWAV.
Nemuzu na stranky antiviru, microsoftu, nainstalovat FREE AVG, upgradovat SUPERANTISPYWARE...
Ted jsem pouzil strasi verzi Malwarebytes' Anti-Malware.
Log vlozim za chvili.... zatim diky
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 6218
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.4.2011 20:40:37
mbam-log-2011-04-27 (20-40-37).txt
Typ skenu: Rychlý sken
Skenované objekty: 177382
Uplynulý čas: 6 minuta(y), 3 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 2
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{72637363-7069-7374-652e-336d65747300} (Worm.Kongrid) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Backdoor.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\cscripts.exe (Worm.Kongrid) -> No action taken.
C:\WINDOWS\system32\rrsdnoem.dll (Worm.Conficker) -> No action taken.
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\wibrf.jpg (Malware.Trace) -> No action taken.
C:\WINDOWS\wiybr.png (Malware.Trace) -> No action taken.
www.malwarebytes.org
Verze databáze: 6218
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.4.2011 20:40:37
mbam-log-2011-04-27 (20-40-37).txt
Typ skenu: Rychlý sken
Skenované objekty: 177382
Uplynulý čas: 6 minuta(y), 3 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 2
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{72637363-7069-7374-652e-336d65747300} (Worm.Kongrid) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Backdoor.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\cscripts.exe (Worm.Kongrid) -> No action taken.
C:\WINDOWS\system32\rrsdnoem.dll (Worm.Conficker) -> No action taken.
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\wibrf.jpg (Malware.Trace) -> No action taken.
C:\WINDOWS\wiybr.png (Malware.Trace) -> No action taken.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 6218
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.4.2011 21:11:21
mbam-log-2011-04-27 (21-11-21).txt
Typ skenu: Rychlý sken
Skenované objekty: 177382
Uplynulý čas: 6 minuta(y), 3 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 2
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{72637363-7069-7374-652e-336d65747300} (Worm.Kongrid) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Backdoor.Agent) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\cscripts.exe (Worm.Kongrid) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrsdnoem.dll (Worm.Conficker) -> Quarantined and deleted successfully.
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wibrf.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wiybr.png (Malware.Trace) -> Quarantined and deleted successfully.
ComboFix 11-03-29.06 - Administrator 27.04.2011 21:19:26.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1022.731 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\windows\ndl.dl
c:\windows\regedit.com
c:\windows\system32\rrsdnoem.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_kouqnv
-------\Legacy_nwtgmcw
-------\Legacy_ohqbxdycp
-------\Legacy_qqilye
-------\Legacy_sjxdngg
-------\Legacy_xgmhnw
-------\Service_gehwx
-------\Service_kouqnv
-------\Service_nwtgmcw
-------\Service_ohqbxdycp
-------\Service_qqilye
-------\Service_sjxdngg
-------\Service_xgmhnw
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-27 do 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 18:25 . 2011-04-27 18:25 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 18:15 . 2011-04-27 18:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-27 18:13 . 2011-04-27 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-27 17:17 . 2011-04-27 17:17 388096 ----a-r- c:\documents and settings\Ivča\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 17:17 . 2011-04-27 17:17 -------- d-----w- c:\program files\TrendMicro
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\zts2.exe
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\systems.txt
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\rundll16.exe
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\rundl132.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\logo1_.exe
2011-04-27 17:06 . 2011-04-27 17:06 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 17:06 . 2011-04-27 17:06 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 17:06 . 2011-04-27 17:06 28672 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 17:06 . 2004-08-10 14:00 146432 ----a-w- c:\windows\R.COM
2011-04-27 17:06 . 2004-08-10 14:00 135680 ----a-w- c:\windows\system32\T.COM
2011-04-27 17:06 . 2011-04-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-04-27 17:01 . 2011-04-27 17:01 -------- d-----w- c:\program files\CCleaner
2011-04-27 16:22 . 2011-04-27 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-27 16:22 . 2011-01-17 20:01 4622344 ----a-w- c:\temp\avg_free_stb_eu_2011_1191_free.exe
2011-04-27 16:11 . 2011-04-27 16:11 -------- d-----w- c:\documents and settings\Ivča\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\Bels\Application Data\SUPERAntiSpyware.com
2011-04-27 14:56 . 2011-04-27 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-15 20:41 . 2011-04-15 20:41 1409 ----a-w- c:\windows\QTFont.for
2011-04-12 14:48 . 2011-04-12 14:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"nwiz"="nwiz.exe" [2006-10-06 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-06 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\Bels\Start Menu\Programs\Startup\
Registration Driver Parallel Lines.LNK - c:\program files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Bels\\My Documents\\Stažené soubory\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6443:TCP"= 6443:TCP:lxmpsuo
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
S2 gehwx;System Driver;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2011 14:32 135664]
S2 kouqnv;Network Server;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 nwtgmcw;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 ohqbxdycp;Task Update;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 qqilye;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 sjxdngg;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 xgmhnw;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sjxdngg
ohqbxdycp
xgmhnw
qqilye
kouqnv
nwtgmcw
gehwx
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-27 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2009-12-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2011-04-27 c:\windows\Tasks\Setup My PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cean2ps7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 21:23
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gehwx]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kouqnv]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwtgmcw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohqbxdycp]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-04-27 21:24:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-27 19:24
.
Před spuštěním: 224 543 514 624 bytes free
Po spuštění: 226 334 302 208 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CD358E6345E97F58A016FD808A84DC89
www.malwarebytes.org
Verze databáze: 6218
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
27.4.2011 21:11:21
mbam-log-2011-04-27 (21-11-21).txt
Typ skenu: Rychlý sken
Skenované objekty: 177382
Uplynulý čas: 6 minuta(y), 3 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 2
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{72637363-7069-7374-652e-336d65747300} (Worm.Kongrid) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Backdoor.Agent) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\cscripts.exe (Worm.Kongrid) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrsdnoem.dll (Worm.Conficker) -> Quarantined and deleted successfully.
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wibrf.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wiybr.png (Malware.Trace) -> Quarantined and deleted successfully.
ComboFix 11-03-29.06 - Administrator 27.04.2011 21:19:26.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1022.731 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\windows\ndl.dl
c:\windows\regedit.com
c:\windows\system32\rrsdnoem.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_kouqnv
-------\Legacy_nwtgmcw
-------\Legacy_ohqbxdycp
-------\Legacy_qqilye
-------\Legacy_sjxdngg
-------\Legacy_xgmhnw
-------\Service_gehwx
-------\Service_kouqnv
-------\Service_nwtgmcw
-------\Service_ohqbxdycp
-------\Service_qqilye
-------\Service_sjxdngg
-------\Service_xgmhnw
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-27 do 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 18:25 . 2011-04-27 18:25 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 18:15 . 2011-04-27 18:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-27 18:13 . 2011-04-27 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-27 17:17 . 2011-04-27 17:17 388096 ----a-r- c:\documents and settings\Ivča\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 17:17 . 2011-04-27 17:17 -------- d-----w- c:\program files\TrendMicro
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\zts2.exe
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\systems.txt
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\rundll16.exe
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\rundl132.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\logo1_.exe
2011-04-27 17:06 . 2011-04-27 17:06 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 17:06 . 2011-04-27 17:06 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 17:06 . 2011-04-27 17:06 28672 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 17:06 . 2004-08-10 14:00 146432 ----a-w- c:\windows\R.COM
2011-04-27 17:06 . 2004-08-10 14:00 135680 ----a-w- c:\windows\system32\T.COM
2011-04-27 17:06 . 2011-04-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-04-27 17:01 . 2011-04-27 17:01 -------- d-----w- c:\program files\CCleaner
2011-04-27 16:22 . 2011-04-27 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-27 16:22 . 2011-01-17 20:01 4622344 ----a-w- c:\temp\avg_free_stb_eu_2011_1191_free.exe
2011-04-27 16:11 . 2011-04-27 16:11 -------- d-----w- c:\documents and settings\Ivča\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\Bels\Application Data\SUPERAntiSpyware.com
2011-04-27 14:56 . 2011-04-27 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-15 20:41 . 2011-04-15 20:41 1409 ----a-w- c:\windows\QTFont.for
2011-04-12 14:48 . 2011-04-12 14:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"nwiz"="nwiz.exe" [2006-10-06 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-06 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\Bels\Start Menu\Programs\Startup\
Registration Driver Parallel Lines.LNK - c:\program files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Bels\\My Documents\\Stažené soubory\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6443:TCP"= 6443:TCP:lxmpsuo
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
S2 gehwx;System Driver;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2011 14:32 135664]
S2 kouqnv;Network Server;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 nwtgmcw;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 ohqbxdycp;Task Update;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 qqilye;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 sjxdngg;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 xgmhnw;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sjxdngg
ohqbxdycp
xgmhnw
qqilye
kouqnv
nwtgmcw
gehwx
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-27 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2009-12-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2011-04-27 c:\windows\Tasks\Setup My PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cean2ps7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 21:23
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gehwx]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kouqnv]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwtgmcw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohqbxdycp]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-04-27 21:24:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-27 19:24
.
Před spuštěním: 224 543 514 624 bytes free
Po spuštění: 226 334 302 208 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CD358E6345E97F58A016FD808A84DC89
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Folder::
c:\windows\system32\systems.txt
c:\windows\zts2.exe
c:\windows\system32\iifgfgf.dll
c:\windows\rundll16.exe
c:\windows\rundl132.dll
c:\documents and settings\LocalService\Application Data\Symantec
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6443:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gehwx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kouqnv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwtgmcw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohqbxdycp]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
Driver::
lxmpsuo
gehwx
kouqnv
nwtgmcw
ohqbxdycp
qqilye
sjxdngg
xgmhnw
NetSvcs::
sjxdngg
ohqbxdycp
xgmhnw
qqilye
kouqnv
nwtgmcw
gehwx
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\system32\rrsdnoem.dll
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
ComboFix 11-03-29.06 - Administrator 27.04.2011 21:56:47.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1022.732 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\Symantec
c:\documents and settings\LocalService\Application Data\Symantec\Shared\MyProfile.UserProfile
c:\windows\rundl132.dll
c:\windows\rundll16.exe
c:\windows\system32\iifgfgf.dll
c:\windows\system32\systems.txt
c:\windows\zts2.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-27 do 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 18:25 . 2011-04-27 18:25 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 18:15 . 2011-04-27 18:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-27 18:13 . 2011-04-27 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-27 17:17 . 2011-04-27 17:17 388096 ----a-r- c:\documents and settings\Ivča\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 17:17 . 2011-04-27 17:17 -------- d-----w- c:\program files\TrendMicro
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\logo1_.exe
2011-04-27 17:06 . 2011-04-27 17:06 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 17:06 . 2011-04-27 17:06 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 17:06 . 2011-04-27 17:06 28672 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 17:06 . 2004-08-10 14:00 146432 ----a-w- c:\windows\R.COM
2011-04-27 17:06 . 2004-08-10 14:00 135680 ----a-w- c:\windows\system32\T.COM
2011-04-27 17:06 . 2011-04-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-04-27 17:01 . 2011-04-27 17:01 -------- d-----w- c:\program files\CCleaner
2011-04-27 16:22 . 2011-04-27 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-27 16:22 . 2011-01-17 20:01 4622344 ----a-w- c:\temp\avg_free_stb_eu_2011_1191_free.exe
2011-04-27 16:11 . 2011-04-27 16:11 -------- d-----w- c:\documents and settings\Ivča\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\Bels\Application Data\SUPERAntiSpyware.com
2011-04-27 14:56 . 2011-04-27 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-15 20:41 . 2011-04-15 20:41 1409 ----a-w- c:\windows\QTFont.for
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-27_19.23.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 17:24 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2011-04-27 19:51 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"nwiz"="nwiz.exe" [2006-10-06 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-06 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\Bels\Start Menu\Programs\Startup\
Registration Driver Parallel Lines.LNK - c:\program files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Bels\\My Documents\\Stažené soubory\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
S2 gehwx;System Driver;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2011 14:32 135664]
S2 kouqnv;Network Server;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 nwtgmcw;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 ohqbxdycp;Task Update;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 qqilye;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 sjxdngg;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 xgmhnw;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sjxdngg
ohqbxdycp
xgmhnw
qqilye
kouqnv
nwtgmcw
gehwx
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-27 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2009-12-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2011-04-27 c:\windows\Tasks\Setup My PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cean2ps7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 22:01
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gehwx]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kouqnv]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwtgmcw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohqbxdycp]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(2212)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2011-04-27 22:03:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-27 20:03
ComboFix2.txt 2011-04-27 19:24
.
Před spuštěním: 226 306 940 928 bytes free
Po spuštění: Volných bajtů: 226 258 714 624
.
- - End Of File - - 2837E65D87D73A8539E1E88FAA791A9F
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1022.732 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\Symantec
c:\documents and settings\LocalService\Application Data\Symantec\Shared\MyProfile.UserProfile
c:\windows\rundl132.dll
c:\windows\rundll16.exe
c:\windows\system32\iifgfgf.dll
c:\windows\system32\systems.txt
c:\windows\zts2.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-27 do 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 18:25 . 2011-04-27 18:25 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 18:15 . 2011-04-27 18:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-27 18:13 . 2011-04-27 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-27 17:17 . 2011-04-27 17:17 388096 ----a-r- c:\documents and settings\Ivča\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 17:17 . 2011-04-27 17:17 -------- d-----w- c:\program files\TrendMicro
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\logo1_.exe
2011-04-27 17:06 . 2011-04-27 17:06 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 17:06 . 2011-04-27 17:06 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 17:06 . 2011-04-27 17:06 28672 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 17:06 . 2004-08-10 14:00 146432 ----a-w- c:\windows\R.COM
2011-04-27 17:06 . 2004-08-10 14:00 135680 ----a-w- c:\windows\system32\T.COM
2011-04-27 17:06 . 2011-04-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-04-27 17:01 . 2011-04-27 17:01 -------- d-----w- c:\program files\CCleaner
2011-04-27 16:22 . 2011-04-27 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-27 16:22 . 2011-01-17 20:01 4622344 ----a-w- c:\temp\avg_free_stb_eu_2011_1191_free.exe
2011-04-27 16:11 . 2011-04-27 16:11 -------- d-----w- c:\documents and settings\Ivča\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\Bels\Application Data\SUPERAntiSpyware.com
2011-04-27 14:56 . 2011-04-27 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-15 20:41 . 2011-04-15 20:41 1409 ----a-w- c:\windows\QTFont.for
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-27_19.23.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 17:24 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2011-04-27 19:51 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"nwiz"="nwiz.exe" [2006-10-06 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-06 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\Bels\Start Menu\Programs\Startup\
Registration Driver Parallel Lines.LNK - c:\program files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Bels\\My Documents\\Stažené soubory\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
S2 gehwx;System Driver;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2011 14:32 135664]
S2 kouqnv;Network Server;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 nwtgmcw;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 ohqbxdycp;Task Update;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 qqilye;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 sjxdngg;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 xgmhnw;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sjxdngg
ohqbxdycp
xgmhnw
qqilye
kouqnv
nwtgmcw
gehwx
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-27 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 12:32]
.
2011-04-27 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2009-12-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2011-04-27 c:\windows\Tasks\Setup My PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cean2ps7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 22:01
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gehwx]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kouqnv]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwtgmcw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohqbxdycp]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(2212)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2011-04-27 22:03:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-27 20:03
ComboFix2.txt 2011-04-27 19:24
.
Před spuštěním: 226 306 940 928 bytes free
Po spuštění: Volných bajtů: 226 258 714 624
.
- - End Of File - - 2837E65D87D73A8539E1E88FAA791A9F
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
pak:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
pak:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Collect::
c:\windows\system32\rrsdnoem.dll
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Driver::
gehwx
kouqnv
nwtgmcw
ohqbxdycp
qqilye
sjxdngg
xgmhnw
NetSvcs::
sjxdngg
ohqbxdycp
xgmhnw
qqilye
kouqnv
nwtgmcw
gehwx
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gehwx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kouqnv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwtgmcw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohqbxdycp]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
DDS::
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
FixCSet:: Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
zdravim, vypada to OK, dikz moc.....
2011/03/31 17:36:20.0028 3200 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 17:36:20.0653 3200 ================================================================================
2011/03/31 17:36:20.0653 3200 SystemInfo:
2011/03/31 17:36:20.0653 3200
2011/03/31 17:36:20.0653 3200 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/31 17:36:20.0653 3200 Product type: Workstation
2011/03/31 17:36:20.0653 3200 ComputerName: 124424660319
2011/03/31 17:36:20.0653 3200 UserName: Administrator
2011/03/31 17:36:20.0653 3200 Windows directory: C:\WINDOWS
2011/03/31 17:36:20.0653 3200 System windows directory: C:\WINDOWS
2011/03/31 17:36:20.0653 3200 Processor architecture: Intel x86
2011/03/31 17:36:20.0653 3200 Number of processors: 2
2011/03/31 17:36:20.0653 3200 Page size: 0x1000
2011/03/31 17:36:20.0653 3200 Boot type: Normal boot
2011/03/31 17:36:20.0653 3200 ================================================================================
2011/03/31 17:36:21.0137 3200 Initialize success
2011/03/31 17:36:59.0012 1764 ================================================================================
2011/03/31 17:36:59.0012 1764 Scan started
2011/03/31 17:36:59.0012 1764 Mode: Manual;
2011/03/31 17:36:59.0012 1764 ================================================================================
2011/03/31 17:37:02.0497 1764 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/31 17:37:03.0419 1764 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/31 17:37:04.0153 1764 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/31 17:37:04.0809 1764 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/31 17:37:05.0950 1764 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/31 17:37:06.0856 1764 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/31 17:37:07.0512 1764 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/31 17:37:08.0575 1764 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/31 17:37:09.0419 1764 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/31 17:37:10.0153 1764 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/31 17:37:11.0528 1764 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/31 17:37:12.0497 1764 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/31 17:37:12.0981 1764 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/31 17:37:13.0216 1764 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/31 17:37:13.0606 1764 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/31 17:37:14.0184 1764 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/31 17:37:14.0481 1764 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/31 17:37:14.0841 1764 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/31 17:37:15.0200 1764 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/31 17:37:15.0747 1764 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/31 17:37:16.0591 1764 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/31 17:37:17.0997 1764 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/31 17:37:18.0325 1764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/31 17:37:18.0716 1764 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/31 17:37:19.0044 1764 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/03/31 17:37:19.0216 1764 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/31 17:37:19.0341 1764 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/03/31 17:37:19.0403 1764 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/03/31 17:37:20.0278 1764 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/03/31 17:37:20.0747 1764 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/03/31 17:37:20.0825 1764 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/03/31 17:37:21.0403 1764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/31 17:37:21.0997 1764 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/31 17:37:22.0559 1764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/31 17:37:22.0841 1764 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/31 17:37:23.0184 1764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/31 17:37:23.0262 1764 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/31 17:37:23.0669 1764 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/31 17:37:24.0716 1764 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/31 17:37:24.0919 1764 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/31 17:37:25.0653 1764 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/31 17:37:26.0028 1764 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/31 17:37:26.0575 1764 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/31 17:37:27.0216 1764 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/31 17:37:27.0637 1764 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/31 17:37:27.0887 1764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/31 17:37:28.0231 1764 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/31 17:37:28.0653 1764 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/31 17:37:29.0200 1764 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/31 17:37:29.0731 1764 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/31 17:37:30.0075 1764 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/31 17:37:30.0809 1764 FETND5BV (fc3b2083e1fffc2bf6a3cd688dc728c8) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/03/31 17:37:31.0247 1764 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/31 17:37:31.0669 1764 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/31 17:37:32.0169 1764 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/31 17:37:32.0669 1764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/31 17:37:32.0856 1764 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/31 17:37:32.0887 1764 Suspicious service (NoAccess): gehwx
2011/03/31 17:37:32.0934 1764 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/31 17:37:33.0153 1764 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/31 17:37:33.0997 1764 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/31 17:37:34.0653 1764 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/31 17:37:35.0356 1764 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/31 17:37:35.0637 1764 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/31 17:37:36.0028 1764 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/31 17:37:36.0575 1764 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/31 17:37:36.0997 1764 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/31 17:37:37.0325 1764 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/31 17:37:37.0903 1764 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/31 17:37:39.0887 1764 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/31 17:37:40.0450 1764 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/31 17:37:41.0028 1764 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/31 17:37:41.0262 1764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/31 17:37:41.0559 1764 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/31 17:37:42.0294 1764 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/31 17:37:42.0528 1764 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/31 17:37:42.0778 1764 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/31 17:37:43.0200 1764 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/31 17:37:43.0669 1764 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/31 17:37:43.0919 1764 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/31 17:37:44.0122 1764 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/31 17:37:44.0137 1764 Suspicious service (NoAccess): kouqnv
2011/03/31 17:37:44.0419 1764 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/31 17:37:44.0903 1764 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/31 17:37:45.0044 1764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/31 17:37:45.0372 1764 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/31 17:37:45.0637 1764 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/31 17:37:45.0997 1764 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/31 17:37:46.0497 1764 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/31 17:37:46.0778 1764 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/31 17:37:47.0106 1764 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/31 17:37:47.0794 1764 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/31 17:37:48.0044 1764 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/31 17:37:48.0372 1764 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/31 17:37:48.0716 1764 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/31 17:37:49.0294 1764 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/31 17:37:49.0591 1764 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/31 17:37:49.0919 1764 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/31 17:37:50.0247 1764 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/31 17:37:50.0544 1764 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/31 17:37:50.0841 1764 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/31 17:37:51.0137 1764 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/31 17:37:51.0856 1764 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/31 17:37:52.0153 1764 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/31 17:37:52.0528 1764 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/31 17:37:52.0997 1764 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/31 17:37:53.0325 1764 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/31 17:37:53.0622 1764 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/31 17:37:54.0200 1764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/31 17:37:54.0872 1764 nv (76183cc0922fb23a679e96ea8f59ddb3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/31 17:37:56.0528 1764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/31 17:37:56.0934 1764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/31 17:37:56.0981 1764 Suspicious service (NoAccess): nwtgmcw
2011/03/31 17:37:57.0481 1764 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/31 17:37:57.0512 1764 Suspicious service (NoAccess): ohqbxdycp
2011/03/31 17:37:57.0825 1764 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/31 17:37:58.0122 1764 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/31 17:37:58.0528 1764 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/31 17:37:58.0669 1764 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/31 17:37:59.0356 1764 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/31 17:37:59.0919 1764 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/31 17:38:00.0778 1764 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/31 17:38:01.0356 1764 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/31 17:38:01.0841 1764 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/31 17:38:02.0122 1764 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/31 17:38:02.0497 1764 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/03/31 17:38:02.0903 1764 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/03/31 17:38:03.0481 1764 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
2011/03/31 17:38:03.0903 1764 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/31 17:38:04.0184 1764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/31 17:38:04.0950 1764 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/31 17:38:05.0497 1764 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/31 17:38:06.0137 1764 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/31 17:38:06.0356 1764 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/31 17:38:06.0419 1764 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/31 17:38:06.0809 1764 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/31 17:38:06.0825 1764 Suspicious service (NoAccess): qqilye
2011/03/31 17:38:07.0341 1764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/31 17:38:07.0497 1764 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/31 17:38:07.0559 1764 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/31 17:38:07.0606 1764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/31 17:38:07.0653 1764 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/31 17:38:07.0981 1764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/31 17:38:08.0262 1764 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/31 17:38:08.0528 1764 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/31 17:38:08.0591 1764 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/31 17:38:08.0997 1764 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/31 17:38:09.0075 1764 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/03/31 17:38:09.0153 1764 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/31 17:38:09.0512 1764 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/31 17:38:10.0059 1764 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/31 17:38:10.0278 1764 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/03/31 17:38:10.0747 1764 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/31 17:38:10.0950 1764 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/31 17:38:10.0966 1764 Suspicious service (NoAccess): sjxdngg
2011/03/31 17:38:11.0169 1764 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/31 17:38:11.0262 1764 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/31 17:38:11.0450 1764 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/31 17:38:11.0778 1764 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/31 17:38:12.0012 1764 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/31 17:38:12.0075 1764 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/31 17:38:12.0341 1764 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/31 17:38:12.0466 1764 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/31 17:38:12.0544 1764 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/31 17:38:12.0606 1764 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/31 17:38:12.0872 1764 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/31 17:38:13.0278 1764 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/31 17:38:13.0419 1764 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/31 17:38:13.0637 1764 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/31 17:38:13.0731 1764 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/31 17:38:14.0012 1764 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/31 17:38:14.0294 1764 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/31 17:38:14.0606 1764 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/31 17:38:14.0825 1764 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/31 17:38:15.0091 1764 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/31 17:38:15.0341 1764 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/31 17:38:15.0575 1764 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/31 17:38:15.0825 1764 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/31 17:38:16.0075 1764 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/31 17:38:16.0419 1764 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/31 17:38:16.0653 1764 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/31 17:38:16.0887 1764 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/31 17:38:17.0059 1764 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/31 17:38:17.0247 1764 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2011/03/31 17:38:17.0512 1764 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2011/03/31 17:38:17.0841 1764 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/31 17:38:17.0997 1764 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/31 17:38:18.0434 1764 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/31 17:38:18.0966 1764 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/31 17:38:19.0075 1764 Suspicious service (NoAccess): xgmhnw
2011/03/31 17:38:19.0278 1764 ================================================================================
2011/03/31 17:38:19.0278 1764 Scan finished
2011/03/31 17:38:19.0278 1764 ================================================================================
2011/03/31 17:38:49.0231 2604 Deinitialize success
2011/03/31 17:36:20.0028 3200 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 17:36:20.0653 3200 ================================================================================
2011/03/31 17:36:20.0653 3200 SystemInfo:
2011/03/31 17:36:20.0653 3200
2011/03/31 17:36:20.0653 3200 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/31 17:36:20.0653 3200 Product type: Workstation
2011/03/31 17:36:20.0653 3200 ComputerName: 124424660319
2011/03/31 17:36:20.0653 3200 UserName: Administrator
2011/03/31 17:36:20.0653 3200 Windows directory: C:\WINDOWS
2011/03/31 17:36:20.0653 3200 System windows directory: C:\WINDOWS
2011/03/31 17:36:20.0653 3200 Processor architecture: Intel x86
2011/03/31 17:36:20.0653 3200 Number of processors: 2
2011/03/31 17:36:20.0653 3200 Page size: 0x1000
2011/03/31 17:36:20.0653 3200 Boot type: Normal boot
2011/03/31 17:36:20.0653 3200 ================================================================================
2011/03/31 17:36:21.0137 3200 Initialize success
2011/03/31 17:36:59.0012 1764 ================================================================================
2011/03/31 17:36:59.0012 1764 Scan started
2011/03/31 17:36:59.0012 1764 Mode: Manual;
2011/03/31 17:36:59.0012 1764 ================================================================================
2011/03/31 17:37:02.0497 1764 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/31 17:37:03.0419 1764 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/31 17:37:04.0153 1764 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/31 17:37:04.0809 1764 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/31 17:37:05.0950 1764 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/31 17:37:06.0856 1764 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/31 17:37:07.0512 1764 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/31 17:37:08.0575 1764 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/31 17:37:09.0419 1764 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/31 17:37:10.0153 1764 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/31 17:37:11.0528 1764 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/31 17:37:12.0497 1764 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/31 17:37:12.0981 1764 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/31 17:37:13.0216 1764 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/31 17:37:13.0606 1764 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/31 17:37:14.0184 1764 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/31 17:37:14.0481 1764 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/31 17:37:14.0841 1764 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/31 17:37:15.0200 1764 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/31 17:37:15.0747 1764 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/31 17:37:16.0591 1764 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/31 17:37:17.0997 1764 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/31 17:37:18.0325 1764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/31 17:37:18.0716 1764 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/31 17:37:19.0044 1764 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/03/31 17:37:19.0216 1764 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/31 17:37:19.0341 1764 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/03/31 17:37:19.0403 1764 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/03/31 17:37:20.0278 1764 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/03/31 17:37:20.0747 1764 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/03/31 17:37:20.0825 1764 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/03/31 17:37:21.0403 1764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/31 17:37:21.0997 1764 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/31 17:37:22.0559 1764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/31 17:37:22.0841 1764 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/31 17:37:23.0184 1764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/31 17:37:23.0262 1764 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/31 17:37:23.0669 1764 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/31 17:37:24.0716 1764 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/31 17:37:24.0919 1764 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/31 17:37:25.0653 1764 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/31 17:37:26.0028 1764 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/31 17:37:26.0575 1764 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/31 17:37:27.0216 1764 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/31 17:37:27.0637 1764 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/31 17:37:27.0887 1764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/31 17:37:28.0231 1764 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/31 17:37:28.0653 1764 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/31 17:37:29.0200 1764 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/31 17:37:29.0731 1764 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/31 17:37:30.0075 1764 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/31 17:37:30.0809 1764 FETND5BV (fc3b2083e1fffc2bf6a3cd688dc728c8) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/03/31 17:37:31.0247 1764 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/31 17:37:31.0669 1764 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/31 17:37:32.0169 1764 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/31 17:37:32.0669 1764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/31 17:37:32.0856 1764 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/31 17:37:32.0887 1764 Suspicious service (NoAccess): gehwx
2011/03/31 17:37:32.0934 1764 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/31 17:37:33.0153 1764 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/31 17:37:33.0997 1764 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/31 17:37:34.0653 1764 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/31 17:37:35.0356 1764 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/31 17:37:35.0637 1764 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/31 17:37:36.0028 1764 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/31 17:37:36.0575 1764 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/31 17:37:36.0997 1764 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/31 17:37:37.0325 1764 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/31 17:37:37.0903 1764 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/31 17:37:39.0887 1764 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/31 17:37:40.0450 1764 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/31 17:37:41.0028 1764 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/31 17:37:41.0262 1764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/31 17:37:41.0559 1764 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/31 17:37:42.0294 1764 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/31 17:37:42.0528 1764 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/31 17:37:42.0778 1764 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/31 17:37:43.0200 1764 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/31 17:37:43.0669 1764 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/31 17:37:43.0919 1764 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/31 17:37:44.0122 1764 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/31 17:37:44.0137 1764 Suspicious service (NoAccess): kouqnv
2011/03/31 17:37:44.0419 1764 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/31 17:37:44.0903 1764 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/31 17:37:45.0044 1764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/31 17:37:45.0372 1764 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/31 17:37:45.0637 1764 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/31 17:37:45.0997 1764 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/31 17:37:46.0497 1764 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/31 17:37:46.0778 1764 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/31 17:37:47.0106 1764 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/31 17:37:47.0794 1764 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/31 17:37:48.0044 1764 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/31 17:37:48.0372 1764 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/31 17:37:48.0716 1764 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/31 17:37:49.0294 1764 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/31 17:37:49.0591 1764 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/31 17:37:49.0919 1764 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/31 17:37:50.0247 1764 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/31 17:37:50.0544 1764 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/31 17:37:50.0841 1764 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/31 17:37:51.0137 1764 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/31 17:37:51.0856 1764 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/31 17:37:52.0153 1764 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/31 17:37:52.0528 1764 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/31 17:37:52.0997 1764 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/31 17:37:53.0325 1764 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/31 17:37:53.0622 1764 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/31 17:37:54.0200 1764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/31 17:37:54.0872 1764 nv (76183cc0922fb23a679e96ea8f59ddb3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/31 17:37:56.0528 1764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/31 17:37:56.0934 1764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/31 17:37:56.0981 1764 Suspicious service (NoAccess): nwtgmcw
2011/03/31 17:37:57.0481 1764 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/31 17:37:57.0512 1764 Suspicious service (NoAccess): ohqbxdycp
2011/03/31 17:37:57.0825 1764 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/31 17:37:58.0122 1764 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/31 17:37:58.0528 1764 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/31 17:37:58.0669 1764 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/31 17:37:59.0356 1764 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/31 17:37:59.0919 1764 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/31 17:38:00.0778 1764 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/31 17:38:01.0356 1764 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/31 17:38:01.0841 1764 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/31 17:38:02.0122 1764 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/31 17:38:02.0497 1764 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/03/31 17:38:02.0903 1764 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/03/31 17:38:03.0481 1764 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
2011/03/31 17:38:03.0903 1764 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/31 17:38:04.0184 1764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/31 17:38:04.0950 1764 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/31 17:38:05.0497 1764 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/31 17:38:06.0137 1764 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/31 17:38:06.0356 1764 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/31 17:38:06.0419 1764 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/31 17:38:06.0809 1764 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/31 17:38:06.0825 1764 Suspicious service (NoAccess): qqilye
2011/03/31 17:38:07.0341 1764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/31 17:38:07.0497 1764 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/31 17:38:07.0559 1764 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/31 17:38:07.0606 1764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/31 17:38:07.0653 1764 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/31 17:38:07.0981 1764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/31 17:38:08.0262 1764 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/31 17:38:08.0528 1764 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/31 17:38:08.0591 1764 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/31 17:38:08.0997 1764 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/31 17:38:09.0075 1764 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/03/31 17:38:09.0153 1764 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/31 17:38:09.0512 1764 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/31 17:38:10.0059 1764 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/31 17:38:10.0278 1764 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/03/31 17:38:10.0747 1764 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/31 17:38:10.0950 1764 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/31 17:38:10.0966 1764 Suspicious service (NoAccess): sjxdngg
2011/03/31 17:38:11.0169 1764 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/31 17:38:11.0262 1764 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/31 17:38:11.0450 1764 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/31 17:38:11.0778 1764 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/31 17:38:12.0012 1764 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/31 17:38:12.0075 1764 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/31 17:38:12.0341 1764 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/31 17:38:12.0466 1764 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/31 17:38:12.0544 1764 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/31 17:38:12.0606 1764 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/31 17:38:12.0872 1764 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/31 17:38:13.0278 1764 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/31 17:38:13.0419 1764 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/31 17:38:13.0637 1764 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/31 17:38:13.0731 1764 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/31 17:38:14.0012 1764 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/31 17:38:14.0294 1764 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/31 17:38:14.0606 1764 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/31 17:38:14.0825 1764 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/31 17:38:15.0091 1764 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/31 17:38:15.0341 1764 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/31 17:38:15.0575 1764 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/31 17:38:15.0825 1764 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/31 17:38:16.0075 1764 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/31 17:38:16.0419 1764 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/31 17:38:16.0653 1764 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/31 17:38:16.0887 1764 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/31 17:38:17.0059 1764 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/31 17:38:17.0247 1764 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2011/03/31 17:38:17.0512 1764 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2011/03/31 17:38:17.0841 1764 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/31 17:38:17.0997 1764 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/31 17:38:18.0434 1764 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/31 17:38:18.0966 1764 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/31 17:38:19.0075 1764 Suspicious service (NoAccess): xgmhnw
2011/03/31 17:38:19.0278 1764 ================================================================================
2011/03/31 17:38:19.0278 1764 Scan finished
2011/03/31 17:38:19.0278 1764 ================================================================================
2011/03/31 17:38:49.0231 2604 Deinitialize success
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
ComboFix 11-03-30.03 - Administrator 31.03.2011 17:55:49.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1022.708 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GEHWX
-------\Legacy_KOUQNV
-------\Legacy_NWTGMCW
-------\Legacy_OHQBXDYCP
-------\Service_gehwx
-------\Service_kouqnv
-------\Service_nwtgmcw
-------\Service_ohqbxdycp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-04-27 20:57 . 2011-04-27 20:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10
2011-04-27 20:33 . 2011-04-27 20:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-04-27 20:32 . 2011-03-31 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-27 20:12 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-04-27 20:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-04-27 20:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-04-27 20:10 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-04-27 20:10 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-27 20:05 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-04-27 20:05 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-04-27 20:03 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 18:25 . 2011-04-27 18:25 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 18:15 . 2011-04-27 18:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-27 18:13 . 2011-04-27 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-27 17:17 . 2011-04-27 17:17 388096 ----a-r- c:\documents and settings\Ivča\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 17:17 . 2011-04-27 17:17 -------- d-----w- c:\program files\TrendMicro
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\logo1_.exe
2011-04-27 17:06 . 2011-04-27 17:06 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 17:06 . 2011-04-27 17:06 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 17:06 . 2011-04-27 17:06 28672 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 17:06 . 2004-08-10 14:00 146432 ----a-w- c:\windows\R.COM
2011-04-27 17:06 . 2004-08-10 14:00 135680 ----a-w- c:\windows\system32\T.COM
2011-04-27 17:06 . 2011-04-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-04-27 17:01 . 2011-04-27 17:01 -------- d-----w- c:\program files\CCleaner
2011-04-27 16:22 . 2011-04-27 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-27 16:22 . 2011-01-17 20:01 4622344 ----a-w- c:\temp\avg_free_stb_eu_2011_1191_free.exe
2011-04-27 16:11 . 2011-04-27 16:11 -------- d-----w- c:\documents and settings\Ivča\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\Bels\Application Data\SUPERAntiSpyware.com
2011-04-27 14:56 . 2011-04-27 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-15 20:41 . 2011-04-15 20:41 1409 ----a-w- c:\windows\QTFont.for
2011-03-31 15:42 . 2011-03-31 15:52 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-03-30 21:03 . 2011-03-30 21:03 -------- d-----w- c:\windows\ServicePackFiles
2011-03-19 14:02 . 2011-03-19 14:02 -------- d-----w- c:\documents and settings\Bels\Application Data\skypePM
2011-03-10 08:07 . 2011-03-16 17:47 -------- d-----w- c:\documents and settings\Ivča\Application Data\skypePM
2011-03-10 08:05 . 2011-03-10 08:05 -------- d-----w- c:\program files\Common Files\Skype
2011-03-10 07:37 . 2011-03-10 07:37 -------- d-----w- c:\documents and settings\Ivča\Local Settings\Application Data\Temp
2011-03-07 10:03 . 2011-04-06 20:12 -------- d-----w- c:\documents and settings\Ivča\Local Settings\Application Data\Google
2011-03-07 09:52 . 2011-03-07 09:57 -------- d-----w- c:\documents and settings\Ivča\Application Data\PhotoScape
2011-03-06 14:28 . 2011-03-06 14:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-03-06 12:55 . 2011-03-06 12:56 -------- d-----w- c:\documents and settings\Bels\Application Data\PhotoScape
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-03-06 12:32 . 2011-03-06 12:34 -------- d-----w- c:\program files\Google
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- c:\program files\PhotoScape
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 15:48 . 2004-09-10 14:57 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 15:48 . 2004-09-10 14:57 291840 ----a-w- c:\windows\system32\sbe.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-27_19.23.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-08-06 17:24 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-09-10 14:57 . 2009-06-25 08:17 59392 c:\windows\system32\wdigest.dll
+ 2011-04-27 20:05 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-09-10 14:57 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2004-09-10 14:57 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2007-01-30 18:45 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2007-01-30 18:51 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2011-04-27 19:51 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 56320 c:\windows\system32\secur32.dll
+ 2004-09-10 14:57 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
- 2004-09-10 14:57 . 2004-08-10 14:00 69632 c:\windows\system32\raschap.dll
+ 2004-09-10 14:57 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 39424 c:\windows\system32\pngfilt.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 39424 c:\windows\system32\pngfilt.dll
+ 2004-09-10 14:57 . 2011-03-31 15:35 58654 c:\windows\system32\perfc009.dat
- 2004-09-10 14:57 . 2011-03-27 09:27 58654 c:\windows\system32\perfc009.dat
+ 2004-09-10 15:30 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-09-10 14:57 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-09-10 14:57 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2004-09-10 14:57 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 11264 c:\windows\system32\msrle32.dll
+ 2004-09-10 14:57 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
- 2004-09-10 15:30 . 2004-08-10 14:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-10 14:57 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2004-09-10 14:57 . 2005-06-29 01:46 74240 c:\windows\system32\mscms.dll
+ 2004-09-10 14:57 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 48640 c:\windows\system32\mqupgrd.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 95744 c:\windows\system32\mqsec.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 16896 c:\windows\system32\mqise.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 47104 c:\windows\system32\mqdscli.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 19968 c:\windows\system32\mqbkup.exe
+ 2004-09-10 14:57 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
+ 2004-09-10 14:58 . 2008-06-11 00:47 96768 c:\windows\system32\logagent.exe
- 2004-09-10 14:58 . 2005-08-03 18:29 96768 c:\windows\system32\logagent.exe
+ 2004-09-10 14:57 . 2010-04-16 15:20 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 96256 c:\windows\system32\inseng.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 96256 c:\windows\system32\inseng.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 81920 c:\windows\system32\ieencode.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 81920 c:\windows\system32\ieencode.dll
+ 2004-09-10 14:57 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 55808 c:\windows\system32\extmgr.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 55808 c:\windows\system32\extmgr.dll
+ 2004-09-10 14:57 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2004-09-10 14:57 . 2009-06-22 11:35 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:44 . 2009-06-25 08:17 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 11:50 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-25 08:44 . 2009-06-25 08:17 56320 c:\windows\system32\dllcache\secur32.dll
+ 2011-04-27 20:08 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-10-12 13:54 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:23 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2009-06-22 11:48 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2004-09-10 14:58 . 2005-08-03 18:29 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-09-10 14:58 . 2008-06-11 00:47 96768 c:\windows\system32\dllcache\logagent.exe
+ 2009-06-22 11:34 . 2009-06-22 11:35 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2007-01-30 18:57 . 2010-04-16 15:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 96256 c:\windows\system32\dllcache\inseng.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 96256 c:\windows\system32\dllcache\inseng.dll
+ 2010-04-16 15:20 . 2010-04-16 15:20 81920 c:\windows\system32\dllcache\ieencode.dll
- 2007-01-30 18:57 . 2006-06-23 08:48 18432 c:\windows\system32\dllcache\iedw.exe
+ 2007-01-30 18:57 . 2010-04-16 13:29 18432 c:\windows\system32\dllcache\iedw.exe
+ 2011-04-27 20:08 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-12-14 07:35 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-04-27 20:08 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2010-03-05 14:57 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-09-10 14:56 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll
+ 2004-09-10 15:30 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll
- 2004-09-10 15:30 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2004-09-10 14:56 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2004-09-10 14:56 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
- 2004-09-10 14:56 . 2004-08-10 14:00 58880 c:\windows\system32\atl.dll
+ 2004-09-10 14:56 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2004-09-29 18:11 . 2009-06-24 10:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-09-10 15:31 . 2010-02-09 16:22 81920 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2004-10-07 17:36 . 2009-06-24 10:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2004-09-29 18:11 . 2009-06-24 10:56 98304 c:\windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2004-09-10 15:31 . 2004-08-03 22:12 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-09-10 15:31 . 2009-06-23 20:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-09-10 15:31 . 2009-06-23 20:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2004-09-10 15:31 . 2004-08-03 22:12 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-09-10 15:31 . 2009-06-23 20:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-09-10 15:31 . 2004-08-03 22:11 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-09-10 15:31 . 2002-06-21 17:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2004-09-10 15:31 . 2009-06-23 20:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_b17ce412\System.Drawing.Design.dll
+ 2011-03-30 21:01 . 2011-03-30 21:01 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_e4bb2c60\CustomMarshalers.dll
+ 2011-03-30 21:10 . 2011-03-30 21:10 81920 c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2001-08-17 22:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
+ 2004-09-10 14:57 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2004-09-10 14:57 . 2004-08-10 14:00 4608 c:\windows\system32\mqsvc.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-09-10 15:31 . 2009-06-29 09:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2007-01-30 18:45 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2004-09-10 14:58 . 2009-04-09 23:01 413544 c:\windows\system32\wmspdmod.dll
+ 2004-09-10 14:58 . 2009-07-13 08:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-09-10 14:58 . 2008-06-11 00:58 988672 c:\windows\system32\WMNetmgr.dll
- 2004-09-10 14:58 . 2005-08-03 18:29 988672 c:\windows\system32\wmnetmgr.dll
+ 2004-09-10 14:58 . 2007-10-27 15:39 228864 c:\windows\system32\wmasf.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 132096 c:\windows\system32\wkssvc.dll
+ 2004-09-10 14:57 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2004-09-10 14:57 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 668672 c:\windows\system32\wininet.dll
+ 2004-09-10 14:57 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 351232 c:\windows\system32\winhttp.dll
+ 2004-09-10 15:30 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-09-10 15:30 . 2009-02-10 16:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-09-10 15:30 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-09-10 14:57 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 417792 c:\windows\system32\vbscript.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 628224 c:\windows\system32\urlmon.dll
+ 2004-09-10 14:57 . 2009-10-15 20:51 119808 c:\windows\system32\t2embed.dll
+ 2004-09-10 14:58 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 168448 c:\windows\system32\schannel.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 474112 c:\windows\system32\shlwapi.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 474112 c:\windows\system32\shlwapi.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-09-10 14:57 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe
+ 2004-09-10 14:57 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll
+ 2004-09-10 14:57 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 112128 c:\windows\system32\rastls.dll
+ 2004-09-10 14:57 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
- 2004-09-10 14:57 . 2011-03-27 09:27 392736 c:\windows\system32\perfh009.dat
+ 2004-09-10 14:57 . 2011-03-31 15:35 392736 c:\windows\system32\perfh009.dat
+ 2004-09-10 14:57 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll
+ 2004-09-10 14:57 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 266752 c:\windows\system32\oakley.dll
+ 2004-09-10 14:57 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll
+ 2004-09-10 14:57 . 2009-02-06 18:46 408064 c:\windows\system32\netlogon.dll
+ 2004-09-10 14:57 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 245248 c:\windows\system32\mswsock.dll
+ 2004-09-10 14:57 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
+ 2004-09-10 14:57 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2004-09-10 14:57 . 2009-09-11 14:03 136192 c:\windows\system32\msv1_0.dll
+ 2004-09-10 15:30 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 532480 c:\windows\system32\mstime.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 532480 c:\windows\system32\mstime.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 146432 c:\windows\system32\msrating.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 146432 c:\windows\system32\msrating.dll
+ 2004-09-10 15:30 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe
- 2004-09-10 15:30 . 2004-08-10 14:00 343040 c:\windows\system32\mspaint.exe
+ 2004-09-10 14:57 . 2010-04-16 15:20 449024 c:\windows\system32\mshtmled.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 471552 c:\windows\system32\mqutil.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 186880 c:\windows\system32\mqtrig.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-09-10 14:57 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-09-10 14:57 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 123392 c:\windows\system32\mqrtdep.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 177152 c:\windows\system32\mqrt.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 225280 c:\windows\system32\mqoa.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 138240 c:\windows\system32\mqad.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 729600 c:\windows\system32\lsasrv.dll
+ 2004-09-10 14:57 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-09-10 14:57 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 301568 c:\windows\system32\kerberos.dll
+ 2004-09-10 14:57 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
- 2004-09-10 14:57 . 2006-05-18 05:24 450560 c:\windows\system32\jscript.dll
+ 2004-09-10 15:34 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 251904 c:\windows\system32\iepeers.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 251904 c:\windows\system32\iepeers.dll
+ 2004-09-10 14:57 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2004-09-10 15:22 . 2010-11-08 16:13 157952 c:\windows\system32\FNTCACHE.DAT
+ 2004-09-10 15:22 . 2011-03-31 15:28 157952 c:\windows\system32\FNTCACHE.DAT
+ 2004-09-10 14:57 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 205312 c:\windows\system32\dxtrans.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 205312 c:\windows\system32\dxtrans.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 357888 c:\windows\system32\dxtmsft.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 357888 c:\windows\system32\dxtmsft.dll
+ 2004-09-10 14:57 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-09-10 14:57 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-09-10 14:57 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2004-09-10 14:57 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-09-10 14:57 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-09-10 14:56 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-09-10 14:56 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-09-10 14:58 . 2009-04-09 23:01 413544 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-07-13 08:08 . 2009-07-13 08:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
- 2004-09-10 14:58 . 2005-08-03 18:29 988672 c:\windows\system32\dllcache\wmnetmgr.dll
+ 2004-09-10 14:58 . 2008-06-11 00:58 988672 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2011-04-27 20:08 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-02-10 16:31 . 2009-02-10 16:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-09-10 14:58 . 2007-10-27 15:39 228864 c:\windows\system32\dllcache\wmasf.dll
+ 2009-06-10 06:32 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 668672 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2007-12-18 14:40 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 628224 c:\windows\system32\dllcache\urlmon.dll
+ 2011-04-27 20:08 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
+ 2007-01-30 18:58 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2007-01-30 18:57 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2009-10-15 20:51 . 2009-10-15 20:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-08-26 08:16 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2007-01-30 18:56 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
+ 2009-06-25 08:44 . 2009-06-25 08:17 168448 c:\windows\system32\dllcache\schannel.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2011-04-27 20:08 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\services.exe
- 2005-08-05 14:01 . 2006-06-29 10:17 291840 c:\windows\system32\dllcache\sbe.dll
+ 2005-08-05 14:01 . 2011-02-04 15:48 291840 c:\windows\system32\dllcache\sbe.dll
+ 2011-04-27 20:08 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 15:11 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-01-30 18:57 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2009-10-12 13:54 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
+ 2011-04-27 20:08 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-10-13 10:53 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
+ 2011-04-27 20:08 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2007-01-30 18:58 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2008-06-20 17:41 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:44 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 532480 c:\windows\system32\dllcache\mstime.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 532480 c:\windows\system32\dllcache\mstime.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 146432 c:\windows\system32\dllcache\msrating.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 12:58 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-01-30 18:56 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-06-25 18:36 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
+ 2009-06-25 08:44 . 2009-06-25 08:17 729600 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2007-01-30 18:56 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:44 . 2009-06-25 08:17 301568 c:\windows\system32\dllcache\kerberos.dll
- 2007-01-30 18:56 . 2006-05-18 05:24 450560 c:\windows\system32\dllcache\jscript.dll
+ 2007-01-30 18:56 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
+ 2007-01-30 18:57 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-23 13:01 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2011-04-27 20:08 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:32 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
- 2005-08-05 14:01 . 2006-06-29 10:17 456192 c:\windows\system32\dllcache\encdec.dll
+ 2005-08-05 14:01 . 2011-02-04 15:48 456192 c:\windows\system32\dllcache\encdec.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-01-30 18:56 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-09-10 14:56 . 2004-08-10 14:00 640000 c:\windows\system32\dllcache\dbghelp.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2010-04-20 05:51 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2011-04-27 20:08 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll
+ 2007-01-30 18:58 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2004-09-10 14:56 . 2006-06-23 11:25 151040 c:\windows\system32\cdfview.dll
+ 2004-09-10 14:56 . 2010-04-16 15:20 151040 c:\windows\system32\cdfview.dll
+ 2004-09-10 14:56 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
- 2004-09-10 14:56 . 2004-08-10 14:00 285696 c:\windows\system32\atmfd.dll
+ 2004-09-10 14:56 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll
+ 2004-09-10 14:56 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
- 2004-09-10 15:34 . 2004-08-10 14:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2004-09-10 15:34 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2004-09-10 15:31 . 2009-06-23 19:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-09-10 15:31 . 2004-07-19 18:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-09-10 15:31 . 2004-08-03 22:11 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-09-10 15:31 . 2009-06-23 20:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2011-04-27 20:31 . 2011-04-27 20:31 219648 c:\windows\Installer\1d21e5.msi
+ 2007-01-30 18:39 . 2009-08-18 08:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2007-01-30 18:52 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-27 20:12 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2011-03-30 21:02 . 2011-03-30 21:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_31ffaf1f\System.Drawing.dll
+ 2004-09-10 14:56 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2011-04-27 20:11 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-09-10 14:58 . 2010-04-03 02:27 2334720 c:\windows\system32\WMVCore.dll
+ 2004-09-10 14:58 . 2009-07-13 08:08 5537792 c:\windows\system32\wmp.dll
+ 2004-09-10 14:57 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
+ 2004-09-10 14:57 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 1509888 c:\windows\system32\shdocvw.dll
- 2004-09-10 14:57 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
+ 2004-09-10 14:57 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
+ 2004-09-10 14:57 . 2010-02-05 18:14 1291776 c:\windows\system32\quartz.dll
+ 2004-09-10 14:57 . 2010-02-16 17:35 2143744 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2010-02-16 16:57 2021888 c:\windows\system32\ntkrnlpa.exe
+ 2004-09-10 14:57 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 3073024 c:\windows\system32\mshtml.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-09-10 14:58 . 2010-04-03 02:27 2334720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-07-13 08:08 . 2009-07-13 08:08 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2010-05-02 05:56 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2007-01-30 18:58 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-01-30 18:57 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2007-01-30 18:57 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2010-02-05 18:14 . 2010-02-05 18:14 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2011-04-27 20:08 . 2010-02-16 17:37 2186880 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-04-27 20:08 . 2010-02-16 16:57 2021888 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2011-04-27 20:08 . 2010-02-17 09:57 2063744 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-04-27 20:08 . 2010-02-16 17:35 2143744 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-01-30 18:58 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-01-29 15:08 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 3073024 c:\windows\system32\dllcache\mshtml.dll
+ 2011-04-27 20:08 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2007-01-30 18:57 . 2006-06-23 11:25 1054208 c:\windows\system32\dllcache\danim.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 1024000 c:\windows\system32\dllcache\browseui.dll
- 2004-09-10 14:56 . 2006-06-23 11:25 1054208 c:\windows\system32\danim.dll
+ 2004-09-10 14:56 . 2010-04-16 15:20 1054208 c:\windows\system32\danim.dll
+ 2004-09-10 14:56 . 2010-04-16 15:20 1024000 c:\windows\system32\browseui.dll
- 2004-09-10 15:31 . 2004-10-07 13:28 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-09-10 15:31 . 2009-06-29 09:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-09-10 15:31 . 2009-06-23 20:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-09-10 15:31 . 2009-06-23 20:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-09-10 15:31 . 2004-07-19 18:54 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-09-10 15:31 . 2009-06-29 09:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2011-04-27 20:33 . 2011-04-27 20:33 3272704 c:\windows\Installer\1d21ed.msi
+ 2011-04-27 20:32 . 2011-04-27 20:32 1611776 c:\windows\Installer\1d21e9.msi
+ 2004-09-10 15:50 . 2006-08-21 13:57 1077321 c:\windows\Help\SBSI\Training\orun32.exe
+ 2007-01-30 18:52 . 2010-02-16 17:37 2186880 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-01-30 18:52 . 2010-02-16 16:57 2021888 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2007-01-30 18:52 . 2010-02-17 09:57 2063744 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2007-01-30 18:52 . 2010-02-16 17:35 2143744 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-03-30 21:02 . 2011-03-30 21:02 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_cdd34a63\System.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_0410de4d\System.Xml.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_57905c38\System.Windows.Forms.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_b7b5b0e5\System.Design.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_1ef50bbd\mscorlib.dll
+ 2011-03-30 21:01 . 2011-03-30 21:01 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-01-30 18:52 . 2007-01-30 18:52 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"nwiz"="nwiz.exe" [2006-10-06 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-06 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\Bels\Start Menu\Programs\Startup\
Registration Driver Parallel Lines.LNK - c:\program files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Bels\\My Documents\\Stažené soubory\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2011 14:32 135664]
S2 qqilye;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 sjxdngg;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 xgmhnw;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sjxdngg
xgmhnw
qqilye
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-31 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]
.
2011-03-31 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2009-12-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2011-04-27 c:\windows\Tasks\Setup My PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
uInternet Connection Wizard,ShellNext = hxxp://www.avg.cz/cz.special-uninstalla ... =10.0.1204
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cean2ps7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 18:00
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-31 18:02:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-31 16:02
ComboFix2.txt 2011-04-27 20:03
ComboFix3.txt 2011-04-27 19:24
.
Před spuštěním: 224 470 581 248 bytes free
Po spuštění: Volných bajtů: 224 478 703 616
.
- - End Of File - - 5DA959C7F674B830C8C63BFAE31CEDA2
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1022.708 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GEHWX
-------\Legacy_KOUQNV
-------\Legacy_NWTGMCW
-------\Legacy_OHQBXDYCP
-------\Service_gehwx
-------\Service_kouqnv
-------\Service_nwtgmcw
-------\Service_ohqbxdycp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-04-27 20:57 . 2011-04-27 20:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10
2011-04-27 20:33 . 2011-04-27 20:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-04-27 20:32 . 2011-03-31 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-27 20:12 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-04-27 20:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-04-27 20:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-04-27 20:10 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-04-27 20:10 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-27 20:05 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-04-27 20:05 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-04-27 20:03 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 18:31 . 2011-04-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-27 18:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 18:25 . 2011-04-27 18:25 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 18:15 . 2011-04-27 18:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-27 18:13 . 2011-04-27 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-27 17:17 . 2011-04-27 17:17 388096 ----a-r- c:\documents and settings\Ivča\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-04-27 17:17 . 2011-04-27 17:17 -------- d-----w- c:\program files\TrendMicro
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-04-27 17:14 . 2011-04-27 17:14 -------- d---a-w- c:\windows\logo1_.exe
2011-04-27 17:06 . 2011-04-27 17:06 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 17:06 . 2011-04-27 17:06 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 17:06 . 2011-04-27 17:06 28672 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 17:06 . 2004-08-10 14:00 146432 ----a-w- c:\windows\R.COM
2011-04-27 17:06 . 2004-08-10 14:00 135680 ----a-w- c:\windows\system32\T.COM
2011-04-27 17:06 . 2011-04-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-04-27 17:01 . 2011-04-27 17:01 -------- d-----w- c:\program files\CCleaner
2011-04-27 16:22 . 2011-04-27 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-27 16:22 . 2011-01-17 20:01 4622344 ----a-w- c:\temp\avg_free_stb_eu_2011_1191_free.exe
2011-04-27 16:11 . 2011-04-27 16:11 -------- d-----w- c:\documents and settings\Ivča\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 14:57 . 2011-04-27 14:57 -------- d-----w- c:\documents and settings\Bels\Application Data\SUPERAntiSpyware.com
2011-04-27 14:56 . 2011-04-27 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-15 20:41 . 2011-04-15 20:41 1409 ----a-w- c:\windows\QTFont.for
2011-03-31 15:42 . 2011-03-31 15:52 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-03-30 21:03 . 2011-03-30 21:03 -------- d-----w- c:\windows\ServicePackFiles
2011-03-19 14:02 . 2011-03-19 14:02 -------- d-----w- c:\documents and settings\Bels\Application Data\skypePM
2011-03-10 08:07 . 2011-03-16 17:47 -------- d-----w- c:\documents and settings\Ivča\Application Data\skypePM
2011-03-10 08:05 . 2011-03-10 08:05 -------- d-----w- c:\program files\Common Files\Skype
2011-03-10 07:37 . 2011-03-10 07:37 -------- d-----w- c:\documents and settings\Ivča\Local Settings\Application Data\Temp
2011-03-07 10:03 . 2011-04-06 20:12 -------- d-----w- c:\documents and settings\Ivča\Local Settings\Application Data\Google
2011-03-07 09:52 . 2011-03-07 09:57 -------- d-----w- c:\documents and settings\Ivča\Application Data\PhotoScape
2011-03-06 14:28 . 2011-03-06 14:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-03-06 12:55 . 2011-03-06 12:56 -------- d-----w- c:\documents and settings\Bels\Application Data\PhotoScape
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-03-06 12:32 . 2011-03-06 12:34 -------- d-----w- c:\program files\Google
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- c:\program files\PhotoScape
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 15:48 . 2004-09-10 14:57 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 15:48 . 2004-09-10 14:57 291840 ----a-w- c:\windows\system32\sbe.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-27_19.23.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-08-06 17:24 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-09-10 14:57 . 2009-06-25 08:17 59392 c:\windows\system32\wdigest.dll
+ 2011-04-27 20:05 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-09-10 14:57 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2004-09-10 14:57 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2007-01-30 18:45 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2007-01-30 18:51 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2011-04-27 19:51 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 56320 c:\windows\system32\secur32.dll
+ 2004-09-10 14:57 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
- 2004-09-10 14:57 . 2004-08-10 14:00 69632 c:\windows\system32\raschap.dll
+ 2004-09-10 14:57 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 39424 c:\windows\system32\pngfilt.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 39424 c:\windows\system32\pngfilt.dll
+ 2004-09-10 14:57 . 2011-03-31 15:35 58654 c:\windows\system32\perfc009.dat
- 2004-09-10 14:57 . 2011-03-27 09:27 58654 c:\windows\system32\perfc009.dat
+ 2004-09-10 15:30 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-09-10 14:57 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-09-10 14:57 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2004-09-10 14:57 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 11264 c:\windows\system32\msrle32.dll
+ 2004-09-10 14:57 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
- 2004-09-10 15:30 . 2004-08-10 14:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-10 14:57 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2004-09-10 14:57 . 2005-06-29 01:46 74240 c:\windows\system32\mscms.dll
+ 2004-09-10 14:57 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 48640 c:\windows\system32\mqupgrd.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 95744 c:\windows\system32\mqsec.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 16896 c:\windows\system32\mqise.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 47104 c:\windows\system32\mqdscli.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 19968 c:\windows\system32\mqbkup.exe
+ 2004-09-10 14:57 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
+ 2004-09-10 14:58 . 2008-06-11 00:47 96768 c:\windows\system32\logagent.exe
- 2004-09-10 14:58 . 2005-08-03 18:29 96768 c:\windows\system32\logagent.exe
+ 2004-09-10 14:57 . 2010-04-16 15:20 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 96256 c:\windows\system32\inseng.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 96256 c:\windows\system32\inseng.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 81920 c:\windows\system32\ieencode.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 81920 c:\windows\system32\ieencode.dll
+ 2004-09-10 14:57 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 55808 c:\windows\system32\extmgr.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 55808 c:\windows\system32\extmgr.dll
+ 2004-09-10 14:57 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2004-09-10 14:57 . 2009-06-22 11:35 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2004-09-10 15:34 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:44 . 2009-06-25 08:17 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 11:50 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-25 08:44 . 2009-06-25 08:17 56320 c:\windows\system32\dllcache\secur32.dll
+ 2011-04-27 20:08 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-10-12 13:54 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:23 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2009-06-22 11:48 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2004-09-10 14:58 . 2005-08-03 18:29 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-09-10 14:58 . 2008-06-11 00:47 96768 c:\windows\system32\dllcache\logagent.exe
+ 2009-06-22 11:34 . 2009-06-22 11:35 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2007-01-30 18:57 . 2010-04-16 15:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 96256 c:\windows\system32\dllcache\inseng.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 96256 c:\windows\system32\dllcache\inseng.dll
+ 2010-04-16 15:20 . 2010-04-16 15:20 81920 c:\windows\system32\dllcache\ieencode.dll
- 2007-01-30 18:57 . 2006-06-23 08:48 18432 c:\windows\system32\dllcache\iedw.exe
+ 2007-01-30 18:57 . 2010-04-16 13:29 18432 c:\windows\system32\dllcache\iedw.exe
+ 2011-04-27 20:08 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-12-14 07:35 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-04-27 20:08 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2010-03-05 14:57 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-09-10 14:56 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll
+ 2004-09-10 15:30 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll
- 2004-09-10 15:30 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-09-10 14:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2004-09-10 14:56 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2004-09-10 14:56 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
- 2004-09-10 14:56 . 2004-08-10 14:00 58880 c:\windows\system32\atl.dll
+ 2004-09-10 14:56 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2004-09-29 18:11 . 2009-06-24 10:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-09-10 15:31 . 2010-02-09 16:22 81920 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2004-10-07 17:36 . 2009-06-24 10:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2004-09-29 18:11 . 2009-06-24 10:56 98304 c:\windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2004-09-10 15:31 . 2004-08-03 22:12 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-09-10 15:31 . 2009-06-23 20:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-09-10 15:31 . 2009-06-23 20:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2004-09-10 15:31 . 2004-08-03 22:12 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-09-10 15:31 . 2009-06-23 20:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-09-10 15:31 . 2004-08-03 22:11 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-09-10 15:31 . 2002-06-21 17:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2004-09-10 15:31 . 2009-06-23 20:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_b17ce412\System.Drawing.Design.dll
+ 2011-03-30 21:01 . 2011-03-30 21:01 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_e4bb2c60\CustomMarshalers.dll
+ 2011-03-30 21:10 . 2011-03-30 21:10 81920 c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2001-08-17 22:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
+ 2004-09-10 14:57 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2004-09-10 14:57 . 2004-08-10 14:00 4608 c:\windows\system32\mqsvc.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-09-10 15:31 . 2009-06-29 09:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2007-01-30 18:45 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2004-09-10 14:58 . 2009-04-09 23:01 413544 c:\windows\system32\wmspdmod.dll
+ 2004-09-10 14:58 . 2009-07-13 08:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-09-10 14:58 . 2008-06-11 00:58 988672 c:\windows\system32\WMNetmgr.dll
- 2004-09-10 14:58 . 2005-08-03 18:29 988672 c:\windows\system32\wmnetmgr.dll
+ 2004-09-10 14:58 . 2007-10-27 15:39 228864 c:\windows\system32\wmasf.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 132096 c:\windows\system32\wkssvc.dll
+ 2004-09-10 14:57 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2004-09-10 14:57 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 668672 c:\windows\system32\wininet.dll
+ 2004-09-10 14:57 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 351232 c:\windows\system32\winhttp.dll
+ 2004-09-10 15:30 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-09-10 15:30 . 2009-02-10 16:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-09-10 15:30 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-09-10 14:57 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 417792 c:\windows\system32\vbscript.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 628224 c:\windows\system32\urlmon.dll
+ 2004-09-10 14:57 . 2009-10-15 20:51 119808 c:\windows\system32\t2embed.dll
+ 2004-09-10 14:58 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 168448 c:\windows\system32\schannel.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 474112 c:\windows\system32\shlwapi.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 474112 c:\windows\system32\shlwapi.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-09-10 14:57 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe
+ 2004-09-10 14:57 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll
+ 2004-09-10 14:57 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 112128 c:\windows\system32\rastls.dll
+ 2004-09-10 14:57 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
- 2004-09-10 14:57 . 2011-03-27 09:27 392736 c:\windows\system32\perfh009.dat
+ 2004-09-10 14:57 . 2011-03-31 15:35 392736 c:\windows\system32\perfh009.dat
+ 2004-09-10 14:57 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll
+ 2004-09-10 14:57 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 266752 c:\windows\system32\oakley.dll
+ 2004-09-10 14:57 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll
+ 2004-09-10 14:57 . 2009-02-06 18:46 408064 c:\windows\system32\netlogon.dll
+ 2004-09-10 14:57 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 245248 c:\windows\system32\mswsock.dll
+ 2004-09-10 14:57 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
+ 2004-09-10 14:57 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2004-09-10 14:57 . 2009-09-11 14:03 136192 c:\windows\system32\msv1_0.dll
+ 2004-09-10 15:30 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 532480 c:\windows\system32\mstime.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 532480 c:\windows\system32\mstime.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 146432 c:\windows\system32\msrating.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 146432 c:\windows\system32\msrating.dll
+ 2004-09-10 15:30 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe
- 2004-09-10 15:30 . 2004-08-10 14:00 343040 c:\windows\system32\mspaint.exe
+ 2004-09-10 14:57 . 2010-04-16 15:20 449024 c:\windows\system32\mshtmled.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-09-10 15:30 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 471552 c:\windows\system32\mqutil.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 186880 c:\windows\system32\mqtrig.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-09-10 14:57 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-09-10 14:57 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 123392 c:\windows\system32\mqrtdep.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 177152 c:\windows\system32\mqrt.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 225280 c:\windows\system32\mqoa.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
+ 2004-09-10 14:57 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
- 2004-09-10 14:57 . 2004-08-10 14:00 138240 c:\windows\system32\mqad.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 729600 c:\windows\system32\lsasrv.dll
+ 2004-09-10 14:57 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-09-10 14:57 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-09-10 14:57 . 2009-06-25 08:17 301568 c:\windows\system32\kerberos.dll
+ 2004-09-10 14:57 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
- 2004-09-10 14:57 . 2006-05-18 05:24 450560 c:\windows\system32\jscript.dll
+ 2004-09-10 15:34 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 251904 c:\windows\system32\iepeers.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 251904 c:\windows\system32\iepeers.dll
+ 2004-09-10 14:57 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2004-09-10 15:22 . 2010-11-08 16:13 157952 c:\windows\system32\FNTCACHE.DAT
+ 2004-09-10 15:22 . 2011-03-31 15:28 157952 c:\windows\system32\FNTCACHE.DAT
+ 2004-09-10 14:57 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 205312 c:\windows\system32\dxtrans.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 205312 c:\windows\system32\dxtrans.dll
- 2004-09-10 14:57 . 2006-06-23 11:25 357888 c:\windows\system32\dxtmsft.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 357888 c:\windows\system32\dxtmsft.dll
+ 2004-09-10 14:57 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-09-10 14:57 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-09-10 14:57 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2004-09-10 14:57 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-09-10 14:57 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-09-10 14:56 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-09-10 14:56 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-09-10 15:34 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-09-10 14:58 . 2009-04-09 23:01 413544 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-07-13 08:08 . 2009-07-13 08:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
- 2004-09-10 14:58 . 2005-08-03 18:29 988672 c:\windows\system32\dllcache\wmnetmgr.dll
+ 2004-09-10 14:58 . 2008-06-11 00:58 988672 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2011-04-27 20:08 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-02-10 16:31 . 2009-02-10 16:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-09-10 14:58 . 2007-10-27 15:39 228864 c:\windows\system32\dllcache\wmasf.dll
+ 2009-06-10 06:32 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 668672 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2007-12-18 14:40 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 628224 c:\windows\system32\dllcache\urlmon.dll
+ 2011-04-27 20:08 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
+ 2007-01-30 18:58 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2007-01-30 18:57 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2009-10-15 20:51 . 2009-10-15 20:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-08-26 08:16 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2007-01-30 18:56 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
+ 2009-06-25 08:44 . 2009-06-25 08:17 168448 c:\windows\system32\dllcache\schannel.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2011-04-27 20:08 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\services.exe
- 2005-08-05 14:01 . 2006-06-29 10:17 291840 c:\windows\system32\dllcache\sbe.dll
+ 2005-08-05 14:01 . 2011-02-04 15:48 291840 c:\windows\system32\dllcache\sbe.dll
+ 2011-04-27 20:08 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 15:11 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-01-30 18:57 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2009-10-12 13:54 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
+ 2011-04-27 20:08 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-10-13 10:53 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
+ 2011-04-27 20:08 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2007-01-30 18:58 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2008-06-20 17:41 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:44 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 532480 c:\windows\system32\dllcache\mstime.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 532480 c:\windows\system32\dllcache\mstime.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 146432 c:\windows\system32\dllcache\msrating.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 12:58 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-01-30 18:56 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-06-25 18:36 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
+ 2009-06-25 08:44 . 2009-06-25 08:17 729600 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2007-01-30 18:56 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:44 . 2009-06-25 08:17 301568 c:\windows\system32\dllcache\kerberos.dll
- 2007-01-30 18:56 . 2006-05-18 05:24 450560 c:\windows\system32\dllcache\jscript.dll
+ 2007-01-30 18:56 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
+ 2007-01-30 18:57 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-23 13:01 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2011-04-27 20:08 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:32 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
- 2005-08-05 14:01 . 2006-06-29 10:17 456192 c:\windows\system32\dllcache\encdec.dll
+ 2005-08-05 14:01 . 2011-02-04 15:48 456192 c:\windows\system32\dllcache\encdec.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-01-30 18:56 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-09-10 14:56 . 2004-08-10 14:00 640000 c:\windows\system32\dllcache\dbghelp.dll
- 2007-01-30 18:57 . 2006-06-23 11:25 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2010-04-20 05:51 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2011-04-27 20:08 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll
+ 2007-01-30 18:58 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2004-09-10 14:56 . 2006-06-23 11:25 151040 c:\windows\system32\cdfview.dll
+ 2004-09-10 14:56 . 2010-04-16 15:20 151040 c:\windows\system32\cdfview.dll
+ 2004-09-10 14:56 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
- 2004-09-10 14:56 . 2004-08-10 14:00 285696 c:\windows\system32\atmfd.dll
+ 2004-09-10 14:56 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll
+ 2004-09-10 14:56 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
- 2004-09-10 15:34 . 2004-08-10 14:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2004-09-10 15:34 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2004-09-10 15:31 . 2009-06-23 19:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-09-10 15:31 . 2004-07-19 18:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-09-10 15:31 . 2004-08-03 22:11 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-09-10 15:31 . 2009-06-23 20:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2011-04-27 20:31 . 2011-04-27 20:31 219648 c:\windows\Installer\1d21e5.msi
+ 2007-01-30 18:39 . 2009-08-18 08:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2007-01-30 18:52 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-27 20:12 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2011-03-30 21:02 . 2011-03-30 21:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_31ffaf1f\System.Drawing.dll
+ 2004-09-10 14:56 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2011-04-27 20:11 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-09-10 14:58 . 2010-04-03 02:27 2334720 c:\windows\system32\WMVCore.dll
+ 2004-09-10 14:58 . 2009-07-13 08:08 5537792 c:\windows\system32\wmp.dll
+ 2004-09-10 14:57 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
+ 2004-09-10 14:57 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 1509888 c:\windows\system32\shdocvw.dll
- 2004-09-10 14:57 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
+ 2004-09-10 14:57 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
+ 2004-09-10 14:57 . 2010-02-05 18:14 1291776 c:\windows\system32\quartz.dll
+ 2004-09-10 14:57 . 2010-02-16 17:35 2143744 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2010-02-16 16:57 2021888 c:\windows\system32\ntkrnlpa.exe
+ 2004-09-10 14:57 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-09-10 14:57 . 2010-04-16 15:20 3073024 c:\windows\system32\mshtml.dll
+ 2004-09-10 15:34 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-09-10 14:58 . 2010-04-03 02:27 2334720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-07-13 08:08 . 2009-07-13 08:08 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2010-05-02 05:56 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2007-01-30 18:58 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-01-30 18:57 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2007-01-30 18:57 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2010-02-05 18:14 . 2010-02-05 18:14 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2011-04-27 20:08 . 2010-02-16 17:37 2186880 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-04-27 20:08 . 2010-02-16 16:57 2021888 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2011-04-27 20:08 . 2010-02-17 09:57 2063744 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-04-27 20:08 . 2010-02-16 17:35 2143744 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-01-30 18:58 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-01-29 15:08 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 3073024 c:\windows\system32\dllcache\mshtml.dll
+ 2011-04-27 20:08 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2007-01-30 18:57 . 2006-06-23 11:25 1054208 c:\windows\system32\dllcache\danim.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2007-01-30 18:57 . 2010-04-16 15:20 1024000 c:\windows\system32\dllcache\browseui.dll
- 2004-09-10 14:56 . 2006-06-23 11:25 1054208 c:\windows\system32\danim.dll
+ 2004-09-10 14:56 . 2010-04-16 15:20 1054208 c:\windows\system32\danim.dll
+ 2004-09-10 14:56 . 2010-04-16 15:20 1024000 c:\windows\system32\browseui.dll
- 2004-09-10 15:31 . 2004-10-07 13:28 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-09-10 15:31 . 2009-06-29 09:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-09-10 15:31 . 2009-06-23 20:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-09-10 15:31 . 2009-06-23 20:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-09-10 15:31 . 2004-07-19 18:54 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-09-10 15:31 . 2009-06-29 09:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2011-04-27 20:33 . 2011-04-27 20:33 3272704 c:\windows\Installer\1d21ed.msi
+ 2011-04-27 20:32 . 2011-04-27 20:32 1611776 c:\windows\Installer\1d21e9.msi
+ 2004-09-10 15:50 . 2006-08-21 13:57 1077321 c:\windows\Help\SBSI\Training\orun32.exe
+ 2007-01-30 18:52 . 2010-02-16 17:37 2186880 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-01-30 18:52 . 2010-02-16 16:57 2021888 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2007-01-30 18:52 . 2010-02-17 09:57 2063744 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2007-01-30 18:52 . 2010-02-16 17:35 2143744 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-03-30 21:02 . 2011-03-30 21:02 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_cdd34a63\System.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_0410de4d\System.Xml.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_57905c38\System.Windows.Forms.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_b7b5b0e5\System.Design.dll
+ 2011-03-30 21:02 . 2011-03-30 21:02 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_1ef50bbd\mscorlib.dll
+ 2011-03-30 21:01 . 2011-03-30 21:01 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-01-30 18:52 . 2007-01-30 18:52 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"nwiz"="nwiz.exe" [2006-10-06 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-06 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\Bels\Start Menu\Programs\Startup\
Registration Driver Parallel Lines.LNK - c:\program files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Bels\\My Documents\\Stažené soubory\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2011 14:32 135664]
S2 qqilye;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 sjxdngg;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S2 xgmhnw;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [10.9.2004 16:57 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sjxdngg
xgmhnw
qqilye
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-31 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]
.
2011-03-31 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2009-12-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2009-12-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 14:00]
.
2011-04-27 c:\windows\Tasks\Setup My PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTART
uInternet Connection Wizard,ShellNext = hxxp://www.avg.cz/cz.special-uninstalla ... =10.0.1204
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cean2ps7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 18:00
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qqilye]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sjxdngg]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgmhnw]
"ServiceDll"="c:\windows\system32\rrsdnoem.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-31 18:02:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-31 16:02
ComboFix2.txt 2011-04-27 20:03
ComboFix3.txt 2011-04-27 19:24
.
Před spuštěním: 224 470 581 248 bytes free
Po spuštění: Volných bajtů: 224 478 703 616
.
- - End Of File - - 5DA959C7F674B830C8C63BFAE31CEDA2
Re: prosim o kontrolu logu - Vir Trojan.Win32.Agent.Ado
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:03:17, on 31.3.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.cz/cz.special-uninstalla ... =10.0.1204
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 4345 bytes
Scan saved at 18:03:17, on 31.3.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.cz/cz.special-uninstalla ... =10.0.1204
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 4345 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 18 hostů