Poslao: 06 Nov 2010 19:37
|
offline
- Pridružio: 30 Nov 2007
- Poruke: 160
|
To prvo nije uspjelo a evo sta mi pise kada sam uradio kao sto si mi napisao
11/06/10 12:48a -a------ 0 explorer.exe
1file(s) 0 bytes
32339931136 bytes free
c:\WINDOWS\SYSTEM32>dir winlogon.exe
The volume in drive C has no label
The volume Serial Number is 986f-c013
Directory of c:\WINDOWS\SYSTEM32\winlogon.exe
11/06/10 12:48a -a------ 0 explorer.exe
1file(s) 0 bytes
32339931136 bytes free
|
|
|
|
|
Poslao: 07 Nov 2010 07:53
|
offline
- Pridružio: 30 Nov 2007
- Poruke: 160
|
Napisano: 06 Nov 2010 20:38
Posto sam na poslu i ovo cu morati da probam tek ujutru pa cu ti javiti . Pozz
Dopuna: 07 Nov 2010 7:53
Kada sam ukucao da mi to kopira pise mi da nemoze da nadje taj fajl , takodje nemoze naci ni winlogon
|
|
|
|
Poslao: 07 Nov 2010 10:12
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
OK, probaćemo kopiranje sa druge lokacije.
Opet pokreni Recovery Console i kucaj sledeće:
cd system32
cd dllcache
copy explorer.exe c:\windows\explorer.exe
Pojaviće se upit: ukucaj y
copy winlogon.exe c:\windows\system32\winlogon.exe
Pojaviće se upit: ukucaj y
Ukucaj:
exit
kako bi se PC restartovao.
|
|
|
|
Poslao: 07 Nov 2010 13:57
|
offline
- Pridružio: 30 Nov 2007
- Poruke: 160
|
Evo upalio se komp. , stvarno svaka cast kako znas ovo , evo pokrenuo sam combofix i ovo mi je izbacio , samo da te pitam dali mozda znas kako da izbrisem nekako nod32 posto kada pritisnem unistal nece nikako da ga izbrise , probao sam i preko control panela pa ono add or remove.. ali nece ni tako a kada pokrecem combofix uvjek me upozorava da mi je ukljucen nod32 ali ga iskljucit ne mogu
ComboFix 10-11-07.04 - user 11/07/2010 13:46:01.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1467 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.
2010-11-07 12:34 . 2010-11-07 12:34 -------- d-----w- c:\windows\LastGood
2010-11-07 12:34 . 2010-11-07 12:34 -------- d-----w- c:\program files\MSXML 4.0
2010-11-05 20:31 . 2008-04-14 03:42 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-11-05 20:31 . 2008-04-14 03:42 1033728 ----a-w- c:\windows\explorer.exe
2010-11-05 09:39 . 2009-10-12 13:38 149504 ----a-w- c:\windows\system32\SET122.tmp
2010-11-05 09:39 . 2009-10-12 13:38 79872 ----a-w- c:\windows\system32\SET123.tmp
2010-11-05 09:39 . 2009-12-08 09:23 474112 ----a-w- c:\windows\system32\SET11E.tmp
2010-11-05 09:39 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-05 09:39 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-05 09:39 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-05 09:39 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-05 09:38 . 2009-09-04 21:03 58880 ----a-w- c:\windows\system32\SET2B.tmp
2010-11-05 09:38 . 2008-06-20 17:46 245248 -c--a-w- c:\windows\system32\dllcache\SET14.tmp
2010-11-05 09:38 . 2008-06-20 17:46 245248 ----a-w- c:\windows\system32\SET10.tmp
2010-11-05 09:38 . 2008-06-20 17:46 147968 -c--a-w- c:\windows\system32\dllcache\SET15.tmp
2010-11-05 09:38 . 2008-06-20 17:46 147968 ----a-w- c:\windows\system32\SET11.tmp
2010-11-05 09:38 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-11-05 09:38 . 2008-06-20 11:40 138496 -c--a-w- c:\windows\system32\dllcache\SET16.tmp
2010-11-05 09:38 . 2008-06-20 11:08 225856 -c--a-w- c:\windows\system32\dllcache\SET12.tmp
2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies
2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead
2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 20:26 . 2010-11-05 20:26 691764 ----a-w- C:\66097_1211463662_files.zip
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 4C6174082E58BD30527318D634448BA7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 29C3197BAEC50CAF1B7557CDFA5194B2 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-04_23.32.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 15:45 . 2008-09-30 15:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-09-01 11:46 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2010-11-04 23:37 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 12:00 . 2010-11-07 12:37 71904 c:\windows\system32\perfc009.dat
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
- 2008-04-14 12:42 . 2008-04-14 12:42 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 12:42 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-09-22 13:40 . 2010-09-22 13:40 30032 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 13:40 . 2010-09-22 13:40 30040 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2010-11-07 12:34 . 2010-11-07 12:34 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2010-11-07 12:36 . 2010-11-07 12:36 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-31 18:10 . 2010-10-31 18:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-04 12:00 . 2010-11-07 12:37 444028 c:\windows\system32\perfh009.dat
+ 2008-04-14 07:30 . 2008-06-20 11:08 225856 c:\windows\system32\drivers\tcpip6.sys
+ 2008-07-25 03:25 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-04-14 07:49 . 2008-06-20 11:40 138496 c:\windows\system32\drivers\afd.sys
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 12:42 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2010-09-22 13:40 . 2010-09-22 13:40 430416 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-11-07 12:34 . 2010-11-07 12:34 432640 c:\windows\Installer\194a1.msi
+ 2010-10-31 18:11 . 2010-10-31 18:11 299008 c:\windows\assembly\temp\8D210ZALWU\System.Runtime.Remoting.dll
+ 2010-10-31 18:11 . 2010-10-31 18:11 372736 c:\windows\assembly\temp\7NA8L8L87X\System.Management.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\33eec5275317d8ccdd3b4d14fdd2aabd\System.Web.Extensions.Design.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\02ce687e9e97a9868997b234adf7639c\AspNetMMCExt.ni.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-09-30 15:42 . 2008-09-30 15:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-04-14 07:54 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-30 15:43 . 2008-09-30 15:43 1286152 c:\windows\system32\msxml4.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2010-08-30 17:51 . 2008-04-14 12:42 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-08-30 17:51 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-09-22 13:40 . 2010-09-22 13:40 5189632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-23 01:47 . 2010-09-23 01:47 2215936 c:\windows\Installer\194b0.msp
+ 2010-11-05 09:39 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-11-05 09:39 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-11-05 09:39 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-11-05 09:39 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-11-07 12:41 . 2010-11-07 12:41 1531904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\3647bd8de14c9441f53d8fdd1ceb6307\System.WorkflowServices.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\a6855d948bf5e38e25959bffae0cfbe8\System.Workflow.Runtime.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 4579328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\d4b398b84b6e94ceb59ccb0aa064a2ad\System.Workflow.ComponentModel.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 3084288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ba080812e30aae6eee30e99ad4afc8a4\System.Workflow.Activities.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\578adc895ec5dff4e3a5db0ebd64197a\System.Web.Services.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a62503d117c47fa29aeb980e4e836434\System.Web.Mobile.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 2416640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\88507f5c7e9d7c3afd9e1c9ca83e60be\System.Web.Extensions.ni.dll
+ 2010-11-07 12:40 . 2010-11-07 12:40 1556480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\aa56d0ca3d94b3d633b39e52915b1060\System.ServiceModel.Web.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\854926a4885a61ed6e5a6bc0f094ffc3\System.IdentityModel.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f501f3e0b1646a92dc6121c889ed480c\Microsoft.VisualBasic.ni.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5189632 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-07 12:40 . 2010-11-07 12:40 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\24383f587755fc960cf68b118e07ecc9\System.Web.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 18071552 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0cc571ebf36493a32cc500f2e8aa1348\System.ServiceModel.ni.dll
+ 2010-11-07 12:37 . 2010-11-07 12:37 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a22175ec02c32e52cd71ca78096ee63e\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-25 123904]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-07 13:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-07 13:51:02
ComboFix-quarantined-files.txt 2010-11-07 12:51
ComboFix2.txt 2010-11-05 20:39
ComboFix3.txt 2010-11-05 19:10
ComboFix4.txt 2010-11-04 23:33
Pre-Run: 29,880,389,632 bytes free
Post-Run: 29,900,636,160 bytes free
- - End Of File - - 04C711D73ED00D3DB23DBD43493DEAE9
|
|
|
|
Poslao: 07 Nov 2010 14:15
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Rešićemo se NOD-a, nije problem. Prvo da uklonimo infekciju.
Pošto si sad već upoznat sa radom u Recovery Console, iskoristićemo je za zamenu inficiranih file-ova.
Raspakuj files.zip na C: disk. Restartuj PC i uloguj se u Recovery Console.
Redom kucaj (svaku komandu/liniju potvrdi sa Enter):
cd ..
copy explorer.exe c:\windows\explorer.exe
Pojaviće se upit: ukucaj y
copy winlogon.exe c:\windows\system32\winlogon.exe
Pojaviće se upit: ukucaj y
Ukucaj:
exit
kako bi se PC restartovao. Postavi svež ComboFix log.
|
|
|
|
Poslao: 07 Nov 2010 14:40
|
offline
- Pridružio: 30 Nov 2007
- Poruke: 160
|
ComboFix 10-11-07.04 - user 11/07/2010 14:34:46.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1500 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\explorer.exe
C:\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.
2010-11-07 13:24 . 2008-04-14 03:42 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-11-07 13:24 . 2008-04-14 03:42 1033728 ----a-w- c:\windows\explorer.exe
2010-11-07 12:34 . 2010-11-07 12:34 -------- d-----w- c:\program files\MSXML 4.0
2010-11-05 09:39 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-05 09:39 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-05 09:39 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-05 09:39 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-05 09:38 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies
2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead
2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 20:26 . 2010-11-05 20:26 691764 ----a-w- C:\66097_1211463662_files.zip
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
.
------- Sigcheck -------
[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-11-07_12.49.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:42 . 2008-04-14 12:42 79872 c:\windows\system32\raschap.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2008-04-14 12:42 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:42 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2008-04-14 12:42 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 245248 c:\windows\system32\mswsock.dll
- 2008-04-14 12:41 . 2008-04-14 12:41 147968 c:\windows\system32\dnsapi.dll
+ 2008-04-14 12:41 . 2008-06-20 17:46 147968 c:\windows\system32\dnsapi.dll
+ 2008-04-14 07:30 . 2008-06-20 11:08 225856 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 12:42 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 12:41 . 2008-06-20 17:46 147968 c:\windows\system32\dllcache\dnsapi.dll
- 2008-04-14 12:41 . 2008-04-14 12:41 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-04-14 07:49 . 2008-06-20 11:40 138496 c:\windows\system32\dllcache\afd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-25 123904]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-07 14:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-07 14:39:44
ComboFix-quarantined-files.txt 2010-11-07 13:39
ComboFix2.txt 2010-11-07 12:51
ComboFix3.txt 2010-11-05 20:39
ComboFix4.txt 2010-11-05 19:10
ComboFix5.txt 2010-11-07 13:33
Pre-Run: 29,894,422,528 bytes free
Post-Run: 29,882,871,808 bytes free
- - End Of File - - FAAE0172532E7C65F5E7BE014F53D854
|
|
|
|
|
Poslao: 07 Nov 2010 15:43
|
offline
- Pridružio: 30 Nov 2007
- Poruke: 160
|
Napisano: 07 Nov 2010 15:39
Evo uspio sam izbrisat nod32 , nije mi dao da izbrisem combofix sve dok ga nisam obrisao ali sada je sve u redu , hvala ti puno i mozes li mi reci gdje da skinem neki antivirus po mogucnosti da je besplatan . Hvala jos jednom . Pozdrav
Dopuna: 07 Nov 2010 15:43
Zaboravio sam te pitati za automatic updates dali treba da bude ukljucen posto me uvjek nesto pita da mi skida neke programe , dali cu ga pustiti da skida ili da izgasim automatic updates
|
|
|
|
|