Treba mi pomoc

2

Treba mi pomoc

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

To prvo nije uspjelo a evo sta mi pise kada sam uradio kao sto si mi napisao


11/06/10 12:48a -a------ 0 explorer.exe
1file(s) 0 bytes
32339931136 bytes free




c:\WINDOWS\SYSTEM32>dir winlogon.exe
The volume in drive C has no label
The volume Serial Number is 986f-c013

Directory of c:\WINDOWS\SYSTEM32\winlogon.exe

11/06/10 12:48a -a------ 0 explorer.exe
1file(s) 0 bytes
32339931136 bytes free

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Izgleda da je program napravio grešku pri premeštanju file-ova.

Postoje dve mogućnosti za popravku. Idemo na prvu...



Opet pokreni Recovery Console i uloguj se kao i ranije.

Redom kucaj (svaku komandu/liniju potvrdi sa Enter):

cd ..

copy explorer.exe c:\windows\explorer.exe

Pojaviće se upit: ukucaj y

copy winlogon.exe c:\windows\system32\winlogon.exe

Pojaviće se upit: ukucaj y


Ukucaj:

exit

kako bi se PC restartovao.

Sve to će izgledati kao na slici (u žutim okvirima je ono što ti kucaš):





Da li se Windows pokrenuo nakon ovoga? Ako jeste, postavi svež ComboFix log.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

Napisano: 06 Nov 2010 20:38

Posto sam na poslu i ovo cu morati da probam tek ujutru pa cu ti javiti . Pozz

Dopuna: 07 Nov 2010 7:53

Kada sam ukucao da mi to kopira pise mi da nemoze da nadje taj fajl , takodje nemoze naci ni winlogon

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

OK, probaćemo kopiranje sa druge lokacije.


Opet pokreni Recovery Console i kucaj sledeće:

cd system32

cd dllcache

copy explorer.exe c:\windows\explorer.exe

Pojaviće se upit: ukucaj y

copy winlogon.exe c:\windows\system32\winlogon.exe

Pojaviće se upit: ukucaj y


Ukucaj:

exit

kako bi se PC restartovao.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

Evo upalio se komp. , stvarno svaka cast kako znas ovo , evo pokrenuo sam combofix i ovo mi je izbacio , samo da te pitam dali mozda znas kako da izbrisem nekako nod32 posto kada pritisnem unistal nece nikako da ga izbrise , probao sam i preko control panela pa ono add or remove.. ali nece ni tako a kada pokrecem combofix uvjek me upozorava da mi je ukljucen nod32 ali ga iskljucit ne mogu

ComboFix 10-11-07.04 - user 11/07/2010 13:46:01.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1467 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 12:34 . 2010-11-07 12:34 -------- d-----w- c:\windows\LastGood
2010-11-07 12:34 . 2010-11-07 12:34 -------- d-----w- c:\program files\MSXML 4.0
2010-11-05 20:31 . 2008-04-14 03:42 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-11-05 20:31 . 2008-04-14 03:42 1033728 ----a-w- c:\windows\explorer.exe
2010-11-05 09:39 . 2009-10-12 13:38 149504 ----a-w- c:\windows\system32\SET122.tmp
2010-11-05 09:39 . 2009-10-12 13:38 79872 ----a-w- c:\windows\system32\SET123.tmp
2010-11-05 09:39 . 2009-12-08 09:23 474112 ----a-w- c:\windows\system32\SET11E.tmp
2010-11-05 09:39 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-05 09:39 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-05 09:39 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-05 09:39 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-05 09:38 . 2009-09-04 21:03 58880 ----a-w- c:\windows\system32\SET2B.tmp
2010-11-05 09:38 . 2008-06-20 17:46 245248 -c--a-w- c:\windows\system32\dllcache\SET14.tmp
2010-11-05 09:38 . 2008-06-20 17:46 245248 ----a-w- c:\windows\system32\SET10.tmp
2010-11-05 09:38 . 2008-06-20 17:46 147968 -c--a-w- c:\windows\system32\dllcache\SET15.tmp
2010-11-05 09:38 . 2008-06-20 17:46 147968 ----a-w- c:\windows\system32\SET11.tmp
2010-11-05 09:38 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-11-05 09:38 . 2008-06-20 11:40 138496 -c--a-w- c:\windows\system32\dllcache\SET16.tmp
2010-11-05 09:38 . 2008-06-20 11:08 225856 -c--a-w- c:\windows\system32\dllcache\SET12.tmp
2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies
2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead
2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 20:26 . 2010-11-05 20:26 691764 ----a-w- C:\66097_1211463662_files.zip
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 4C6174082E58BD30527318D634448BA7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 29C3197BAEC50CAF1B7557CDFA5194B2 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-04_23.32.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 15:45 . 2008-09-30 15:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-09-01 11:46 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2010-11-04 23:37 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 12:00 . 2010-11-07 12:37 71904 c:\windows\system32\perfc009.dat
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
- 2008-04-14 12:42 . 2008-04-14 12:42 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 12:42 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-09-22 13:40 . 2010-09-22 13:40 30032 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 13:40 . 2010-09-22 13:40 30040 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2010-11-07 12:34 . 2010-11-07 12:34 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2010-11-07 12:36 . 2010-11-07 12:36 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-31 18:10 . 2010-10-31 18:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-04 12:00 . 2010-11-07 12:37 444028 c:\windows\system32\perfh009.dat
+ 2008-04-14 07:30 . 2008-06-20 11:08 225856 c:\windows\system32\drivers\tcpip6.sys
+ 2008-07-25 03:25 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-04-14 07:49 . 2008-06-20 11:40 138496 c:\windows\system32\drivers\afd.sys
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 12:42 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2010-09-22 13:40 . 2010-09-22 13:40 430416 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-11-07 12:34 . 2010-11-07 12:34 432640 c:\windows\Installer\194a1.msi
+ 2010-10-31 18:11 . 2010-10-31 18:11 299008 c:\windows\assembly\temp\8D210ZALWU\System.Runtime.Remoting.dll
+ 2010-10-31 18:11 . 2010-10-31 18:11 372736 c:\windows\assembly\temp\7NA8L8L87X\System.Management.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\33eec5275317d8ccdd3b4d14fdd2aabd\System.Web.Extensions.Design.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\02ce687e9e97a9868997b234adf7639c\AspNetMMCExt.ni.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-09-30 15:42 . 2008-09-30 15:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-04-14 07:54 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-30 15:43 . 2008-09-30 15:43 1286152 c:\windows\system32\msxml4.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2010-08-30 17:51 . 2008-04-14 12:42 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-08-30 17:51 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-09-22 13:40 . 2010-09-22 13:40 5189632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-23 01:47 . 2010-09-23 01:47 2215936 c:\windows\Installer\194b0.msp
+ 2010-11-05 09:39 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-11-05 09:39 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-11-05 09:39 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-11-05 09:39 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-11-07 12:41 . 2010-11-07 12:41 1531904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\3647bd8de14c9441f53d8fdd1ceb6307\System.WorkflowServices.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\a6855d948bf5e38e25959bffae0cfbe8\System.Workflow.Runtime.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 4579328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\d4b398b84b6e94ceb59ccb0aa064a2ad\System.Workflow.ComponentModel.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 3084288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ba080812e30aae6eee30e99ad4afc8a4\System.Workflow.Activities.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\578adc895ec5dff4e3a5db0ebd64197a\System.Web.Services.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a62503d117c47fa29aeb980e4e836434\System.Web.Mobile.ni.dll
+ 2010-11-07 12:41 . 2010-11-07 12:41 2416640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\88507f5c7e9d7c3afd9e1c9ca83e60be\System.Web.Extensions.ni.dll
+ 2010-11-07 12:40 . 2010-11-07 12:40 1556480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\aa56d0ca3d94b3d633b39e52915b1060\System.ServiceModel.Web.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\854926a4885a61ed6e5a6bc0f094ffc3\System.IdentityModel.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f501f3e0b1646a92dc6121c889ed480c\Microsoft.VisualBasic.ni.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-31 18:11 . 2010-10-31 18:11 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 5189632 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-07 12:36 . 2010-11-07 12:36 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-31 18:10 . 2010-10-31 18:10 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-03 14:59 . 2010-11-03 14:59 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-05 22:30 . 2010-11-05 22:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-07 12:40 . 2010-11-07 12:40 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\24383f587755fc960cf68b118e07ecc9\System.Web.ni.dll
+ 2010-11-07 12:39 . 2010-11-07 12:39 18071552 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0cc571ebf36493a32cc500f2e8aa1348\System.ServiceModel.ni.dll
+ 2010-11-07 12:37 . 2010-11-07 12:37 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a22175ec02c32e52cd71ca78096ee63e\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-25 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-07 13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-07 13:51:02
ComboFix-quarantined-files.txt 2010-11-07 12:51
ComboFix2.txt 2010-11-05 20:39
ComboFix3.txt 2010-11-05 19:10
ComboFix4.txt 2010-11-04 23:33

Pre-Run: 29,880,389,632 bytes free
Post-Run: 29,900,636,160 bytes free

- - End Of File - - 04C711D73ED00D3DB23DBD43493DEAE9

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Rešićemo se NOD-a, nije problem. Prvo da uklonimo infekciju.

Pošto si sad već upoznat sa radom u Recovery Console, iskoristićemo je za zamenu inficiranih file-ova.


Raspakuj files.zip na C: disk. Restartuj PC i uloguj se u Recovery Console.



Redom kucaj (svaku komandu/liniju potvrdi sa Enter):

cd ..

copy explorer.exe c:\windows\explorer.exe

Pojaviće se upit: ukucaj y

copy winlogon.exe c:\windows\system32\winlogon.exe

Pojaviće se upit: ukucaj y


Ukucaj:

exit

kako bi se PC restartovao. Postavi svež ComboFix log.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

ComboFix 10-11-07.04 - user 11/07/2010 14:34:46.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1500 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
C:\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 13:24 . 2008-04-14 03:42 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-11-07 13:24 . 2008-04-14 03:42 1033728 ----a-w- c:\windows\explorer.exe
2010-11-07 12:34 . 2010-11-07 12:34 -------- d-----w- c:\program files\MSXML 4.0
2010-11-05 09:39 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-05 09:39 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-05 09:39 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-05 09:39 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-05 09:38 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies
2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead
2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 20:26 . 2010-11-05 20:26 691764 ----a-w- C:\66097_1211463662_files.zip
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-11-07_12.49.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:42 . 2008-04-14 12:42 79872 c:\windows\system32\raschap.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2008-04-14 12:42 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:42 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:42 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2008-04-14 12:42 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 245248 c:\windows\system32\mswsock.dll
- 2008-04-14 12:41 . 2008-04-14 12:41 147968 c:\windows\system32\dnsapi.dll
+ 2008-04-14 12:41 . 2008-06-20 17:46 147968 c:\windows\system32\dnsapi.dll
+ 2008-04-14 07:30 . 2008-06-20 11:08 225856 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 12:42 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-04-14 12:42 . 2008-04-14 12:42 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 12:41 . 2008-06-20 17:46 147968 c:\windows\system32\dllcache\dnsapi.dll
- 2008-04-14 12:41 . 2008-04-14 12:41 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-04-14 07:49 . 2008-06-20 11:40 138496 c:\windows\system32\dllcache\afd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-25 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-07 14:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-07 14:39:44
ComboFix-quarantined-files.txt 2010-11-07 13:39
ComboFix2.txt 2010-11-07 12:51
ComboFix3.txt 2010-11-05 20:39
ComboFix4.txt 2010-11-05 19:10
ComboFix5.txt 2010-11-07 13:33

Pre-Run: 29,894,422,528 bytes free
Post-Run: 29,882,871,808 bytes free

- - End Of File - - FAAE0172532E7C65F5E7BE014F53D854

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda kako treba...


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.




Ukoliko želiš da deinstaliraš NOD32: http://kb.eset.com/esetkb/index?page=content&i.....4657447620

U principu, ovaj program: http://download.eset.com/special/ESETUninstaller.exe

treba da pokreneš u Safe Mode-u: http://www.mycity.rs/Uputstva/Kako-uci-u-Safe-Mode-2.html

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

Napisano: 07 Nov 2010 15:39

Evo uspio sam izbrisat nod32 , nije mi dao da izbrisem combofix sve dok ga nisam obrisao ali sada je sve u redu , hvala ti puno i mozes li mi reci gdje da skinem neki antivirus po mogucnosti da je besplatan . Hvala jos jednom . Pozdrav

Dopuna: 07 Nov 2010 15:43

Zaboravio sam te pitati za automatic updates dali treba da bude ukljucen posto me uvjek nesto pita da mi skida neke programe , dali cu ga pustiti da skida ili da izgasim automatic updates

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

avast! free: http://download.cnet.com/Avast-Free-Antivirus/3000.....tag=button

Avira free: http://www.avira.com/en/free-download-avira-antivir-personal



Automatic updates instalira zakrpe za Windows, a prilično je bitno imati ažuran Windows, tako da...

Ko je trenutno na forumu
 

Ukupno su 1048 korisnika na forumu :: 37 registrovanih, 6 sakrivenih i 1005 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., acatomic, Andrija357, babaroga, bbogdan, bokisha253, Bubimir, cavatina, doktor1964, Dorcolac, drimer, gomago, havoc995, Ibar, Još malo pa deda, Koridor, Kubovac, kuntalo, LUDI, Marko Marković, Mendonca, Miki01, milenko crazy north, Milometer, Mirage 2000N, mnn2, oldtimer, operniki, raketaš, sabros, Sirius, Suva planina, tubular, Tvrtko I, VJ, zixmix, zlaya011