MyCity » Ambulanta -> Arhiva Ambulante » Vundo

Vundo

Napisano na dan: 7.8.2008

Vundo
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Avg 2008 02:44
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

na sajtu TrendMicro su me uputili na ovaj forum za analizu loga Hijackthis i evo ga pa ako ima neko jos da analizra evo i loga

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:52 AM, on 7/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\WPN111.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: iiffEuUM - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5596 bytes

ocekujem brz odgovor jer imam problema sa Vundo trojanom sl, pozdrav



Poslao: 07 Avg 2008 20:49
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Takođe, privremeno isključi i TrojanHunter.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 08 Avg 2008 00:42
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

ComboFix 08-08-07.04 - admin 2008-08-08 8:02:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1435 [GMT 10:00]
Running from: E:\Download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\admin\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 22:12 . 2008-08-07 22:12 <DIR> d-------- C:\Documents and Settings\admin\Application Data\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Program Files\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 17:22 . 2008-08-07 17:22 <DIR> d-------- C:\VundoFix Backups
2008-08-07 10:12 . 2008-08-07 10:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 09:50 . 2008-08-07 09:50 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-08-07 09:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:49 . 2008-08-07 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 00:52 . 2008-08-07 00:52 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TrojanHunter
2008-08-07 00:28 . 2008-08-07 00:30 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-06 16:42 . 2008-08-06 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-06 15:03 . 2008-08-06 15:03 2,048 --a------ C:\WINDOWS\system32\xsrrayow.exe
2008-08-06 08:43 . 2005-09-26 16:02 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-08-06 08:43 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-08-06 08:43 . 2005-10-06 11:28 15,819 --a------ C:\WINDOWS\system32\drivers\netwpn11.inf
2008-08-06 08:43 . 2005-10-19 05:03 8,263 --a------ C:\WINDOWS\system32\drivers\WPN111.cat
2008-08-06 08:29 . 2008-08-06 08:29 <DIR> d-------- C:\Program Files\NETGEAR
2008-08-05 20:49 . 2008-08-05 20:49 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-05 14:12 . 2008-08-05 14:12 2,048 --a------ C:\WINDOWS\system32\uiggfody.exe
2008-08-05 14:11 . 2008-08-05 14:11 <DIR> d-------- C:\Program Files\Unlocker
2008-08-05 14:11 . 2008-08-05 20:19 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Desktopicon
2008-08-05 13:50 . 2008-08-05 13:50 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-08-05 13:06 . 2008-08-05 13:06 164 --a------ C:\install.dat
2008-08-05 07:24 . 2008-08-05 09:01 <DIR> d-------- C:\Documents and Settings\admin\Application Data\mIRC
2008-08-05 06:48 . 2008-08-05 06:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-02 15:56 . 2008-08-02 15:56 <DIR> d-------- C:\Program Files\Jufsoft
2008-08-02 07:55 . 2008-08-02 07:55 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-02 07:53 . 2008-08-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-02 07:40 . 2008-08-02 15:11 72 ---hs---- C:\WINDOWS\SDA6AAAB7.tmp
2008-08-02 07:23 . 2008-08-02 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-08-02 07:18 . 2008-08-02 07:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-02 07:06 . 2008-08-02 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-02 07:04 . 2008-08-02 07:40 <DIR> d-------- C:\Program Files\SlySoft
2008-08-01 09:24 . 2008-08-01 09:24 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:23 . 2008-08-01 09:23 <DIR> d-------- C:\Documents and Settings\admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-31 09:56 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-31 09:56 . 2005-08-05 06:00 192,512 -ra------ C:\WINDOWS\system32\AegisI5.exe
2008-07-31 09:56 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-31 09:56 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-31 09:56 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-31 09:56 . 2003-07-25 13:30 15,941 --a------ C:\WINDOWS\system32\DNINDIS3.VXD
2008-07-31 07:52 . 2008-07-31 07:53 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-30 14:17 . 2008-07-30 14:17 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Program Files\LimeWire
2008-07-29 08:34 . 2008-07-31 14:55 <DIR> d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-07-29 08:20 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:19 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:18 . 2008-07-29 08:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 08:15 . 2008-08-05 11:32 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-29 08:15 . 2008-07-29 08:15 <DIR> d-------- C:\Documents and Settings\admin\Application Data\URSoft
2008-07-29 08:03 . 2008-08-08 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 10:47 . 2008-08-08 01:49 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-28 07:07 . 2008-07-28 07:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 06:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-28 06:33 . 2004-01-14 11:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-07-28 06:32 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-28 06:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 06:31 . 2008-07-28 06:31 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-07-28 06:30 . 2008-04-14 04:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 06:28 . 2008-07-28 06:28 <DIR> d--h----- C:\BJPrinter
2008-07-28 06:28 . 2004-05-21 15:00 116,736 --a------ C:\WINDOWS\system32\CNMLM66.DLL
2008-07-28 06:28 . 2004-03-12 02:06 86,016 --a------ C:\WINDOWS\system32\CNMCP66.exe
2008-07-28 06:28 . 2004-03-12 02:06 86,016 -ra------ C:\WINDOWS\system32\cnm3365.tmp
2008-07-28 06:28 . 2004-05-21 15:00 7,680 --a------ C:\WINDOWS\system32\CNMVS66.DLL
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\IP2000
2008-07-28 06:26 . 2008-07-28 06:33 <DIR> d-------- C:\Program Files\Canon
2008-07-28 00:31 . 2008-07-28 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-27 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-27 21:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-27 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 21:26 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-27 21:25 . 2008-07-27 21:25 <DIR> d-------- C:\Program Files\Real
2008-07-27 21:25 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-27 21:18 . 2008-07-27 21:18 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Media Player Classic
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-07-27 17:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-07-27 17:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-07-27 17:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-07-27 17:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-07-27 17:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-27 17:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-27 17:32 . 2008-07-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:32 . 2008-07-27 17:33 <DIR> d-------- C:\Program Files\Ahead
2008-07-27 17:07 . 2008-07-27 17:07 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 17:07 . 2008-08-08 07:59 <DIR> d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-07-27 17:05 . 2008-07-27 17:05 <DIR> d-------- C:\Program Files\VSO
2008-07-27 17:05 . 2008-08-08 00:40 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Vso
2008-07-27 17:05 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-27 17:05 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-07-27 17:05 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-27 17:05 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-27 17:05 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-27 17:05 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-27 17:05 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\Documents and Settings\admin\Application Data\pcouffin.sys
2008-07-27 16:27 . 2008-07-27 16:27 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TuneUp Software
2008-07-27 16:27 . 2008-07-27 16:27 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-27 16:27 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-27 16:26 . 2008-07-27 16:27 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-27 16:26 . 2008-07-27 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-27 16:07 . 2008-07-27 16:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 16:07 . 2008-07-27 16:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 16:07 . 2008-07-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:58 . 2008-07-27 15:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-27 15:54 . 2008-07-27 15:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:49 . 2008-08-06 07:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-27 15:49 . 2008-08-07 22:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-27 15:40 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-07-27 15:35 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-27 15:35 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-27 15:35 . 2008-04-14 04:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-26 22:06 . 2008-06-13 21:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-26 22:06 . 2008-06-13 21:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-27 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-26 07:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-30 23:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-30 23:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-30 23:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-30 22:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-30 22:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:49 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-08-07 00:29 1046688]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 06:00 358448]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe [2008-08-06 08:36:40 884838]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 10:12]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-27 16:27]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 16:02]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-08-07 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]

2008-08-04 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]
.
- - - - ORPHANS REMOVED - - - -

Notify-iiffEuUM - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\7bfbvdjl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-08 08:03:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-08 8:04:37
ComboFix-quarantined-files.txt 2008-08-07 22:04:24

Pre-Run: 32,433,696,768 bytes free
Post-Run: 32,464,216,064 bytes free

274 --- E O F --- 2008-07-28 11:05:48

Dopuna: 08 Avg 2008 0:23

u medjuvremenu sam presao sa Kaspera na Eset 669 i izgleda da skoro sve sljaka normalno osim Windows Update koje je prestalo kada sam se zarazio Vundom i Monderom. kad pokusam manuel update dobijem poruku:
Error number: 0x80070422, pokusacu malo sa googlanjem dok cekam analizu ovoga loga.
pozdrav i tx

Dopuna: 08 Avg 2008 0:42

sredio Automatic Update i sad radi

Poslao: 08 Avg 2008 14:08
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Želiš li da nastavimo dalje sa ovim ili misliš da je problem rešen?

Ako nastavljamo, postavi svež ComboFix logfile.

Poslao: 09 Avg 2008 04:12
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

ComboFix 08-08-08.07 - admin 2008-08-09 12:06:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1541 [GMT 10:00]
Running from: E:\Download\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 11:51 . 2008-08-09 11:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-09 11:33 . 2008-08-09 11:33 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-09 11:32 . 2008-03-08 03:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-09 11:32 . 2008-03-08 03:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-09 11:32 . 2008-03-08 03:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-09 11:32 . 2008-08-09 11:32 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-09 11:31 . 2008-08-09 11:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 11:31 . 2004-08-04 22:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-09 11:26 . 2008-08-09 11:26 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-07 22:12 . 2008-08-07 22:12 <DIR> d-------- C:\Documents and Settings\admin\Application Data\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Program Files\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 17:22 . 2008-08-07 17:22 <DIR> d-------- C:\VundoFix Backups
2008-08-07 10:12 . 2008-08-07 10:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 09:50 . 2008-08-07 09:50 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-08-07 09:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:49 . 2008-08-07 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 00:52 . 2008-08-07 00:52 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TrojanHunter
2008-08-07 00:28 . 2008-08-07 00:30 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-06 16:42 . 2008-08-06 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-06 08:43 . 2005-05-29 18:00 346,432 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-08-06 08:43 . 2006-02-23 15:30 149,544 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-08-06 08:43 . 2005-10-06 11:28 15,819 --a------ C:\WINDOWS\system32\drivers\netwpn11.inf
2008-08-06 08:43 . 2005-10-19 05:03 8,263 --a------ C:\WINDOWS\system32\drivers\WPN111.cat
2008-08-06 08:29 . 2008-08-06 08:29 <DIR> d-------- C:\Program Files\NETGEAR
2008-08-05 20:49 . 2008-08-05 20:49 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-05 14:11 . 2008-08-05 14:11 <DIR> d-------- C:\Program Files\Unlocker
2008-08-05 14:11 . 2008-08-05 20:19 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Desktopicon
2008-08-05 13:50 . 2008-08-05 13:50 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-08-05 13:06 . 2008-08-05 13:06 164 --a------ C:\install.dat
2008-08-05 07:24 . 2008-08-05 09:01 <DIR> d-------- C:\Documents and Settings\admin\Application Data\mIRC
2008-08-05 06:48 . 2008-08-05 06:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-02 15:56 . 2008-08-02 15:56 <DIR> d-------- C:\Program Files\Jufsoft
2008-08-02 07:55 . 2008-08-02 07:55 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-02 07:53 . 2008-08-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-02 07:40 . 2008-08-02 15:11 72 ---hs---- C:\WINDOWS\SDA6AAAB7.tmp
2008-08-02 07:23 . 2008-08-02 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-08-02 07:18 . 2008-08-02 07:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-02 07:06 . 2008-08-02 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-02 07:04 . 2008-08-02 07:40 <DIR> d-------- C:\Program Files\SlySoft
2008-08-01 09:24 . 2008-08-01 09:24 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:23 . 2008-08-01 09:23 <DIR> d-------- C:\Documents and Settings\admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-31 09:56 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-31 09:56 . 2005-08-05 06:00 192,512 -ra------ C:\WINDOWS\system32\AegisI5.exe
2008-07-31 09:56 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-31 09:56 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-31 09:56 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-31 09:56 . 2003-07-25 13:30 15,941 --a------ C:\WINDOWS\system32\DNINDIS3.VXD
2008-07-31 07:52 . 2008-07-31 07:53 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-30 14:17 . 2008-07-30 14:17 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Program Files\LimeWire
2008-07-29 08:34 . 2008-07-31 14:55 <DIR> d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-07-29 08:20 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:19 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:18 . 2008-07-29 08:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 08:15 . 2008-08-05 11:32 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-29 08:15 . 2008-07-29 08:15 <DIR> d-------- C:\Documents and Settings\admin\Application Data\URSoft
2008-07-29 08:03 . 2008-08-08 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 10:47 . 2008-08-08 01:49 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-28 07:07 . 2008-07-28 07:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 06:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-28 06:33 . 2004-01-14 11:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-07-28 06:32 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-28 06:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 06:31 . 2008-07-28 06:31 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-07-28 06:30 . 2008-04-14 04:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 06:28 . 2008-07-28 06:28 <DIR> d--h----- C:\BJPrinter
2008-07-28 06:28 . 2004-05-21 15:00 116,736 --a------ C:\WINDOWS\system32\CNMLM66.DLL
2008-07-28 06:28 . 2004-03-12 02:06 86,016 --a------ C:\WINDOWS\system32\CNMCP66.exe
2008-07-28 06:28 . 2004-03-12 02:06 86,016 -ra------ C:\WINDOWS\system32\cnm3365.tmp
2008-07-28 06:28 . 2004-05-21 15:00 7,680 --a------ C:\WINDOWS\system32\CNMVS66.DLL
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\IP2000
2008-07-28 06:26 . 2008-07-28 06:33 <DIR> d-------- C:\Program Files\Canon
2008-07-28 00:31 . 2008-07-28 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-27 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-27 21:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-27 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 21:26 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-27 21:25 . 2008-07-27 21:25 <DIR> d-------- C:\Program Files\Real
2008-07-27 21:25 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-27 21:18 . 2008-07-27 21:18 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Media Player Classic
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-07-27 17:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-07-27 17:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-07-27 17:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-07-27 17:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-07-27 17:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-27 17:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-27 17:32 . 2008-07-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:32 . 2008-07-27 17:33 <DIR> d-------- C:\Program Files\Ahead
2008-07-27 17:07 . 2008-07-27 17:07 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 17:07 . 2008-08-08 12:29 <DIR> d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-07-27 17:05 . 2008-07-27 17:05 <DIR> d-------- C:\Program Files\VSO
2008-07-27 17:05 . 2008-08-08 00:40 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Vso
2008-07-27 17:05 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-27 17:05 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-27 17:05 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-27 17:05 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-27 17:05 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-27 17:05 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\Documents and Settings\admin\Application Data\pcouffin.sys
2008-07-27 16:27 . 2008-07-27 16:27 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TuneUp Software
2008-07-27 16:27 . 2008-07-27 16:27 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-27 16:27 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-27 16:26 . 2008-07-27 16:27 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-27 16:26 . 2008-07-27 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-27 16:07 . 2008-07-27 16:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 16:07 . 2008-07-27 16:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 16:07 . 2008-07-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:58 . 2008-07-27 15:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-27 15:54 . 2008-07-27 15:54 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-27 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-26 07:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-30 23:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-30 23:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-30 23:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-30 22:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-30 22:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:49 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-26 12:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-26 12:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-26 12:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 12:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-26 12:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-26 12:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-26 12:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-26 12:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-26 12:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-26 12:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-26 12:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 12:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-26 12:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-26 12:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-26 12:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-26 12:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-26 12:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-26 12:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-26 12:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-26 12:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-26 12:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-26 12:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-26 12:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-26 12:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-26 11:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 11:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-08_ 8.04.15.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-04-05 00:49:42 64,512 ----a-w C:\WINDOWS\agrsmdel.exe
+ 2007-10-31 03:17:40 54,824 ----a-w C:\WINDOWS\agrsmdel.exe
+ 2008-08-09 01:26:43 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-08-09 01:26:39 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-08-09 01:26:43 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-08-09 01:44:39 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-09 01:44:45 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-09 01:26:43 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-08-09 01:26:43 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-08-09 01:44:59 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-09 01:26:39 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-08-09 01:44:45 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-09 01:26:40 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-08-09 01:26:39 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-08-09 01:26:39 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-08-09 01:26:39 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-08-09 01:26:43 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-08-09 01:44:55 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-08-09 01:26:43 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-08-09 01:44:53 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-08-09 01:44:56 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-08-09 01:44:43 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-09 01:44:58 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-09 01:26:43 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-08-09 01:44:52 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-09 01:44:48 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-09 01:44:48 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-08-09 01:44:55 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-09 01:45:00 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-09 01:44:53 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-09 01:44:48 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-09 01:44:51 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-09 01:44:56 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-09 01:44:39 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-08-09 01:44:48 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-09 01:44:44 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-09 01:47:34 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-09 01:44:50 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-09 01:44:55 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2008-08-09 01:47:35 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-09 01:42:50 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-08-09 01:42:56 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-08-09 01:42:57 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-08-09 01:42:58 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-08-09 01:42:54 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-08-09 01:42:46 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-09 01:42:46 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-08-09 01:43:01 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-08-09 01:42:52 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-09 01:42:50 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-08-09 01:42:46 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-08-09 01:42:47 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-08-09 01:42:55 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-09 01:42:56 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-09 01:42:56 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-08-09 01:42:48 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-08-09 01:42:49 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-08-09 01:42:49 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-08-09 01:42:49 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-08-09 01:42:48 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-09 01:43:04 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-08-09 01:43:03 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-08-09 01:42:45 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-08-09 01:43:01 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-09 01:43:05 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-08-09 01:42:45 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-08-09 01:42:45 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-08-09 01:42:45 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-08-09 01:42:59 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-08-09 01:42:50 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-08-09 01:43:00 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-08-09 01:42:58 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-08-09 01:42:47 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-08-09 01:42:55 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-09 01:42:51 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-08-09 01:42:51 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-09 01:42:51 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-08-09 01:43:00 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-09 01:42:58 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-09 01:43:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-09 01:42:59 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-09 01:42:59 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-09 01:42:50 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-09 01:42:52 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-09 01:43:01 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-08-09 01:42:53 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-09 01:42:53 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-09 01:42:53 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-09 01:42:54 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-08-09 01:43:00 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-08-09 01:56:19 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\052b01d5f41165c75040614d03e64545\Accessibility.ni.dll
+ 2008-08-09 01:56:19 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\52e6f71030afecf866e37de57592535e\AspNetMMCExt.ni.dll
+ 2008-08-09 01:56:20 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c67b101d9842e334154243a5e4da0aa3\CustomMarshalers.ni.dll
+ 2008-08-09 01:56:20 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\eb54a996a7fe35fb2b4e4ef98f02a4ed\dfsvc.ni.exe
+ 2008-08-09 01:56:21 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5f50f3da9811bfaa72382173ee82d1dd\Microsoft.Build.Engine.ni.dll
+ 2008-08-09 01:56:22 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\613b88256a517b5b3af9f922267e19b0\Microsoft.Build.Framework.ni.dll
+ 2008-08-09 01:56:24 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8004ef004a54b4c2e0d05ed5e8335219\Microsoft.Build.Tasks.ni.dll
+ 2008-08-09 01:56:24 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bfcffe6e05507159e93263c5242e22a1\Microsoft.Build.Utilities.ni.dll
+ 2008-08-09 01:56:26 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c5d3c0594e7f7d5ea8c9888f0e14c2f9\Microsoft.VisualBasic.ni.dll
+ 2008-08-09 01:43:52 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3d2a91a6c545200f624700ac2ae86375\mscorlib.ni.dll
+ 2008-08-09 01:56:27 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ec99be9da6a99bd8d655b71e1ab340ca\System.Configuration.ni.dll
+ 2008-08-09 01:44:19 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\280871d92ac03759dcfd7078f76887d6\System.Data.ni.dll
+ 2008-08-09 01:56:29 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\06305b5a0a0dd6b25225704887c66e13\System.Deployment.ni.dll
+ 2008-08-09 01:44:34 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\a60b40f4a220b217c807966d3a2a4592\System.Design.ni.dll
+ 2008-08-09 01:56:31 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bb5362bc478cd680b3413c70630efabc\System.DirectoryServices.Protocols.ni.dll
+ 2008-08-09 01:56:30 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f9dd15355dd9047c3c371714bf985bef\System.DirectoryServices.ni.dll
+ 2008-08-09 01:44:38 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\02160e0e625f78d5830d9b563e100331\System.Drawing.Design.ni.dll
+ 2008-08-09 01:44:37 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\ccb5d6542f8954915f9964b17b46bd7c\System.Drawing.ni.dll
+ 2008-08-09 01:56:32 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2db2e33c3ff91993737b98a47ba5e99\System.EnterpriseServices.ni.dll
+ 2008-08-09 01:56:32 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2db2e33c3ff91993737b98a47ba5e99\System.EnterpriseServices.Wrapper.dll
+ 2008-08-09 01:56:33 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\779aee6971d8dac0a75bf00fa2b01740\System.Security.ni.dll
+ 2008-08-09 01:56:34 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e88c997aa1c8a48e48f43fd6cbd0e03f\System.Transactions.ni.dll
+ 2008-08-09 01:56:50 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0e4ce5082b36961bcc4b9191c1e8e798\System.Web.Mobile.ni.dll
+ 2008-08-09 01:56:51 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\55cd271d60f6f2adcb5d54ba5d82865e\System.Web.RegularExpressions.ni.dll
+ 2008-08-09 01:56:53 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\80cd7c9e54415f07b1ad767be9795dc5\System.Web.Services.ni.dll
+ 2008-08-09 01:56:47 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f9476232b313bcdad5b484ac91b37cf9\System.Web.ni.dll
+ 2008-08-09 01:44:51 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6afdd8862913a1788c068c5e8d59f4e8\System.Windows.Forms.ni.dll
+ 2008-08-09 01:44:59 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\e4fc736d0feeee9e0c9a0bea73237236\System.Xml.ni.dll
+ 2008-08-09 01:44:08 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\55f79c8f77fdcc590f75307fe36f0c5c\System.ni.dll
+ 2008-08-09 01:47:58 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_38d23e65\CustomMarshalers.dll
+ 2008-08-09 01:47:41 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a11c4777\CustomMarshalers.dll
+ 2008-08-09 01:48:09 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_689d2b2f\mscorlib.dll
+ 2008-08-09 01:47:54 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aa6e682d\mscorlib.dll
+ 2008-08-09 01:47:51 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3f610def\System.Design.dll
+ 2008-08-09 01:48:06 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e59cbb6c\System.Design.dll
+ 2008-08-09 01:47:59 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_796fd43b\System.Drawing.Design.dll
+ 2008-08-09 01:47:42 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9b532b5f\System.Drawing.Design.dll
+ 2008-08-09 01:47:52 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0229d9a4\System.Drawing.dll
+ 2008-08-09 01:48:07 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_28208139\System.Drawing.dll
+ 2008-08-09 01:47:45 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b19f40f8\System.Windows.Forms.dll
+ 2008-08-09 01:48:02 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ceaef9e5\System.Windows.Forms.dll
+ 2008-08-09 01:48:04 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_32094329\System.Xml.dll
+ 2008-08-09 01:47:48 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e6866d06\System.Xml.dll
+ 2008-08-09 01:47:58 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_059ae81b\System.dll
+ 2008-08-09 01:47:40 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_eed1f5b7\System.dll
- 2006-05-09 11:02:38 180,736 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-01 08:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2005-09-22 21:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-13 23:42:38 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-07-19 01:52:48 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 02:45:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-22 21:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-22 21:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-22 21:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-22 21:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-22 21:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2003-02-20 16:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-20 17:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-20 17:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-20 19:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-20 21:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-20 19:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 09:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2007-04-13 11:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 09:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2004-07-14 15:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 15:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2007-04-13 11:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 01:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 21:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 21:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2007-04-13 10:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 01:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 01:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-20 21:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-20 21:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-20 18:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 00:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-20 09:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2004-07-14 14:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 04:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-20 21:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2004-07-15 04:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 04:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-20 21:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-14 14:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 21:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 09:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-20 21:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 21:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2004-07-15 04:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 04:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-20 21:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-20 21:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-20 21:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-20 21:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-20 21:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2004-07-15 04:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 04:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-20 21:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2004-07-14 14:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 14:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2007-04-13 10:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 10:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 10:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 10:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 08:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 09:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2004-07-14 14:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 14:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2007-04-13 10:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 10:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 09:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2007-04-13 10:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 18:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 09:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 08:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2007-01-15 06:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-20 09:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2004-07-14 14:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 21:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 04:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-20 21:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-14 15:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_aspnet_isapi.dll
+ 2004-07-14 14:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_CORPerfMonExt.dll
+ 2004-07-14 14:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_fusion.dll
+ 2004-07-14 14:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorjit.dll
+ 2004-07-15 04:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorlib.dll
+ 2003-02-20 09:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorsn.dll
+ 2004-07-14 14:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorsvr.dll
+ 2004-07-14 14:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorwks.dll
+ 2003-02-20 18:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_msvcr71.dll
+ 2004-07-14 14:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_PerfCounter.dll
+ 2003-02-20 09:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 09:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2004-07-14 14:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 21:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2004-07-15 04:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 04:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 04:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 04:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2007-04-13 11:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-20 21:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 04:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 04:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-14 14:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 04:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 04:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 04:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 04:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 04:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 04:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2007-04-13 11:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 04:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 04:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 04:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 04:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 04:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 03:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 01:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-14 22:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-14 16:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2005-09-22 21:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-22 21:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-22 21:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-22 21:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-22 21:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-22 21:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-22 21:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-22 21:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-04-12 17:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-22 21:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-04-12 17:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-12 17:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-12 17:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-12 17:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-22 21:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-04-12 17:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-22 21:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-04-12 17:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-12 17:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-12 17:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-22 21:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-04-12 17:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-22 21:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-22 21:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-22 21:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-22 21:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-22 21:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-22 21:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-22 21:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-04-12 17:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-22 21:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-22 21:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-22 21:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-04-12 17:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-22 21:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-22 21:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-22 21:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-04-12 17:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-12 17:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-22 21:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-22 21:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-22 21:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-22 21:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-22 20:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-22 20:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-22 20:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-22 20:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-22 20:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-22 20:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-22 17:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-22 20:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-22 20:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-22 20:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-22 20:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-22 20:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-22 20:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-22 20:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-22 20:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-22 20:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-22 20:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-22 20:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-22 20:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-22 20:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-22 20:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-22 20:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-22 20:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-22 20:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-22 20:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-22 21:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2007-04-12 17:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-22 21:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-04-12 17:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-22 21:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-04-12 17:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-22 21:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-22 21:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-22 21:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-22 21:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-22 21:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-22 21:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-22 21:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-22 21:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-04-12 17:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-22 21:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-04-12 17:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-22 21:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-22 21:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-04-12 17:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-12 17:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-22 21:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-04-12 17:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-12 17:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-22 21:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-22 21:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-22 21:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-04-12 17:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-12 17:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-22 21:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-04-12 17:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-22 21:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-04-12 17:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-12 17:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-22 21:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-04-12 17:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-22 21:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-22 21:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-22 21:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-22 21:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-22 21:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-22 21:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-04-12 17:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-12 17:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-04-12 17:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-22 21:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-04-12 17:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-04-12 17:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-04-12 17:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-04-12 17:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-04-12 17:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-22 21:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-04-12 17:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-04-12 17:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-22 21:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-04-12 17:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-04-12 17:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-04-12 17:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-04-12 17:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-04-12 17:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-22 21:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-04-12 17:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-22 21:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-22 21:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-22 21:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-04-12 17:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-04-12 17:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-22 21:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-22 21:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-22 21:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-04-12 17:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-04-12 17:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-22 21:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-04-12 17:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-04-12 17:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-04-12 17:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-22 21:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-08-09 01:51:06 6,140 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{A583D7EE-87EF-481F-BCDC-58DFD9EFCCCC}.bin
+ 2007-08-17 09:09:34 13,312 ----a-w C:\WINDOWS\system32\agrscoin.dll
+ 2007-09-26 08:24:42 12,800 ----a-w C:\WINDOWS\system32\agrsmsvc.exe
- 2006-05-09 12:26:32 7,168 ----a-w C:\

Poslao: 09 Avg 2008 04:18
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

evo statak loga jer nije sve prihvatilo prvi put
- 2006-04-11 04:27:18 304,640 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2006-09-28 08:56:38 316,416 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2008-08-09 01:42:46 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-08-09 01:42:46 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 06:00 358448]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe [2008-08-06 08:36:40 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-07-30 20:07]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-30 20:07]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 10:12]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-05-29 18:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-27 16:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-08-09 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]

2008-08-08 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\7bfbvdjl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-09 12:07:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-09 12:08:47
ComboFix-quarantined-files.txt 2008-08-09 02:08:44
ComboFix2.txt 2008-08-07 22:04:38

Pre-Run: 32,225,112,064 bytes free
Post-Run: 32,221,843,456 bytes free

987 --- E O F --- 2008-07-28 11:05:48
Ja mislim da sam prilicno dobro ocistio komp al ipak mislim da ces ti to bolje vidjeti iz ovih logova. Mozda su ostali kakvi zaostaci i repovi koje ti mozes da vidis u logu.
takodje mislim da je najveci dio posla ciscenja obavio program Malvarebytes` AntiMalvare koji je pronasao mnostvo fajlova zarazenih Vundom i izbrisao ih. za sad toliko, hvala i pozdrav

Poslao: 09 Avg 2008 10:33
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\VundoFix Backups

FireFox::
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\7bfbvdjl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT649865&SearchSource=3&q=


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 09 Avg 2008 14:36
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

ComboFix 08-08-08.07 - admin 2008-08-09 22:30:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1544 [GMT 10:00]
Running from: E:\Download\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Desktop\CFScript.txt.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 11:51 . 2008-08-09 11:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-09 11:33 . 2008-08-09 11:33 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-09 11:32 . 2008-03-08 03:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-09 11:32 . 2008-03-08 03:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-09 11:32 . 2008-03-08 03:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-09 11:31 . 2008-08-09 11:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 11:31 . 2004-08-04 22:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-09 11:26 . 2008-08-09 11:26 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-07 22:12 . 2008-08-07 22:12 <DIR> d-------- C:\Documents and Settings\admin\Application Data\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Program Files\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 10:12 . 2008-08-07 10:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 09:50 . 2008-08-07 09:50 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-08-07 09:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:49 . 2008-08-07 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 00:52 . 2008-08-07 00:52 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TrojanHunter
2008-08-07 00:28 . 2008-08-07 00:30 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-06 16:42 . 2008-08-06 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-06 08:43 . 2005-05-29 18:00 346,432 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-08-06 08:43 . 2006-02-23 15:30 149,544 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-08-06 08:43 . 2005-10-06 11:28 15,819 --a------ C:\WINDOWS\system32\drivers\netwpn11.inf
2008-08-06 08:43 . 2005-10-19 05:03 8,263 --a------ C:\WINDOWS\system32\drivers\WPN111.cat
2008-08-06 08:29 . 2008-08-06 08:29 <DIR> d-------- C:\Program Files\NETGEAR
2008-08-05 20:49 . 2008-08-05 20:49 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-05 14:11 . 2008-08-05 14:11 <DIR> d-------- C:\Program Files\Unlocker
2008-08-05 14:11 . 2008-08-05 20:19 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Desktopicon
2008-08-05 13:50 . 2008-08-05 13:50 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-08-05 13:06 . 2008-08-05 13:06 164 --a------ C:\install.dat
2008-08-05 07:24 . 2008-08-05 09:01 <DIR> d-------- C:\Documents and Settings\admin\Application Data\mIRC
2008-08-05 06:48 . 2008-08-05 06:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-02 15:56 . 2008-08-02 15:56 <DIR> d-------- C:\Program Files\Jufsoft
2008-08-02 07:55 . 2008-08-02 07:55 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-02 07:53 . 2008-08-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-02 07:40 . 2008-08-02 15:11 72 ---hs---- C:\WINDOWS\SDA6AAAB7.tmp
2008-08-02 07:23 . 2008-08-02 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-08-02 07:18 . 2008-08-02 07:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-02 07:06 . 2008-08-02 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-02 07:04 . 2008-08-02 07:40 <DIR> d-------- C:\Program Files\SlySoft
2008-08-01 09:24 . 2008-08-01 09:24 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:23 . 2008-08-01 09:23 <DIR> d-------- C:\Documents and Settings\admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-31 09:56 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-31 09:56 . 2005-08-05 06:00 192,512 -ra------ C:\WINDOWS\system32\AegisI5.exe
2008-07-31 09:56 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-31 09:56 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-31 09:56 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-31 09:56 . 2003-07-25 13:30 15,941 --a------ C:\WINDOWS\system32\DNINDIS3.VXD
2008-07-31 07:52 . 2008-07-31 07:53 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-30 14:17 . 2008-07-30 14:17 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Program Files\LimeWire
2008-07-29 08:34 . 2008-07-31 14:55 <DIR> d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-07-29 08:20 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:19 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:18 . 2008-07-29 08:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 08:15 . 2008-08-05 11:32 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-29 08:15 . 2008-07-29 08:15 <DIR> d-------- C:\Documents and Settings\admin\Application Data\URSoft
2008-07-29 08:03 . 2008-08-08 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 10:47 . 2008-08-08 01:49 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-28 07:07 . 2008-07-28 07:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 06:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-28 06:33 . 2004-01-14 11:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-07-28 06:32 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-28 06:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 06:31 . 2008-07-28 06:31 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-07-28 06:30 . 2008-04-14 04:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 06:28 . 2008-07-28 06:28 <DIR> d--h----- C:\BJPrinter
2008-07-28 06:28 . 2004-05-21 15:00 116,736 --a------ C:\WINDOWS\system32\CNMLM66.DLL
2008-07-28 06:28 . 2004-03-12 02:06 86,016 --a------ C:\WINDOWS\system32\CNMCP66.exe
2008-07-28 06:28 . 2004-03-12 02:06 86,016 -ra------ C:\WINDOWS\system32\cnm3365.tmp
2008-07-28 06:28 . 2004-05-21 15:00 7,680 --a------ C:\WINDOWS\system32\CNMVS66.DLL
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\IP2000
2008-07-28 06:26 . 2008-07-28 06:33 <DIR> d-------- C:\Program Files\Canon
2008-07-28 00:31 . 2008-07-28 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-27 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-27 21:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-27 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 21:26 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-27 21:25 . 2008-07-27 21:25 <DIR> d-------- C:\Program Files\Real
2008-07-27 21:25 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-27 21:18 . 2008-07-27 21:18 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Media Player Classic
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-07-27 17:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-07-27 17:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-07-27 17:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-07-27 17:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-07-27 17:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-27 17:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-27 17:32 . 2008-07-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:32 . 2008-07-27 17:33 <DIR> d-------- C:\Program Files\Ahead
2008-07-27 17:07 . 2008-07-27 17:07 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 17:07 . 2008-08-08 12:29 <DIR> d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-07-27 17:05 . 2008-07-27 17:05 <DIR> d-------- C:\Program Files\VSO
2008-07-27 17:05 . 2008-08-08 00:40 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Vso
2008-07-27 17:05 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-27 17:05 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-27 17:05 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-27 17:05 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-27 17:05 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-27 17:05 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\Documents and Settings\admin\Application Data\pcouffin.sys
2008-07-27 16:27 . 2008-07-27 16:27 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TuneUp Software
2008-07-27 16:27 . 2008-07-27 16:27 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-27 16:27 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-27 16:26 . 2008-07-27 16:27 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-27 16:26 . 2008-07-27 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-27 16:07 . 2008-07-27 16:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 16:07 . 2008-07-27 16:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 16:07 . 2008-07-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:58 . 2008-07-27 15:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-27 15:54 . 2008-07-27 15:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:49 . 2008-08-09 07:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-27 15:49 . 2008-08-09 07:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-27 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-26 07:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-30 23:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-30 23:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-30 23:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-30 22:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-30 22:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:49 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-26 12:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-26 12:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-26 12:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 12:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-26 12:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-26 12:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-26 12:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-26 12:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-26 12:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-26 12:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-26 12:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 12:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-26 12:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-26 12:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-26 12:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-26 12:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-26 12:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-26 12:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-26 12:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-26 12:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-26 12:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-26 12:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-26 12:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-26 12:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-26 11:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 11:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 06:00 358448]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-27 21:25 185896]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe [2008-08-06 08:36:40 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-07-30 20:07]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-30 20:07]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 10:12]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-05-29 18:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-27 16:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - UPNPHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-08-09 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]

2008-08-08 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-09 22:31:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-09 22:32:13
ComboFix-quarantined-files.txt 2008-08-09 12:32:10
ComboFix2.txt 2008-08-09 02:08:48
ComboFix3.txt 2008-08-07 22:04:38

Pre-Run: 32,364,941,312 bytes free
Post-Run: 32,352,985,088 bytes free

297 --- E O F --- 2008-07-28 11:05:48

evo log i ja sam spreman ici dok nebudemo sigurni da je sve cisto.
pozdrav

Poslao: 09 Avg 2008 14:54
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

MyCity » Ambulanta -> Arhiva Ambulante » Vundo

Ko je trenutno na forumu
 

Ukupno su 1212 korisnika na forumu :: 119 registrovanih, 8 sakrivenih i 1085 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 13297 - dana 20 Jan 2026 17:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Abebe Bikila, ALEKSICMILE, aleph_one, amonsrb, Armadillo, Avalon015, babaroga, berste23, Bobrock1, boj.an, bojank, boro975, boromir, borya90, Botovac, Camposam, cenejac111, Chainsaw, cikadeda, Colt D, Dannyboy, DeerHunter, Dejan_vw, dexteroza, djordje92sm, djukapfc, Dorcolac, draganca, Draganeli, DrMrPr, DS01, Dukelander, dusanobr, Dzoni2412, eulereix, Fliper, Giro77, Giskard, Great White, Hans Gajger, ikson, istina, Jakonjveliki, jalos, Jester, Jonbonjovi, Jozo74, Kapetan Hadok, kikisp, komenski, Kruger, Kubovac, kunktator, Leonov, Levi, M74AB3, MadMike, Magistar78, Marko Marković, MaschinenPistole, max power, mercedesamg, Mercury, MGBRBG, mikrimaus, milenko crazy north, milikonst, milimoj, milivoje_vatrogasac, Misirac, Mldo, Moldovan, narandzasti, nebidrag, nemkea71, Nepopravljivi, NIK16, NiKoLa27, niksa517, Ns1975, Pale2025, PlayerOne, probisic, RajkoB, Regrut Boskica, rikirubio, Sava89, Shajlok, Shinobi, shiro, Sir Budimir, Smiljkovich, SOVO515, sreckop, Sukhoi235, svarun3, Taras, tecataki, trajkoni018, travisrise, uruk, user26, vathra, vidra boy, vidra1, VJ, Vrač, vukovi, vuksa72, VX1, zauzet, zmajbre, Zrcalo, zubri, zule2, zzapNDjuric99, Đurđevdan, 223223