MyCity » Ambulanta -> Arhiva Ambulante » Vundo

Vundo

Napisano na dan: 7.8.2008

Vundo
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Avg 2008 02:44
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

na sajtu TrendMicro su me uputili na ovaj forum za analizu loga Hijackthis i evo ga pa ako ima neko jos da analizra evo i loga

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:52 AM, on 7/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\WPN111.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: iiffEuUM - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5596 bytes

ocekujem brz odgovor jer imam problema sa Vundo trojanom sl, pozdrav



Poslao: 07 Avg 2008 20:49
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Takođe, privremeno isključi i TrojanHunter.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 08 Avg 2008 00:42
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

ComboFix 08-08-07.04 - admin 2008-08-08 8:02:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1435 [GMT 10:00]
Running from: E:\Download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\admin\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 22:12 . 2008-08-07 22:12 <DIR> d-------- C:\Documents and Settings\admin\Application Data\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Program Files\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 17:22 . 2008-08-07 17:22 <DIR> d-------- C:\VundoFix Backups
2008-08-07 10:12 . 2008-08-07 10:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 09:50 . 2008-08-07 09:50 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-08-07 09:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:49 . 2008-08-07 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 00:52 . 2008-08-07 00:52 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TrojanHunter
2008-08-07 00:28 . 2008-08-07 00:30 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-06 16:42 . 2008-08-06 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-06 15:03 . 2008-08-06 15:03 2,048 --a------ C:\WINDOWS\system32\xsrrayow.exe
2008-08-06 08:43 . 2005-09-26 16:02 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-08-06 08:43 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-08-06 08:43 . 2005-10-06 11:28 15,819 --a------ C:\WINDOWS\system32\drivers\netwpn11.inf
2008-08-06 08:43 . 2005-10-19 05:03 8,263 --a------ C:\WINDOWS\system32\drivers\WPN111.cat
2008-08-06 08:29 . 2008-08-06 08:29 <DIR> d-------- C:\Program Files\NETGEAR
2008-08-05 20:49 . 2008-08-05 20:49 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-05 14:12 . 2008-08-05 14:12 2,048 --a------ C:\WINDOWS\system32\uiggfody.exe
2008-08-05 14:11 . 2008-08-05 14:11 <DIR> d-------- C:\Program Files\Unlocker
2008-08-05 14:11 . 2008-08-05 20:19 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Desktopicon
2008-08-05 13:50 . 2008-08-05 13:50 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-08-05 13:06 . 2008-08-05 13:06 164 --a------ C:\install.dat
2008-08-05 07:24 . 2008-08-05 09:01 <DIR> d-------- C:\Documents and Settings\admin\Application Data\mIRC
2008-08-05 06:48 . 2008-08-05 06:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-02 15:56 . 2008-08-02 15:56 <DIR> d-------- C:\Program Files\Jufsoft
2008-08-02 07:55 . 2008-08-02 07:55 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-02 07:53 . 2008-08-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-02 07:40 . 2008-08-02 15:11 72 ---hs---- C:\WINDOWS\SDA6AAAB7.tmp
2008-08-02 07:23 . 2008-08-02 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-08-02 07:18 . 2008-08-02 07:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-02 07:06 . 2008-08-02 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-02 07:04 . 2008-08-02 07:40 <DIR> d-------- C:\Program Files\SlySoft
2008-08-01 09:24 . 2008-08-01 09:24 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:23 . 2008-08-01 09:23 <DIR> d-------- C:\Documents and Settings\admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-31 09:56 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-31 09:56 . 2005-08-05 06:00 192,512 -ra------ C:\WINDOWS\system32\AegisI5.exe
2008-07-31 09:56 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-31 09:56 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-31 09:56 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-31 09:56 . 2003-07-25 13:30 15,941 --a------ C:\WINDOWS\system32\DNINDIS3.VXD
2008-07-31 07:52 . 2008-07-31 07:53 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-30 14:17 . 2008-07-30 14:17 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Program Files\LimeWire
2008-07-29 08:34 . 2008-07-31 14:55 <DIR> d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-07-29 08:20 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:19 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:18 . 2008-07-29 08:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 08:15 . 2008-08-05 11:32 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-29 08:15 . 2008-07-29 08:15 <DIR> d-------- C:\Documents and Settings\admin\Application Data\URSoft
2008-07-29 08:03 . 2008-08-08 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 10:47 . 2008-08-08 01:49 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-28 07:07 . 2008-07-28 07:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 06:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-28 06:33 . 2004-01-14 11:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-07-28 06:32 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-28 06:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 06:31 . 2008-07-28 06:31 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-07-28 06:30 . 2008-04-14 04:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 06:28 . 2008-07-28 06:28 <DIR> d--h----- C:\BJPrinter
2008-07-28 06:28 . 2004-05-21 15:00 116,736 --a------ C:\WINDOWS\system32\CNMLM66.DLL
2008-07-28 06:28 . 2004-03-12 02:06 86,016 --a------ C:\WINDOWS\system32\CNMCP66.exe
2008-07-28 06:28 . 2004-03-12 02:06 86,016 -ra------ C:\WINDOWS\system32\cnm3365.tmp
2008-07-28 06:28 . 2004-05-21 15:00 7,680 --a------ C:\WINDOWS\system32\CNMVS66.DLL
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\IP2000
2008-07-28 06:26 . 2008-07-28 06:33 <DIR> d-------- C:\Program Files\Canon
2008-07-28 00:31 . 2008-07-28 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-27 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-27 21:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-27 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 21:26 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-27 21:25 . 2008-07-27 21:25 <DIR> d-------- C:\Program Files\Real
2008-07-27 21:25 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-27 21:18 . 2008-07-27 21:18 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Media Player Classic
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-07-27 17:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-07-27 17:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-07-27 17:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-07-27 17:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-07-27 17:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-27 17:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-27 17:32 . 2008-07-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:32 . 2008-07-27 17:33 <DIR> d-------- C:\Program Files\Ahead
2008-07-27 17:07 . 2008-07-27 17:07 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 17:07 . 2008-08-08 07:59 <DIR> d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-07-27 17:05 . 2008-07-27 17:05 <DIR> d-------- C:\Program Files\VSO
2008-07-27 17:05 . 2008-08-08 00:40 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Vso
2008-07-27 17:05 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-27 17:05 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-07-27 17:05 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-27 17:05 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-27 17:05 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-27 17:05 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-27 17:05 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\Documents and Settings\admin\Application Data\pcouffin.sys
2008-07-27 16:27 . 2008-07-27 16:27 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TuneUp Software
2008-07-27 16:27 . 2008-07-27 16:27 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-27 16:27 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-27 16:26 . 2008-07-27 16:27 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-27 16:26 . 2008-07-27 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-27 16:07 . 2008-07-27 16:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 16:07 . 2008-07-27 16:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 16:07 . 2008-07-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:58 . 2008-07-27 15:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-27 15:54 . 2008-07-27 15:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:49 . 2008-08-06 07:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-27 15:49 . 2008-08-07 22:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-27 15:40 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-07-27 15:35 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-27 15:35 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-27 15:35 . 2008-04-14 04:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-26 22:06 . 2008-06-13 21:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-26 22:06 . 2008-06-13 21:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-27 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-26 07:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-30 23:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-30 23:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-30 23:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-30 22:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-30 22:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:49 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-08-07 00:29 1046688]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 06:00 358448]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe [2008-08-06 08:36:40 884838]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 10:12]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-27 16:27]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 16:02]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-08-07 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]

2008-08-04 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]
.
- - - - ORPHANS REMOVED - - - -

Notify-iiffEuUM - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\7bfbvdjl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-08 08:03:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-08 8:04:37
ComboFix-quarantined-files.txt 2008-08-07 22:04:24

Pre-Run: 32,433,696,768 bytes free
Post-Run: 32,464,216,064 bytes free

274 --- E O F --- 2008-07-28 11:05:48

Dopuna: 08 Avg 2008 0:23

u medjuvremenu sam presao sa Kaspera na Eset 669 i izgleda da skoro sve sljaka normalno osim Windows Update koje je prestalo kada sam se zarazio Vundom i Monderom. kad pokusam manuel update dobijem poruku:
Error number: 0x80070422, pokusacu malo sa googlanjem dok cekam analizu ovoga loga.
pozdrav i tx

Dopuna: 08 Avg 2008 0:42

sredio Automatic Update i sad radi

Poslao: 08 Avg 2008 14:08
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Želiš li da nastavimo dalje sa ovim ili misliš da je problem rešen?

Ako nastavljamo, postavi svež ComboFix logfile.

Poslao: 09 Avg 2008 04:12
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

ComboFix 08-08-08.07 - admin 2008-08-09 12:06:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1541 [GMT 10:00]
Running from: E:\Download\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 11:51 . 2008-08-09 11:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-09 11:33 . 2008-08-09 11:33 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-09 11:32 . 2008-03-08 03:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-09 11:32 . 2008-03-08 03:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-09 11:32 . 2008-03-08 03:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-09 11:32 . 2008-08-09 11:32 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-09 11:31 . 2008-08-09 11:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 11:31 . 2004-08-04 22:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-09 11:26 . 2008-08-09 11:26 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-07 22:12 . 2008-08-07 22:12 <DIR> d-------- C:\Documents and Settings\admin\Application Data\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Program Files\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 17:22 . 2008-08-07 17:22 <DIR> d-------- C:\VundoFix Backups
2008-08-07 10:12 . 2008-08-07 10:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 09:50 . 2008-08-07 09:50 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-08-07 09:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:49 . 2008-08-07 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 00:52 . 2008-08-07 00:52 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TrojanHunter
2008-08-07 00:28 . 2008-08-07 00:30 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-06 16:42 . 2008-08-06 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-06 08:43 . 2005-05-29 18:00 346,432 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-08-06 08:43 . 2006-02-23 15:30 149,544 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-08-06 08:43 . 2005-10-06 11:28 15,819 --a------ C:\WINDOWS\system32\drivers\netwpn11.inf
2008-08-06 08:43 . 2005-10-19 05:03 8,263 --a------ C:\WINDOWS\system32\drivers\WPN111.cat
2008-08-06 08:29 . 2008-08-06 08:29 <DIR> d-------- C:\Program Files\NETGEAR
2008-08-05 20:49 . 2008-08-05 20:49 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-05 14:11 . 2008-08-05 14:11 <DIR> d-------- C:\Program Files\Unlocker
2008-08-05 14:11 . 2008-08-05 20:19 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Desktopicon
2008-08-05 13:50 . 2008-08-05 13:50 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-08-05 13:06 . 2008-08-05 13:06 164 --a------ C:\install.dat
2008-08-05 07:24 . 2008-08-05 09:01 <DIR> d-------- C:\Documents and Settings\admin\Application Data\mIRC
2008-08-05 06:48 . 2008-08-05 06:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-02 15:56 . 2008-08-02 15:56 <DIR> d-------- C:\Program Files\Jufsoft
2008-08-02 07:55 . 2008-08-02 07:55 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-02 07:53 . 2008-08-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-02 07:40 . 2008-08-02 15:11 72 ---hs---- C:\WINDOWS\SDA6AAAB7.tmp
2008-08-02 07:23 . 2008-08-02 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-08-02 07:18 . 2008-08-02 07:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-02 07:06 . 2008-08-02 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-02 07:04 . 2008-08-02 07:40 <DIR> d-------- C:\Program Files\SlySoft
2008-08-01 09:24 . 2008-08-01 09:24 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:23 . 2008-08-01 09:23 <DIR> d-------- C:\Documents and Settings\admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-31 09:56 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-31 09:56 . 2005-08-05 06:00 192,512 -ra------ C:\WINDOWS\system32\AegisI5.exe
2008-07-31 09:56 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-31 09:56 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-31 09:56 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-31 09:56 . 2003-07-25 13:30 15,941 --a------ C:\WINDOWS\system32\DNINDIS3.VXD
2008-07-31 07:52 . 2008-07-31 07:53 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-30 14:17 . 2008-07-30 14:17 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Program Files\LimeWire
2008-07-29 08:34 . 2008-07-31 14:55 <DIR> d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-07-29 08:20 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:19 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:18 . 2008-07-29 08:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 08:15 . 2008-08-05 11:32 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-29 08:15 . 2008-07-29 08:15 <DIR> d-------- C:\Documents and Settings\admin\Application Data\URSoft
2008-07-29 08:03 . 2008-08-08 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 10:47 . 2008-08-08 01:49 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-28 07:07 . 2008-07-28 07:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 06:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-28 06:33 . 2004-01-14 11:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-07-28 06:32 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-28 06:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 06:31 . 2008-07-28 06:31 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-07-28 06:30 . 2008-04-14 04:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 06:28 . 2008-07-28 06:28 <DIR> d--h----- C:\BJPrinter
2008-07-28 06:28 . 2004-05-21 15:00 116,736 --a------ C:\WINDOWS\system32\CNMLM66.DLL
2008-07-28 06:28 . 2004-03-12 02:06 86,016 --a------ C:\WINDOWS\system32\CNMCP66.exe
2008-07-28 06:28 . 2004-03-12 02:06 86,016 -ra------ C:\WINDOWS\system32\cnm3365.tmp
2008-07-28 06:28 . 2004-05-21 15:00 7,680 --a------ C:\WINDOWS\system32\CNMVS66.DLL
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\IP2000
2008-07-28 06:26 . 2008-07-28 06:33 <DIR> d-------- C:\Program Files\Canon
2008-07-28 00:31 . 2008-07-28 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-27 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-27 21:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-27 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 21:26 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-27 21:25 . 2008-07-27 21:25 <DIR> d-------- C:\Program Files\Real
2008-07-27 21:25 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-27 21:18 . 2008-07-27 21:18 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Media Player Classic
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-07-27 17:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-07-27 17:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-07-27 17:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-07-27 17:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-07-27 17:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-27 17:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-27 17:32 . 2008-07-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:32 . 2008-07-27 17:33 <DIR> d-------- C:\Program Files\Ahead
2008-07-27 17:07 . 2008-07-27 17:07 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 17:07 . 2008-08-08 12:29 <DIR> d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-07-27 17:05 . 2008-07-27 17:05 <DIR> d-------- C:\Program Files\VSO
2008-07-27 17:05 . 2008-08-08 00:40 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Vso
2008-07-27 17:05 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-27 17:05 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-27 17:05 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-27 17:05 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-27 17:05 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-27 17:05 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\Documents and Settings\admin\Application Data\pcouffin.sys
2008-07-27 16:27 . 2008-07-27 16:27 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TuneUp Software
2008-07-27 16:27 . 2008-07-27 16:27 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-27 16:27 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-27 16:26 . 2008-07-27 16:27 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-27 16:26 . 2008-07-27 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-27 16:07 . 2008-07-27 16:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 16:07 . 2008-07-27 16:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 16:07 . 2008-07-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:58 . 2008-07-27 15:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-27 15:54 . 2008-07-27 15:54 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-27 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-26 07:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-30 23:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-30 23:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-30 23:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-30 22:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-30 22:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:49 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-26 12:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-26 12:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-26 12:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 12:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-26 12:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-26 12:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-26 12:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-26 12:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-26 12:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-26 12:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-26 12:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 12:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-26 12:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-26 12:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-26 12:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-26 12:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-26 12:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-26 12:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-26 12:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-26 12:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-26 12:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-26 12:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-26 12:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-26 12:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-26 11:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 11:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-08_ 8.04.15.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-04-05 00:49:42 64,512 ----a-w C:\WINDOWS\agrsmdel.exe
+ 2007-10-31 03:17:40 54,824 ----a-w C:\WINDOWS\agrsmdel.exe
+ 2008-08-09 01:26:43 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-08-09 01:26:39 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-08-09 01:26:43 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-08-09 01:44:39 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-09 01:44:45 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-09 01:26:43 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-08-09 01:26:43 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-08-09 01:44:59 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-09 01:26:39 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-08-09 01:44:45 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-09 01:26:40 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-08-09 01:26:39 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-08-09 01:26:39 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-08-09 01:26:39 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-08-09 01:26:43 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-08-09 01:44:55 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-08-09 01:26:43 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-08-09 01:44:53 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-08-09 01:44:56 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-08-09 01:44:43 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-09 01:44:58 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-09 01:26:43 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-08-09 01:44:52 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-09 01:44:48 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-09 01:44:48 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-08-09 01:44:55 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-09 01:45:00 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-09 01:44:53 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-09 01:44:48 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-09 01:44:51 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-09 01:44:56 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-09 01:44:39 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-08-09 01:44:48 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-09 01:44:44 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-09 01:47:34 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-09 01:44:50 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-09 01:44:55 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2008-08-09 01:47:35 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-09 01:42:50 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-08-09 01:42:56 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-08-09 01:42:57 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-08-09 01:42:58 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-08-09 01:42:54 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-08-09 01:42:46 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-09 01:42:46 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-08-09 01:43:01 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-08-09 01:42:52 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-09 01:42:50 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-08-09 01:42:46 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-08-09 01:42:47 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-08-09 01:42:55 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-09 01:42:56 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-09 01:42:56 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-08-09 01:42:48 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-08-09 01:42:49 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-08-09 01:42:49 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-08-09 01:42:49 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-08-09 01:42:48 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-09 01:43:04 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-08-09 01:43:03 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-08-09 01:42:45 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-08-09 01:43:01 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-09 01:43:05 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-08-09 01:42:45 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-08-09 01:42:45 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-08-09 01:42:45 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-08-09 01:42:59 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-08-09 01:42:50 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-08-09 01:43:00 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-08-09 01:42:58 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-08-09 01:42:47 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-08-09 01:42:55 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-09 01:42:51 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-08-09 01:42:51 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-09 01:42:51 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-08-09 01:43:00 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-09 01:42:58 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-09 01:43:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-09 01:42:59 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-09 01:42:59 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-09 01:42:50 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-09 01:42:52 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-09 01:43:01 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-08-09 01:42:53 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-09 01:42:53 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-09 01:42:53 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-09 01:42:54 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-08-09 01:43:00 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-08-09 01:56:19 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\052b01d5f41165c75040614d03e64545\Accessibility.ni.dll
+ 2008-08-09 01:56:19 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\52e6f71030afecf866e37de57592535e\AspNetMMCExt.ni.dll
+ 2008-08-09 01:56:20 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c67b101d9842e334154243a5e4da0aa3\CustomMarshalers.ni.dll
+ 2008-08-09 01:56:20 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\eb54a996a7fe35fb2b4e4ef98f02a4ed\dfsvc.ni.exe
+ 2008-08-09 01:56:21 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5f50f3da9811bfaa72382173ee82d1dd\Microsoft.Build.Engine.ni.dll
+ 2008-08-09 01:56:22 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\613b88256a517b5b3af9f922267e19b0\Microsoft.Build.Framework.ni.dll
+ 2008-08-09 01:56:24 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8004ef004a54b4c2e0d05ed5e8335219\Microsoft.Build.Tasks.ni.dll
+ 2008-08-09 01:56:24 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bfcffe6e05507159e93263c5242e22a1\Microsoft.Build.Utilities.ni.dll
+ 2008-08-09 01:56:26 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c5d3c0594e7f7d5ea8c9888f0e14c2f9\Microsoft.VisualBasic.ni.dll
+ 2008-08-09 01:43:52 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3d2a91a6c545200f624700ac2ae86375\mscorlib.ni.dll
+ 2008-08-09 01:56:27 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ec99be9da6a99bd8d655b71e1ab340ca\System.Configuration.ni.dll
+ 2008-08-09 01:44:19 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\280871d92ac03759dcfd7078f76887d6\System.Data.ni.dll
+ 2008-08-09 01:56:29 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\06305b5a0a0dd6b25225704887c66e13\System.Deployment.ni.dll
+ 2008-08-09 01:44:34 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\a60b40f4a220b217c807966d3a2a4592\System.Design.ni.dll
+ 2008-08-09 01:56:31 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bb5362bc478cd680b3413c70630efabc\System.DirectoryServices.Protocols.ni.dll
+ 2008-08-09 01:56:30 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f9dd15355dd9047c3c371714bf985bef\System.DirectoryServices.ni.dll
+ 2008-08-09 01:44:38 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\02160e0e625f78d5830d9b563e100331\System.Drawing.Design.ni.dll
+ 2008-08-09 01:44:37 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\ccb5d6542f8954915f9964b17b46bd7c\System.Drawing.ni.dll
+ 2008-08-09 01:56:32 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2db2e33c3ff91993737b98a47ba5e99\System.EnterpriseServices.ni.dll
+ 2008-08-09 01:56:32 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2db2e33c3ff91993737b98a47ba5e99\System.EnterpriseServices.Wrapper.dll
+ 2008-08-09 01:56:33 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\779aee6971d8dac0a75bf00fa2b01740\System.Security.ni.dll
+ 2008-08-09 01:56:34 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e88c997aa1c8a48e48f43fd6cbd0e03f\System.Transactions.ni.dll
+ 2008-08-09 01:56:50 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0e4ce5082b36961bcc4b9191c1e8e798\System.Web.Mobile.ni.dll
+ 2008-08-09 01:56:51 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\55cd271d60f6f2adcb5d54ba5d82865e\System.Web.RegularExpressions.ni.dll
+ 2008-08-09 01:56:53 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\80cd7c9e54415f07b1ad767be9795dc5\System.Web.Services.ni.dll
+ 2008-08-09 01:56:47 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f9476232b313bcdad5b484ac91b37cf9\System.Web.ni.dll
+ 2008-08-09 01:44:51 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6afdd8862913a1788c068c5e8d59f4e8\System.Windows.Forms.ni.dll
+ 2008-08-09 01:44:59 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\e4fc736d0feeee9e0c9a0bea73237236\System.Xml.ni.dll
+ 2008-08-09 01:44:08 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\55f79c8f77fdcc590f75307fe36f0c5c\System.ni.dll
+ 2008-08-09 01:47:58 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_38d23e65\CustomMarshalers.dll
+ 2008-08-09 01:47:41 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a11c4777\CustomMarshalers.dll
+ 2008-08-09 01:48:09 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_689d2b2f\mscorlib.dll
+ 2008-08-09 01:47:54 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aa6e682d\mscorlib.dll
+ 2008-08-09 01:47:51 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3f610def\System.Design.dll
+ 2008-08-09 01:48:06 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e59cbb6c\System.Design.dll
+ 2008-08-09 01:47:59 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_796fd43b\System.Drawing.Design.dll
+ 2008-08-09 01:47:42 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9b532b5f\System.Drawing.Design.dll
+ 2008-08-09 01:47:52 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0229d9a4\System.Drawing.dll
+ 2008-08-09 01:48:07 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_28208139\System.Drawing.dll
+ 2008-08-09 01:47:45 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b19f40f8\System.Windows.Forms.dll
+ 2008-08-09 01:48:02 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ceaef9e5\System.Windows.Forms.dll
+ 2008-08-09 01:48:04 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_32094329\System.Xml.dll
+ 2008-08-09 01:47:48 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e6866d06\System.Xml.dll
+ 2008-08-09 01:47:58 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_059ae81b\System.dll
+ 2008-08-09 01:47:40 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_eed1f5b7\System.dll
- 2006-05-09 11:02:38 180,736 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-01 08:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2005-09-22 21:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-13 23:42:38 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-07-19 01:52:48 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 02:45:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-13 23:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-22 21:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-22 21:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-22 21:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-22 21:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-22 21:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2003-02-20 16:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-20 17:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-20 17:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-20 19:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-20 21:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-20 19:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 09:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2007-04-13 11:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 09:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2004-07-14 15:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 15:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2007-04-13 11:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 01:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 21:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 21:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2007-04-13 10:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 01:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 01:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-20 21:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-20 21:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-20 18:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 00:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-20 09:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2004-07-14 14:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 04:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-20 21:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2004-07-15 04:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 04:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-20 21:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-14 14:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 21:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 09:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-20 21:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 21:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2004-07-15 04:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 04:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-20 21:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-20 21:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-20 21:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-20 21:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-20 21:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2004-07-15 04:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 04:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-20 21:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2004-07-14 14:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 14:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2007-04-13 10:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 10:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 10:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 10:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 08:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 09:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2004-07-14 14:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 14:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2007-04-13 10:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 10:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 09:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2007-04-13 10:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 18:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 09:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 08:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2007-01-15 06:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-20 09:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2004-07-14 14:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 21:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 04:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-20 21:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-14 15:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_aspnet_isapi.dll
+ 2004-07-14 14:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_CORPerfMonExt.dll
+ 2004-07-14 14:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_fusion.dll
+ 2004-07-14 14:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorjit.dll
+ 2004-07-15 04:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorlib.dll
+ 2003-02-20 09:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorsn.dll
+ 2004-07-14 14:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorsvr.dll
+ 2004-07-14 14:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorwks.dll
+ 2003-02-20 18:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_msvcr71.dll
+ 2004-07-14 14:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_PerfCounter.dll
+ 2003-02-20 09:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 09:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2004-07-14 14:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 21:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2004-07-15 04:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 04:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 04:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 04:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2007-04-13 11:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-20 21:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 04:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 04:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-14 14:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 04:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 04:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 04:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 04:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 04:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 04:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2007-04-13 11:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 04:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 04:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 04:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 04:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 04:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 03:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 01:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-14 22:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-14 16:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2005-09-22 21:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-22 21:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-22 21:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-22 21:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-22 21:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-22 21:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-22 21:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-22 21:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-04-12 17:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-22 21:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-04-12 17:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-12 17:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-12 17:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-12 17:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-22 21:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-04-12 17:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-22 21:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-04-12 17:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-12 17:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-12 17:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-22 21:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-04-12 17:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-22 21:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-22 21:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-22 21:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-22 21:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-22 21:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-22 21:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-22 21:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-04-12 17:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-22 21:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-22 21:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-22 21:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-04-12 17:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-22 21:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-22 21:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-22 21:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-04-12 17:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-12 17:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-22 21:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-22 21:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-22 21:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-22 21:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-22 20:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-22 20:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-22 20:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-22 20:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-22 20:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-22 20:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-22 17:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-22 20:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-22 20:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-22 20:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-22 20:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-22 20:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-22 20:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-22 20:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-22 20:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-22 20:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-22 20:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-22 20:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-22 20:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-22 20:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-22 20:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-22 20:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-22 20:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-22 20:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-22 20:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-22 21:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2007-04-12 17:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-22 21:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-04-12 17:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-22 21:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-04-12 17:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-22 21:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-22 21:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-22 21:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-22 21:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-22 21:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-22 21:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-22 21:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-22 21:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-04-12 17:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-22 21:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-04-12 17:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-22 21:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-22 21:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-04-12 17:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-12 17:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-22 21:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-04-12 17:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-12 17:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-22 21:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-22 21:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-22 21:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-04-12 17:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-12 17:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-22 21:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-04-12 17:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-22 21:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-04-12 17:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-12 17:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-22 21:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-04-12 17:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-22 21:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-22 21:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-22 21:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-22 21:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-22 21:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-22 21:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-04-12 17:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-12 17:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-04-12 17:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-22 21:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-04-12 17:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-04-12 17:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-04-12 17:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-04-12 17:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-04-12 17:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-22 21:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-04-12 17:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-04-12 17:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-22 21:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-04-12 17:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-04-12 17:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-04-12 17:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-04-12 17:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-04-12 17:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-22 21:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-04-12 17:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-22 21:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-22 21:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-22 21:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-04-12 17:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-04-12 17:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-22 21:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-22 21:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-22 21:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-04-12 17:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-04-12 17:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-22 21:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-04-12 17:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-04-12 17:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-04-12 17:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-22 21:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-08-09 01:51:06 6,140 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{A583D7EE-87EF-481F-BCDC-58DFD9EFCCCC}.bin
+ 2007-08-17 09:09:34 13,312 ----a-w C:\WINDOWS\system32\agrscoin.dll
+ 2007-09-26 08:24:42 12,800 ----a-w C:\WINDOWS\system32\agrsmsvc.exe
- 2006-05-09 12:26:32 7,168 ----a-w C:\

Poslao: 09 Avg 2008 04:18
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

evo statak loga jer nije sve prihvatilo prvi put
- 2006-04-11 04:27:18 304,640 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2006-09-28 08:56:38 316,416 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2008-08-09 01:42:46 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-08-09 01:42:46 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 06:00 358448]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe [2008-08-06 08:36:40 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-07-30 20:07]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-30 20:07]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 10:12]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-05-29 18:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-27 16:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-08-09 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]

2008-08-08 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\7bfbvdjl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-09 12:07:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-09 12:08:47
ComboFix-quarantined-files.txt 2008-08-09 02:08:44
ComboFix2.txt 2008-08-07 22:04:38

Pre-Run: 32,225,112,064 bytes free
Post-Run: 32,221,843,456 bytes free

987 --- E O F --- 2008-07-28 11:05:48
Ja mislim da sam prilicno dobro ocistio komp al ipak mislim da ces ti to bolje vidjeti iz ovih logova. Mozda su ostali kakvi zaostaci i repovi koje ti mozes da vidis u logu.
takodje mislim da je najveci dio posla ciscenja obavio program Malvarebytes` AntiMalvare koji je pronasao mnostvo fajlova zarazenih Vundom i izbrisao ih. za sad toliko, hvala i pozdrav

Poslao: 09 Avg 2008 10:33
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\VundoFix Backups

FireFox::
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\7bfbvdjl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT649865&SearchSource=3&q=


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 09 Avg 2008 14:36
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 5

ComboFix 08-08-08.07 - admin 2008-08-09 22:30:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1544 [GMT 10:00]
Running from: E:\Download\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Desktop\CFScript.txt.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 11:51 . 2008-08-09 11:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-09 11:33 . 2008-08-09 11:33 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-09 11:32 . 2008-08-09 11:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-09 11:32 . 2008-03-08 03:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-09 11:32 . 2008-03-08 03:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-09 11:32 . 2008-03-08 03:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-09 11:31 . 2008-08-09 11:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 11:31 . 2004-08-04 22:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-09 11:26 . 2008-08-09 11:26 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-07 22:12 . 2008-08-07 22:12 <DIR> d-------- C:\Documents and Settings\admin\Application Data\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Program Files\ESET
2008-08-07 22:11 . 2008-08-07 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 10:12 . 2008-08-07 10:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 09:50 . 2008-08-07 09:50 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-08-07 09:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:49 . 2008-08-07 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 00:52 . 2008-08-07 00:52 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TrojanHunter
2008-08-07 00:28 . 2008-08-07 00:30 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-06 16:42 . 2008-08-06 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-06 08:43 . 2005-05-29 18:00 346,432 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-08-06 08:43 . 2006-02-23 15:30 149,544 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-08-06 08:43 . 2005-10-06 11:28 15,819 --a------ C:\WINDOWS\system32\drivers\netwpn11.inf
2008-08-06 08:43 . 2005-10-19 05:03 8,263 --a------ C:\WINDOWS\system32\drivers\WPN111.cat
2008-08-06 08:29 . 2008-08-06 08:29 <DIR> d-------- C:\Program Files\NETGEAR
2008-08-05 20:49 . 2008-08-05 20:49 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-05 14:11 . 2008-08-05 14:11 <DIR> d-------- C:\Program Files\Unlocker
2008-08-05 14:11 . 2008-08-05 20:19 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Desktopicon
2008-08-05 13:50 . 2008-08-05 13:50 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-08-05 13:06 . 2008-08-05 13:06 164 --a------ C:\install.dat
2008-08-05 07:24 . 2008-08-05 09:01 <DIR> d-------- C:\Documents and Settings\admin\Application Data\mIRC
2008-08-05 06:48 . 2008-08-05 06:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-02 15:56 . 2008-08-02 15:56 <DIR> d-------- C:\Program Files\Jufsoft
2008-08-02 07:55 . 2008-08-02 07:55 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-02 07:53 . 2008-08-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-02 07:40 . 2008-08-02 15:11 72 ---hs---- C:\WINDOWS\SDA6AAAB7.tmp
2008-08-02 07:23 . 2008-08-02 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-08-02 07:18 . 2008-08-02 07:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-02 07:06 . 2008-08-02 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-02 07:04 . 2008-08-02 07:40 <DIR> d-------- C:\Program Files\SlySoft
2008-08-01 09:24 . 2008-08-01 09:24 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:23 . 2008-08-01 09:23 <DIR> d-------- C:\Documents and Settings\admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-31 09:56 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-31 09:56 . 2005-08-05 06:00 192,512 -ra------ C:\WINDOWS\system32\AegisI5.exe
2008-07-31 09:56 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-31 09:56 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-31 09:56 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-31 09:56 . 2003-07-25 13:30 15,941 --a------ C:\WINDOWS\system32\DNINDIS3.VXD
2008-07-31 07:52 . 2008-07-31 07:53 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-30 14:17 . 2008-07-30 14:17 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Program Files\LimeWire
2008-07-29 08:34 . 2008-07-31 14:55 <DIR> d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-07-29 08:20 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:19 . 2008-07-29 08:20 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:18 . 2008-07-29 08:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 08:15 . 2008-08-05 11:32 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-29 08:15 . 2008-07-29 08:15 <DIR> d-------- C:\Documents and Settings\admin\Application Data\URSoft
2008-07-29 08:03 . 2008-08-08 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 10:47 . 2008-08-08 01:49 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-28 07:09 . 2008-07-28 07:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-28 07:07 . 2008-07-28 07:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 06:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-28 06:33 . 2004-01-14 11:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-07-28 06:32 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-28 06:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 06:31 . 2008-07-28 06:31 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-07-28 06:30 . 2008-04-14 04:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 06:28 . 2008-07-28 06:28 <DIR> d--h----- C:\BJPrinter
2008-07-28 06:28 . 2004-05-21 15:00 116,736 --a------ C:\WINDOWS\system32\CNMLM66.DLL
2008-07-28 06:28 . 2004-03-12 02:06 86,016 --a------ C:\WINDOWS\system32\CNMCP66.exe
2008-07-28 06:28 . 2004-03-12 02:06 86,016 -ra------ C:\WINDOWS\system32\cnm3365.tmp
2008-07-28 06:28 . 2004-05-21 15:00 7,680 --a------ C:\WINDOWS\system32\CNMVS66.DLL
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-07-28 06:27 . 2008-07-28 06:27 <DIR> d-------- C:\WINDOWS\IP2000
2008-07-28 06:26 . 2008-07-28 06:33 <DIR> d-------- C:\Program Files\Canon
2008-07-28 00:31 . 2008-07-28 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-27 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-27 21:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-27 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 21:26 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-27 21:25 . 2008-07-27 21:25 <DIR> d-------- C:\Program Files\Real
2008-07-27 21:25 . 2008-07-27 21:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-27 21:18 . 2008-07-27 21:18 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Media Player Classic
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 17:34 . 2008-07-27 17:34 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-07-27 17:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-07-27 17:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-07-27 17:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-07-27 17:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-07-27 17:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-27 17:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-27 17:32 . 2008-07-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:32 . 2008-07-27 17:33 <DIR> d-------- C:\Program Files\Ahead
2008-07-27 17:07 . 2008-07-27 17:07 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 17:07 . 2008-08-08 12:29 <DIR> d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-07-27 17:05 . 2008-07-27 17:05 <DIR> d-------- C:\Program Files\VSO
2008-07-27 17:05 . 2008-08-08 00:40 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Vso
2008-07-27 17:05 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-27 17:05 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-27 17:05 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-27 17:05 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-27 17:05 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-27 17:05 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-27 17:05 . 2008-07-27 17:05 47,360 --a------ C:\Documents and Settings\admin\Application Data\pcouffin.sys
2008-07-27 16:27 . 2008-07-27 16:27 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TuneUp Software
2008-07-27 16:27 . 2008-07-27 16:27 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-27 16:27 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-27 16:26 . 2008-07-27 16:27 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-27 16:26 . 2008-07-27 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-27 16:07 . 2008-07-27 16:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 16:07 . 2008-07-27 16:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 16:07 . 2008-07-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:58 . 2008-07-27 15:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-27 15:54 . 2008-07-27 15:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:49 . 2008-08-09 07:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-27 15:49 . 2008-08-09 07:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-27 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-26 07:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-30 23:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-30 23:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-30 23:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-30 22:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-30 22:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:49 99,264 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-26 12:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-26 12:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-26 12:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 12:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-26 12:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-26 12:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-26 12:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-26 12:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-26 12:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-26 12:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-26 12:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 12:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-26 12:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-26 12:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-26 12:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-26 12:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-26 12:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-26 12:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 12:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-26 12:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-26 12:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-26 12:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-26 12:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-26 12:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-26 12:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-26 11:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 11:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 06:00 358448]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-27 21:25 185896]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe [2008-08-06 08:36:40 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-07-30 20:07]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-30 20:07]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 10:12]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-05-29 18:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-27 16:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - UPNPHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-08-09 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]

2008-08-08 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-05-22 02:42]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-09 22:31:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-09 22:32:13
ComboFix-quarantined-files.txt 2008-08-09 12:32:10
ComboFix2.txt 2008-08-09 02:08:48
ComboFix3.txt 2008-08-07 22:04:38

Pre-Run: 32,364,941,312 bytes free
Post-Run: 32,352,985,088 bytes free

297 --- E O F --- 2008-07-28 11:05:48

evo log i ja sam spreman ici dok nebudemo sigurni da je sve cisto.
pozdrav

Poslao: 09 Avg 2008 14:54
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

MyCity » Ambulanta -> Arhiva Ambulante » Vundo

Ko je trenutno na forumu
 

Ukupno su 1662 korisnika na forumu :: 59 registrovanih, 6 sakrivenih i 1597 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 4783 - dana 08 Dec 2025 18:21

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 04bokibole, Alesalebg85, analitičar, Apok, bobomicek, Boris90, Chainsaw, Coficab, Colt D, dearg, dejno, Djota1, dskrlec33, foka106, FOX, Frunze, gobrad, Haris, Jezekijel, jodzula, Kajzer Soze, kovacicbozo, LostInSpaceandTime, luka35, magyar, marko_s, Mercury, Metanoja, mikrimaus, milutin134, minke, mocnijogurt, Mzee, Natuzzi, Nole, Papadubi, Prečanin30, Radio operater, raso76, Romibrat, royst33, Sami_1ali, sekretar, Sevatar, Sharpshooter, SOM, Srle993, sspp, stagezin, stegonosa, uljmanac, Velizar Laro, vensla, vuksa72, wolf431, xAlex2, ZlatniRez, zlaya011, 79693