- Kod: Zaznacz wszystko
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
9 maj 2008 19:12:53
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus 9/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus749864
-------------------------------------------------------------------------------
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Mój komputer:
A:\
C:\
D:\
E:\
F:\
G:\
Statystyki skanowania:
Liczba skanowanych obiektów: 40582
Liczba wykrytych wirusów: 4
Liczba zainfekowanych obiektów: 242
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 00:45:10
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\cert8.db Object is locked pominięty
C:\Documents and Settings\pykoo\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\formhistory.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\history.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\key3.db Object is locked pominięty
C:\Documents and Settings\pykoo\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\parent.lock Object is locked pominięty
C:\Documents and Settings\pykoo\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\search.sqlite Object is locked pominięty
C:\Documents and Settings\pykoo\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\urlclassifier2.sqlite Object is locked pominięty
C:\Documents and Settings\pykoo\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\pykoo\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\Cache\_CACHE_001_ Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\Cache\_CACHE_002_ Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\Cache\_CACHE_003_ Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\c5wehaj8.default\Cache\_CACHE_MAP_ Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Temp\Av-test.txt Zainfekowanych: EICAR-Test-File pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-09.14-54-14.log Object is locked pominięty
C:\Program Files\DAEMON Tools\SetupDTSB.exe Zainfekowanych: not-a-virus:AdTool.Win32.WhenU.a pominięty
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\WINDOWS\CSC\00000001 Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\tmp000027a5\tmp00000000 Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP173\A0132234.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP173\A0132275.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132300.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132316.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132318.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132322.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132323.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132324.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132325.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132326.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132327.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132328.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132329.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132337.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132338.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132339.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132346.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP175\A0133378.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP176\A0134437.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP176\A0134438.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0135570.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0135573.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0136535.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0137540.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0137569.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0138671.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139638.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139641.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139644.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139645.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139676.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139679.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139699.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139726.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139730.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139778.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139780.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139785.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139786.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0139792.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141782.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141810.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141811.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141813.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141857.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0141861.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0141865.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0141866.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142803.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142806.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142835.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142842.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0142845.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0142870.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143871.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143880.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143900.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143924.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143956.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143973.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143984.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0143990.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0144973.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0144977.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0144981.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0145975.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0145992.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0145999.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146002.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146023.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146027.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146028.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146037.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146060.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146078.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146081.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147059.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147065.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147084.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147112.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0147121.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148112.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148134.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148153.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148154.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148155.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148156.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148157.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148158.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148159.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148160.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148161.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148162.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148163.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148164.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148165.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148166.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148167.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148168.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148169.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148170.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148171.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148172.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148173.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148174.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148175.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148176.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148177.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148178.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148179.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148180.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148181.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148182.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148183.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148184.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148185.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148186.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148187.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148188.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148189.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148190.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148191.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148192.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148193.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148194.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148195.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148196.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148197.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148198.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148199.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148200.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148201.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148202.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148203.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148204.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148205.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148206.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148207.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148208.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148209.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148210.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148211.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148212.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148213.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148214.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148215.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148216.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148217.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148218.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148219.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148220.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148221.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148222.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148223.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148224.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148225.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148226.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148227.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148228.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148229.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148230.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148231.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148232.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148233.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148234.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148235.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148236.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148237.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148238.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148239.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148240.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148241.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148242.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148243.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148244.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148245.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148246.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148247.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148248.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148249.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148250.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148251.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148252.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148253.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148254.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148255.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148256.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148258.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148259.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148260.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148261.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148262.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148263.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148264.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148265.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148266.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148267.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148268.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148269.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148270.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148271.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148272.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148273.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148274.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148275.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148276.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148277.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148278.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148279.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148280.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148281.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148282.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148283.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148284.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148285.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148286.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148287.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148288.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148289.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148290.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148291.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148292.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148293.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148294.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148295.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148296.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148297.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148298.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148299.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148300.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148301.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148302.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148303.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148304.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148305.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148306.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148307.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP187\A0148313.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP187\A0150136.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\v.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
Proces skanowania został zakończony.
jak usunąć amvo.exe
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
61 posty(ów)
• Strona 2 z 5 • 1, 2, 3, 4, 5
przez pykoo » 09 Maj 2008, 19:16
UA:
nie wiem czy to o to chodzi
- pykoo
- Forumowicz
- Posty: 28
- Dołączenie: 09 Maj 2008, 17:37
przez huber2t » 09 Maj 2008, 19:27
UA:
Pobierz Avenger
wklej do niego ten tekst:
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
wklej do niego ten tekst:
- Kod: Zaznacz wszystko
Files to delete:
D:\v.com
C:\Program Files\DAEMON Tools\SetupDTSB.exe
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez pykoo » 09 Maj 2008, 19:47
UA:
oto i raport
wydaje mi sie ze już wszystko ok,
wielkie dzięki za pomoc
- Kod: Zaznacz wszystko
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "D:\v.com" deleted successfully.
File "C:\Program Files\DAEMON Tools\SetupDTSB.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
wydaje mi sie ze już wszystko ok,
wielkie dzięki za pomoc
- pykoo
- Forumowicz
- Posty: 28
- Dołączenie: 09 Maj 2008, 17:37
jak usunąć amvo.exe
przez abdul83 » 10 Maj 2008, 16:12
UA:
Witam Wszystkich!
Mam problem z usunieciem amvo.exe, troche poczytałem na forum ale sam nie wem jak to zrobic, dlatego proszę o sprawdzenie mojego loga i o dalsze instrukcje.
Z góry dziękuję
pozdrawiam
KOD:
ComboFix 08-05-09.1 - AP 2008-05-10 12:11:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.175 [GMT 2:00]
Running from: C:\Documents and Settings\AP\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\BPS Popup-Watch.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\BPS Spy-Watch.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\BPS Winsock 2 Connection Fix.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\System Hijack Scanner.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\Uninstall.lnk
C:\Program Files\BulletProofSoft.com
C:\Program Files\BulletProofSoft.com\SpywareRemover\errorlog.txt
C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\help.chm
C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\LSPHelp.htm
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Help\English.chm
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\Arabic.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\Arabic.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\English.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\English.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\ignorespylist.txt
C:\Program Files\BulletProofSoft.com\SpywareRemover\Ini\update.ref
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\arabic.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\arabic.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Chinese.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Chinese.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Dutch.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Dutch.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\English.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\English.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Francais.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Francais.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\German.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\German.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Japanese.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Japanese.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Korean.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Korean.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\portugues.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\portugues.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Slovenian.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Slovenian.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Spanish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Spanish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Swedish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Swedish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Turkish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Turkish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\LiveUpdate.cli
C:\Program Files\BulletProofSoft.com\SpywareRemover\LiveUpdate.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Help\pwhelp.chm
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\arabic.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\arabic.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Dutch.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Dutch.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\English.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\English.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Français.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Français.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\German.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\German.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano1.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano1.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\portuguęs.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\portuguęs.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Slovenian.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Slovenian.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Spanish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Spanish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Swedish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Swedish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Turkish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Turkish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound1.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound10.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound11.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound12.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound13.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound14.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound15.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound16.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound17.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound18.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound19.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound2.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound20.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound21.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound22.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound23.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound24.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound25.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound26.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound27.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound28.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound3.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound4.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound5.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound6.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound7.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound8.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound9.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\ScanLog10-05-08-44477.txt
C:\Program Files\BulletProofSoft.com\SpywareRemover\Setting.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\unins000.dat
C:\Program Files\BulletProofSoft.com\SpywareRemover\unins000.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 10:09 --------- d-----w C:\Program Files\Wanadoo
2008-05-10 09:11 --------- d-----w C:\Program Files\Kerio
2008-05-10 09:04 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 09:04 --------- d-----w C:\Program Files\SAGEM
2008-05-10 09:04 --------- d-----w C:\Program Files\JavaSoft
2008-05-10 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 08:29 --------- d-----w C:\Program Files\Realtek
2008-05-10 08:28 --------- d-----w C:\Program Files\AMD
2008-05-10 08:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-10 08:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 08:13 --------- d-----w C:\Program Files\Usługi online
2008-04-05 17:06 103,966 --sh--r C:\t.com
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 21:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 21:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe [2008-05-10 11:04:32 946247]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 12:16:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 12:17:49
ComboFix-quarantined-files.txt 2008-05-10 10:17:43
Pre-Run: 38,758,162,432 bajtów wolnych
Post-Run: 38,767,366,144 bajtów wolnych
184
Mam problem z usunieciem amvo.exe, troche poczytałem na forum ale sam nie wem jak to zrobic, dlatego proszę o sprawdzenie mojego loga i o dalsze instrukcje.
Z góry dziękuję
pozdrawiam
KOD:
ComboFix 08-05-09.1 - AP 2008-05-10 12:11:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.175 [GMT 2:00]
Running from: C:\Documents and Settings\AP\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\BPS Popup-Watch.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\BPS Spy-Watch.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\BPS Winsock 2 Connection Fix.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\System Hijack Scanner.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\BulletProofSoft.com\SpywareRemover\Uninstall.lnk
C:\Program Files\BulletProofSoft.com
C:\Program Files\BulletProofSoft.com\SpywareRemover\errorlog.txt
C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\help.chm
C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\LSPHelp.htm
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Help\English.chm
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\Arabic.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\Arabic.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\English.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\Language\English.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\ignorespylist.txt
C:\Program Files\BulletProofSoft.com\SpywareRemover\Ini\update.ref
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\arabic.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\arabic.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Chinese.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Chinese.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Dutch.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Dutch.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\English.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\English.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Francais.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Francais.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\German.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\German.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Japanese.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Japanese.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Korean.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Korean.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\portugues.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\portugues.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Slovenian.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Slovenian.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Spanish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Spanish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Swedish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Swedish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Turkish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Turkish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\LiveUpdate.cli
C:\Program Files\BulletProofSoft.com\SpywareRemover\LiveUpdate.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Help\pwhelp.chm
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\arabic.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\arabic.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Dutch.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Dutch.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\English.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\English.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Français.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Français.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\German.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\German.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano1.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano1.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\portuguęs.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\portuguęs.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Slovenian.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Slovenian.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Spanish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Spanish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Swedish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Swedish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Turkish.bmp
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Turkish.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound1.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound10.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound11.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound12.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound13.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound14.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound15.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound16.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound17.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound18.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound19.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound2.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound20.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound21.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound22.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound23.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound24.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound25.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound26.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound27.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound28.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound3.wav
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound4.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound5.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound6.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound7.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound8.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound9.WAV
C:\Program Files\BulletProofSoft.com\SpywareRemover\ScanLog10-05-08-44477.txt
C:\Program Files\BulletProofSoft.com\SpywareRemover\Setting.ini
C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\unins000.dat
C:\Program Files\BulletProofSoft.com\SpywareRemover\unins000.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 10:09 --------- d-----w C:\Program Files\Wanadoo
2008-05-10 09:11 --------- d-----w C:\Program Files\Kerio
2008-05-10 09:04 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 09:04 --------- d-----w C:\Program Files\SAGEM
2008-05-10 09:04 --------- d-----w C:\Program Files\JavaSoft
2008-05-10 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 08:29 --------- d-----w C:\Program Files\Realtek
2008-05-10 08:28 --------- d-----w C:\Program Files\AMD
2008-05-10 08:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-10 08:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 08:13 --------- d-----w C:\Program Files\Usługi online
2008-04-05 17:06 103,966 --sh--r C:\t.com
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 21:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 21:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe [2008-05-10 11:04:32 946247]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 12:16:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 12:17:49
ComboFix-quarantined-files.txt 2008-05-10 10:17:43
Pre-Run: 38,758,162,432 bajtów wolnych
Post-Run: 38,767,366,144 bajtów wolnych
184
- abdul83
- Forumowicz
- Posty: 5
- Dołączenie: 10 Maj 2008, 16:00
przez huber2t » 10 Maj 2008, 16:22
UA:
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Wklej do notatnika:
- Kod: Zaznacz wszystko
File::
C:\t.com
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
wygenerowany log
przez abdul83 » 10 Maj 2008, 17:07
UA:
oto wygenerowany log:
ComboFix 08-05-09.1 - AP 2008-05-10 16:37:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.213 [GMT 2:00]
Running from: C:\Documents and Settings\AP\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\AP\Pulpit\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\t.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\t.com
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 10:17 --------- d-----w C:\Program Files\Wanadoo
2008-05-10 09:11 --------- d-----w C:\Program Files\Kerio
2008-05-10 09:04 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 09:04 --------- d-----w C:\Program Files\SAGEM
2008-05-10 09:04 --------- d-----w C:\Program Files\JavaSoft
2008-05-10 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 08:29 --------- d-----w C:\Program Files\Realtek
2008-05-10 08:28 --------- d-----w C:\Program Files\AMD
2008-05-10 08:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-10 08:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 08:13 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((( snapshot@2008-05-10_12.16.57,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 10:08:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 14:35:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 21:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 21:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe [2008-05-10 11:04:32 946247]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2988f288-1e6c-11dd-b80c-0016e652b009}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 16:41:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 16:42:43
ComboFix-quarantined-files.txt 2008-05-10 14:42:37
ComboFix2.txt 2008-05-10 10:17:51
Pre-Run: 38,766,804,992 bajtów wolnych
Post-Run: 38,761,893,888 bajtów wolnych
83
ComboFix 08-05-09.1 - AP 2008-05-10 16:37:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.213 [GMT 2:00]
Running from: C:\Documents and Settings\AP\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\AP\Pulpit\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\t.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\t.com
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 10:17 --------- d-----w C:\Program Files\Wanadoo
2008-05-10 09:11 --------- d-----w C:\Program Files\Kerio
2008-05-10 09:04 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 09:04 --------- d-----w C:\Program Files\SAGEM
2008-05-10 09:04 --------- d-----w C:\Program Files\JavaSoft
2008-05-10 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 08:29 --------- d-----w C:\Program Files\Realtek
2008-05-10 08:28 --------- d-----w C:\Program Files\AMD
2008-05-10 08:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-10 08:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 08:13 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((( snapshot@2008-05-10_12.16.57,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 10:08:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 14:35:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 21:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 21:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe [2008-05-10 11:04:32 946247]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2988f288-1e6c-11dd-b80c-0016e652b009}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 16:41:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 16:42:43
ComboFix-quarantined-files.txt 2008-05-10 14:42:37
ComboFix2.txt 2008-05-10 10:17:51
Pre-Run: 38,766,804,992 bajtów wolnych
Post-Run: 38,761,893,888 bajtów wolnych
83
- abdul83
- Forumowicz
- Posty: 5
- Dołączenie: 10 Maj 2008, 16:00
dzięki bardzo
przez abdul83 » 10 Maj 2008, 17:19
UA:
Dzięki bardzo za pomoc, nie otwierał i się dysk D i juz się otwiera to chyba wszystko jest ok, tylko jak pendriva do usb wsadzam to się zamula i restartuje, nie wiem czemu. JAk bede miał jakiś problem jeszcze to się odezwe
pozdrawiam
pozdrawiam
- abdul83
- Forumowicz
- Posty: 5
- Dołączenie: 10 Maj 2008, 16:00
przez huber2t » 10 Maj 2008, 19:07
UA:
Podłącz pendrive do komputera
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
- Kod: Zaznacz wszystko
File::
F:\t.com
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
log3
przez abdul83 » 11 Maj 2008, 11:44
UA:
a tu przesyam kolejny log:
ComboFix 08-05-09.1 - AP 2008-05-11 11:32:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.184 [GMT 2:00]
Running from: C:\Documents and Settings\AP\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\AP\Pulpit\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
F:\t.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\t.com
.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-11 03:26 . 2008-05-11 03:27 <DIR> d-------- C:\Program Files\OpenOffice.ux.pl 2.4.0
2008-05-11 03:26 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-10 19:39 . 2008-05-10 21:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-10 19:20 . 2008-05-10 19:20 <DIR> d---s---- C:\Documents and Settings\AP\UserData
2008-05-10 19:17 . 2008-05-11 03:26 <DIR> d-------- C:\Program Files\Java
2008-05-10 19:17 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-10 19:05 . 2008-05-10 19:24 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-05-10 19:05 . 2008-05-10 19:06 <DIR> d-------- C:\Documents and Settings\AP\Gadu-Gadu
2008-05-10 17:54 . 2008-05-10 17:54 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-10 17:54 . 2008-05-10 17:54 <DIR> d-------- C:\Program Files\Ahead
2008-05-10 17:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-10 17:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-10 17:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-10 17:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-10 17:54 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-10 17:54 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-05-10 17:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-10 17:54 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 09:29 --------- d-----w C:\Program Files\Wanadoo
2008-05-10 09:11 --------- d-----w C:\Program Files\Kerio
2008-05-10 09:04 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 09:04 --------- d-----w C:\Program Files\SAGEM
2008-05-10 09:04 --------- d-----w C:\Program Files\JavaSoft
2008-05-10 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 08:29 --------- d-----w C:\Program Files\Realtek
2008-05-10 08:28 --------- d-----w C:\Program Files\AMD
2008-05-10 08:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-10 08:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 08:13 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-10_12.16.57,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 10:08:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 09:28:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-24 17:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 16:04:45 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 16:04:56 2,058,880 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 16:04:47 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 16:04:58 2,181,632 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2004-08-04 12:00:00 1,033,728 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:23:49 1,034,752 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-04 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2008-05-11 01:27:19 2,273,280 ----a-r C:\WINDOWS\Installer\{C24906E2-041C-482F-A253-27180A4D488B}\soffice.exe
- 2004-08-04 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:05:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:48:14 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-04 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:59:43 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:18:38 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 12:00:00 1,017,344 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:05:10 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 12:00:00 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:42:32 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2004-08-04 12:00:00 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:42:33 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-04 12:00:00 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:05:10 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 12:00:00 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:55:33 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:18:13 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2004-08-04 12:00:00 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:42:33 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2004-08-04 12:00:00 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:42:33 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 12:00:00 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:42:33 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-04 12:00:00 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:42:33 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2004-08-04 12:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:51:15 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2004-08-04 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:42:33 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:42:34 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-04 12:00:00 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:42:34 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2004-08-04 12:00:00 1,055,232 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:05:11 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-04 12:00:00 110,592 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 13:26:53 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2004-08-04 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:59:43 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2004-08-03 20:39:38 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2006-02-15 00:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
- 2004-08-04 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:05:18 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-08-04 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:48:14 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-08-04 12:00:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:18:38 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2004-08-04 12:00:00 1,017,344 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:05:10 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:42:32 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2004-08-04 12:00:00 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:42:33 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2004-08-04 12:00:00 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:05:10 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-04 12:00:00 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 01:55:33 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
- 2004-08-04 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-06-22 05:18:13 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2004-08-04 12:00:00 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:42:33 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2004-08-04 12:00:00 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:42:33 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2004-08-04 12:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:42:33 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2004-08-04 12:00:00 195,584 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2005-07-26 04:42:33 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2004-08-04 12:00:00 611,328 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2006-08-25 15:51:15 617,472 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2004-08-04 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:42:33 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:42:34 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2004-08-04 12:00:00 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:42:34 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2004-08-04 12:00:00 1,055,232 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 09:05:11 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 12:00:00 110,592 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2006-05-19 13:26:53 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2004-08-04 12:00:00 81,408 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:18:58 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2004-08-04 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:38:07 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:38:07 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2004-08-04 12:00:00 499,229 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2006-08-24 11:18:20 499,766 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2004-08-04 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:05:11 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:05:11 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2005-07-26 04:42:34 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2004-08-04 12:00:00 1,092,608 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:30:53 1,092,608 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
- 2004-08-04 12:00:00 1,033,728 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 13:23:49 1,034,752 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2004-08-04 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 09:05:11 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 12:28:21 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2004-08-04 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2004-08-04 12:00:00 124,800 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2004-08-04 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:21:40 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-04 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:41 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2005-05-27 02:08:15 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2004-08-04 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:29:01 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2004-08-04 12:00:00 253,952 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2005-06-29 01:52:57 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
- 2004-08-04 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 249,344 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 09:05:11 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:18:06 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2004-08-04 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 09:05:11 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-04 12:00:00 95,744 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-19 13:26:53 95,744 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2004-08-04 12:00:00 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-08-04 12:00:00 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2005-05-27 02:08:15 155,136 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2004-08-04 12:00:00 134,144 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2005-05-27 02:08:15 137,216 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2006-06-01 18:49:32 163,840 -c----w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:49:32 27,648 -c----w C:\WINDOWS\system32\dllcache\jgpl400.dll
- 2004-08-04 12:00:00 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:42:55 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-04 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 09:05:11 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
+ 2005-06-15 17:51:00 295,936 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
- 2004-08-04 12:00:00 1,012,224 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:54:44 1,013,248 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2004-08-03 21:07:50 171,776 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2006-06-14 08:47:45 172,416 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
- 2004-08-04 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 02:28:38 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2004-08-04 12:00:00 723,968 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:29:33 723,968 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-08-04 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-03-08 15:38:47 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2004-08-04 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:19:04 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2004-08-04 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2004-08-04 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-04 12:00:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
+ 2006-03-23 05:51:28 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
- 2004-08-04 12:00:00 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:09:22 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2004-08-04 12:00:00 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:09:22 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-08-04 12:00:00 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:09:22 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2005-06-29 01:52:57 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-04 12:00:00 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:44:19 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:44:19 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2004-08-04 12:00:00 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:44:19 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2004-08-04 12:00:00 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:55:46 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2004-08-04 12:00:00 3,003,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 22:35:14 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2004-08-04 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 09:05:13 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 12:00:00 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 12:00:00 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:09:22 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2004-08-04 12:00:00 1,311,232 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:19:02 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 09:05:13 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 12:00:00 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 09:05:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:10:36 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-04 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:44:19 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2004-08-04 12:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-03-01 19:44:19 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
- 2004-08-04 12:00:00 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2006-08-17 12:30:06 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2004-08-04 12:00:00 198,144 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2005-08-22 18:36:16 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
- 2004-08-04 12:00:00 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2005-11-29 14:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2004-08-04 12:00:00 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 16:04:45 2,137,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 16:04:56 2,058,880 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:04:47 2,017,280 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:04:58 2,181,632 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2004-08-04 12:00:00 145,920 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 12:41:11 143,872 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2004-08-04 12:00:00 1,281,024 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2005-07-26 04:42:36 1,284,608 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2004-08-04 12:00:00 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:42:02 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2004-08-04 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:42:36 75,264 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:42:36 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2004-08-04 12:00:00 118,272 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-10-16 16:16:22 123,392 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
- 2004-08-04 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 09:05:14 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:44:30 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 12:00:00 1,439,744 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-22 05:18:14 1,439,744 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
- 2004-08-04 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-26 17:45:40 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-06-22 10:54:46 181,248 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
- 2004-08-04 12:00:00 176,512 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2004-08-04 12:00:00 139,400 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:11:36 139,528 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2004-08-04 12:00:00 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-11-27 14:55:46 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2004-08-04 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2004-08-04 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:11:53 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2005-07-26 04:42:36 397,824 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2004-08-04 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:23:30 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2004-08-04 12:00:00 1,483,264 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:05:15 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00:00 8,412,672 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:57:22 8,483,328 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2004-08-04 12:00:00 473,600 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 09:05:15 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00:00 135,168 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-12-19 21:51:04 135,168 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
- 2004-08-03 21:07:48 6,400 -c--a-w C:\WINDOWS\system32\dllcache\splitter.sys
+ 2006-06-14 08:47:46 6,400 -c--a-w C:\WINDOWS\system32\dllcache\splitter.sys
- 2004-08-04 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2004-08-04 12:00:00 336,256 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2004-08-04 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-12-07 19:34:12 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
- 2004-08-04 12:00:00 246,302 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-08-24 11:19:52 246,814 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
- 2004-08-04 12:00:00 714,240 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2006-10-20 01:39:31 714,240 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
- 2004-08-04 12:00:00 210,432 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2005-10-17 21:21:40 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
- 2004-08-04 12:00:00 246,272 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
+ 2005-07-08 16:29:17 249,344 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
- 2004-08-04 12:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-04 12:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2005-05-11 02:31:23 77,824 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
- 2004-08-04 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2005-07-26 04:42:36 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2004-08-04 12:00:00 118,784 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2005-08-23 03:40:06 123,904 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
- 2004-08-04 12:00:00 185,856 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-02-05 20:19:48 185,856 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2004-08-04 12:00:00 602,112 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 09:05:15 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 578,560 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-03-08 15:38:47 579,072 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:42:55 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2004-08-04 12:00:00 848,384 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 13:57:29 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-04 12:00:00 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:19:02 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2004-08-04 12:00:00 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:19:02 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-03 21:15:06 82,944 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
- 2004-08-04 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2006-01-04 03:36:30 68,096 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
- 2004-08-04 12:00:00 333,824 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2006-12-19 18:18:25 334,336 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
- 2004-08-04 12:00:00 1,836,160 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:09:45 1,845,504 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2004-08-04 12:00:00 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 09:05:15 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 12:00:00 291,328 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2007-03-17 13:45:36 293,376 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
- 2004-08-04 12:00:00 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:30:06 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2004-08-04 12:00:00 230,400 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-25 08:00:50 230,912 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-04 12:00:00 4,874,240 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 00:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-04 12:00:00 2,105,344 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2007-10-25 08:01:10 2,109,440 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-04 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2006-03-01 19:44:19 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2004-08-04 12:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:38:07 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-03 20:39:38 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2004-08-04 12:00:00 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
- 2004-08-04 12:00:00 263,040 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-08-04 12:00:00 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-08-03 21:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-04 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-04 12:00:00 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-04 12:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-04 12:00:00 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-04 12:00:00 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:11:36 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2004-08-04 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-04 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:55 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-03 21:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2004-08-04 12:00:00 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 12:00:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-04 12:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-03 21:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-08-04 12:00:00 499,229 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-24 11:18:20 499,766 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2004-08-04 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:05:11 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:05:11 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 12:00:00 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:42:34 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2004-08-04 12:00:00 1,092,608 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:30:53 1,092,608 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-04 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:05:11 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 12:00:00 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:28:21 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-04 12:00:00 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2008-05-10 09:07:05 111,784 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-11 09:14:34 129,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-04 12:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:21:40 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 12:00:00 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:08:15 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2004-08-04 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:29:01 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-08-04 12:00:00 349,696 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:43:29 351,744 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2004-08-04 12:00:00 253,952 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:52:57 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
- 2004-08-04 12:00:00 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:05:11 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 12:00:00 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:18:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2004-08-04 12:00:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:05:11 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 12:00:00 95,744 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 13:26:53 95,744 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-04 12:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:08:15 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-04 12:00:00 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:08:15 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2002-02-21 07:19:06 20,547 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2002-02-21 07:19:06 20,549 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-01 18:49:32 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2004-08-04 12:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-01 18:49:32 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2004-08-04 12:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:42:55 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:05:11 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:51:00 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2004-08-04 12:00:00 1,012,224 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:54:44 1,013,248 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-08-04 12:00:00 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 02:28:38 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 12:00:00 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:29:33 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2006-01-21 14:01:22 25,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\genuinst.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-05-10 20:06:15 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-10 18:00:54 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 12:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2004-08-04 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:19:04 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-04 12:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:52:57 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 12:00:00 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:44:19 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:44:19 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-04 12:00:00 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:44:19 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-04 12:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:55:46 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-04 12:00:00 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:35:14 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:05:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 12:00:00 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 12:00:00 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 12:00:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 12:00:00 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:05:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:05:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 12:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:10:36 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-04 12:00:00 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:44:19 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 12:00:00 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:44:19 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2004-08-04 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:30:06 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 12:00:00 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:36:16 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 12:00:00 2,058,112 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:04:56 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-04 12:00:00 2,182,272 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 16:04:58 2,181,632 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-04 12:00:00 145,920 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:41:11 143,872 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-04 12:00:00 1,281,024 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:42:36 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-04 12:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:42:02 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:42:36 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:42:36 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2004-08-04 12:00:00 118,272 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:16:22 123,392 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2008-05-10 08:36:22 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-10 19:51:48 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-10 08:36:22 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-05-10 19:51:48 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-05-10 08:36:22 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-10 19:51:48 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-10 08:36:22 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-05-10 19:51:48 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
- 2004-08-04 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:05:14 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:44:30 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 12:00:00 1,439,744 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:18:14 1,439,744 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:45:40 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:54:46 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-04 12:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:55:46 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:53 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:42:36 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2004-08-04 12:00:00 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:05:15 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 12:00:00 8,412,672 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:22 8,483,328 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 12:00:00 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:05:15 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-04 12:00:00 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:51:04 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-01-19 19:30:18 16,096 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-04 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-11-18 08:42:52 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-04 12:00:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:34:12 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-04 12:00:00 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-24 11:19:52 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-04 12:00:00 714,240 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-20 01:39:31 714,240 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-04 12:00:00 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:21:40 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-04 12:00:00 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:29:17 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 12:00:00 77,312 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-11 02:31:23 77,824 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-04 12:00:00 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:42:36 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 12:00:00 118,784 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:40:06 123,904 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-04 12:00:00 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2004-08-04 12:00:00 602,112 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:05:15 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 578,560 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:42:55 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
- 2004-08-04 12:00:00 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:36:30 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2004-08-04 12:00:00 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:18:25 334,336 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-04 12:00:00 291,328 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 12:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:30:06 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-08-04 12:00:00 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-25 08:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-04 12:00:00 4,874,240 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 00:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\wmpns.dll
- 2004-08-04 12:00:00 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2007-10-25 08:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-04 12:00:00 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:44:19 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2008-02-15 23:03:24 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-01-19 12:52:03 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 12:52:03 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 12:52:04 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 12:52:04 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-08-25 15:51:13 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 21:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 21:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe [2008-05-10 11:04:32 946247]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 11:36:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-11 11:38:18
ComboFix-quarantined-files.txt 2008-05-11 09:38:12
ComboFix2.txt 2008-05-10 14:42:46
ComboFix3.txt 2008-05-10 10:17:51
Pre-Run: 36,436,226,048 bajtów wolnych
Post-Run: 36,580,790,272 bajtów wolnych
703 --- E O F --- 2008-05-10 19:07:06
ComboFix 08-05-09.1 - AP 2008-05-11 11:32:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.184 [GMT 2:00]
Running from: C:\Documents and Settings\AP\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\AP\Pulpit\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
F:\t.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\t.com
.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-11 03:26 . 2008-05-11 03:27 <DIR> d-------- C:\Program Files\OpenOffice.ux.pl 2.4.0
2008-05-11 03:26 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-10 19:39 . 2008-05-10 21:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-10 19:20 . 2008-05-10 19:20 <DIR> d---s---- C:\Documents and Settings\AP\UserData
2008-05-10 19:17 . 2008-05-11 03:26 <DIR> d-------- C:\Program Files\Java
2008-05-10 19:17 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-10 19:05 . 2008-05-10 19:24 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-05-10 19:05 . 2008-05-10 19:06 <DIR> d-------- C:\Documents and Settings\AP\Gadu-Gadu
2008-05-10 17:54 . 2008-05-10 17:54 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-10 17:54 . 2008-05-10 17:54 <DIR> d-------- C:\Program Files\Ahead
2008-05-10 17:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-10 17:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-10 17:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-10 17:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-10 17:54 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-10 17:54 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-05-10 17:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-10 17:54 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 09:29 --------- d-----w C:\Program Files\Wanadoo
2008-05-10 09:11 --------- d-----w C:\Program Files\Kerio
2008-05-10 09:04 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 09:04 --------- d-----w C:\Program Files\SAGEM
2008-05-10 09:04 --------- d-----w C:\Program Files\JavaSoft
2008-05-10 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 08:29 --------- d-----w C:\Program Files\Realtek
2008-05-10 08:28 --------- d-----w C:\Program Files\AMD
2008-05-10 08:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-10 08:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 08:13 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-10_12.16.57,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 10:08:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 09:28:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-24 17:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 16:04:45 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 16:04:56 2,058,880 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 16:04:47 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 16:04:58 2,181,632 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2004-08-04 12:00:00 1,033,728 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:23:49 1,034,752 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-04 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2008-05-11 01:27:19 2,273,280 ----a-r C:\WINDOWS\Installer\{C24906E2-041C-482F-A253-27180A4D488B}\soffice.exe
- 2004-08-04 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:05:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:48:14 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-04 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:59:43 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:18:38 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 12:00:00 1,017,344 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:05:10 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 12:00:00 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:42:32 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2004-08-04 12:00:00 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:42:33 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-04 12:00:00 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:05:10 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 12:00:00 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:55:33 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:18:13 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2004-08-04 12:00:00 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:42:33 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2004-08-04 12:00:00 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:42:33 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 12:00:00 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:42:33 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-04 12:00:00 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:42:33 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2004-08-04 12:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:51:15 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2004-08-04 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:42:33 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:42:34 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-04 12:00:00 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:42:34 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2004-08-04 12:00:00 1,055,232 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:05:11 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-04 12:00:00 110,592 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 13:26:53 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2004-08-04 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:59:43 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2004-08-03 20:39:38 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2006-02-15 00:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
- 2004-08-04 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:05:18 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-08-04 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:48:14 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-08-04 12:00:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:18:38 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2004-08-04 12:00:00 1,017,344 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:05:10 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:42:32 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2004-08-04 12:00:00 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:42:33 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2004-08-04 12:00:00 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:05:10 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-04 12:00:00 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 01:55:33 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
- 2004-08-04 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-06-22 05:18:13 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2004-08-04 12:00:00 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:42:33 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2004-08-04 12:00:00 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:42:33 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2004-08-04 12:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:42:33 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2004-08-04 12:00:00 195,584 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2005-07-26 04:42:33 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2004-08-04 12:00:00 611,328 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2006-08-25 15:51:15 617,472 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2004-08-04 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:42:33 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:42:34 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2004-08-04 12:00:00 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:42:34 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2004-08-04 12:00:00 1,055,232 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 09:05:11 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 12:00:00 110,592 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2006-05-19 13:26:53 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2004-08-04 12:00:00 81,408 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:18:58 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2004-08-04 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:38:07 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:38:07 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2004-08-04 12:00:00 499,229 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2006-08-24 11:18:20 499,766 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2004-08-04 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:05:11 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:05:11 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2005-07-26 04:42:34 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2004-08-04 12:00:00 1,092,608 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:30:53 1,092,608 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
- 2004-08-04 12:00:00 1,033,728 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 13:23:49 1,034,752 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2004-08-04 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 09:05:11 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 12:28:21 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2004-08-04 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2004-08-04 12:00:00 124,800 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2004-08-04 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:21:40 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-04 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:41 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2005-05-27 02:08:15 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2004-08-04 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:29:01 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2004-08-04 12:00:00 253,952 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2005-06-29 01:52:57 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
- 2004-08-04 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 249,344 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 09:05:11 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:18:06 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2004-08-04 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 09:05:11 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-04 12:00:00 95,744 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-19 13:26:53 95,744 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2004-08-04 12:00:00 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-08-04 12:00:00 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2005-05-27 02:08:15 155,136 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2004-08-04 12:00:00 134,144 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2005-05-27 02:08:15 137,216 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2006-06-01 18:49:32 163,840 -c----w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:49:32 27,648 -c----w C:\WINDOWS\system32\dllcache\jgpl400.dll
- 2004-08-04 12:00:00 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:42:55 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-04 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 09:05:11 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
+ 2005-06-15 17:51:00 295,936 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
- 2004-08-04 12:00:00 1,012,224 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:54:44 1,013,248 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2004-08-03 21:07:50 171,776 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2006-06-14 08:47:45 172,416 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
- 2004-08-04 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 02:28:38 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2004-08-04 12:00:00 723,968 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:29:33 723,968 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-08-04 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-03-08 15:38:47 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2004-08-04 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:19:04 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2004-08-04 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2004-08-04 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-04 12:00:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
+ 2006-03-23 05:51:28 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
- 2004-08-04 12:00:00 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:09:22 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2004-08-04 12:00:00 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:09:22 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-08-04 12:00:00 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:09:22 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2005-06-29 01:52:57 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-04 12:00:00 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:44:19 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:44:19 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2004-08-04 12:00:00 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:44:19 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2004-08-04 12:00:00 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:55:46 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2004-08-04 12:00:00 3,003,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 22:35:14 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2004-08-04 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 09:05:13 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 12:00:00 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 12:00:00 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:09:22 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2004-08-04 12:00:00 1,311,232 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:19:02 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 09:05:13 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 12:00:00 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 09:05:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:10:36 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-04 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:44:19 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2004-08-04 12:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-03-01 19:44:19 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
- 2004-08-04 12:00:00 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2006-08-17 12:30:06 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2004-08-04 12:00:00 198,144 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2005-08-22 18:36:16 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
- 2004-08-04 12:00:00 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2005-11-29 14:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2004-08-04 12:00:00 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 16:04:45 2,137,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 16:04:56 2,058,880 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:04:47 2,017,280 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:04:58 2,181,632 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2004-08-04 12:00:00 145,920 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 12:41:11 143,872 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2004-08-04 12:00:00 1,281,024 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2005-07-26 04:42:36 1,284,608 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2004-08-04 12:00:00 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:42:02 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2004-08-04 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:42:36 75,264 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:42:36 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2004-08-04 12:00:00 118,272 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-10-16 16:16:22 123,392 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
- 2004-08-04 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 09:05:14 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:44:30 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 12:00:00 1,439,744 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-22 05:18:14 1,439,744 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
- 2004-08-04 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-26 17:45:40 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-06-22 10:54:46 181,248 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
- 2004-08-04 12:00:00 176,512 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2004-08-04 12:00:00 139,400 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:11:36 139,528 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2004-08-04 12:00:00 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-11-27 14:55:46 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2004-08-04 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2004-08-04 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:11:53 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2005-07-26 04:42:36 397,824 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2004-08-04 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:23:30 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2004-08-04 12:00:00 1,483,264 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:05:15 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00:00 8,412,672 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:57:22 8,483,328 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2004-08-04 12:00:00 473,600 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 09:05:15 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00:00 135,168 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-12-19 21:51:04 135,168 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
- 2004-08-03 21:07:48 6,400 -c--a-w C:\WINDOWS\system32\dllcache\splitter.sys
+ 2006-06-14 08:47:46 6,400 -c--a-w C:\WINDOWS\system32\dllcache\splitter.sys
- 2004-08-04 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2004-08-04 12:00:00 336,256 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2004-08-04 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-12-07 19:34:12 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
- 2004-08-04 12:00:00 246,302 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-08-24 11:19:52 246,814 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
- 2004-08-04 12:00:00 714,240 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2006-10-20 01:39:31 714,240 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
- 2004-08-04 12:00:00 210,432 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2005-10-17 21:21:40 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
- 2004-08-04 12:00:00 246,272 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
+ 2005-07-08 16:29:17 249,344 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
- 2004-08-04 12:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-04 12:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2005-05-11 02:31:23 77,824 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
- 2004-08-04 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2005-07-26 04:42:36 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2004-08-04 12:00:00 118,784 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2005-08-23 03:40:06 123,904 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
- 2004-08-04 12:00:00 185,856 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-02-05 20:19:48 185,856 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2004-08-04 12:00:00 602,112 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 09:05:15 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 578,560 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-03-08 15:38:47 579,072 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:42:55 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2004-08-04 12:00:00 848,384 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 13:57:29 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-04 12:00:00 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:19:02 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2004-08-04 12:00:00 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:19:02 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-03 21:15:06 82,944 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
- 2004-08-04 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2006-01-04 03:36:30 68,096 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
- 2004-08-04 12:00:00 333,824 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2006-12-19 18:18:25 334,336 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
- 2004-08-04 12:00:00 1,836,160 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:09:45 1,845,504 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2004-08-04 12:00:00 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 09:05:15 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 12:00:00 291,328 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2007-03-17 13:45:36 293,376 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
- 2004-08-04 12:00:00 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:30:06 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2004-08-04 12:00:00 230,400 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-25 08:00:50 230,912 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-04 12:00:00 4,874,240 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 00:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-04 12:00:00 2,105,344 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2007-10-25 08:01:10 2,109,440 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-04 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2006-03-01 19:44:19 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2004-08-04 12:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:38:07 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-03 20:39:38 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2004-08-04 12:00:00 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
- 2004-08-04 12:00:00 263,040 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-08-04 12:00:00 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-08-03 21:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-04 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-04 12:00:00 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-04 12:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-04 12:00:00 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-04 12:00:00 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:11:36 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2004-08-04 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-04 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:55 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-03 21:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2004-08-04 12:00:00 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 12:00:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-04 12:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-03 21:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-08-04 12:00:00 499,229 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-24 11:18:20 499,766 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2004-08-04 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:05:11 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:05:11 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 12:00:00 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:42:34 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2004-08-04 12:00:00 1,092,608 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:30:53 1,092,608 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-04 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:05:11 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 12:00:00 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:28:21 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-04 12:00:00 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2008-05-10 09:07:05 111,784 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-11 09:14:34 129,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-04 12:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:21:40 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 12:00:00 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:08:15 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2004-08-04 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:29:01 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-08-04 12:00:00 349,696 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:43:29 351,744 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2004-08-04 12:00:00 253,952 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:52:57 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
- 2004-08-04 12:00:00 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:05:11 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 12:00:00 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:18:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2004-08-04 12:00:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:05:11 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 12:00:00 95,744 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 13:26:53 95,744 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-04 12:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:08:15 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-04 12:00:00 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:08:15 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2002-02-21 07:19:06 20,547 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2002-02-21 07:19:06 20,549 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-01 18:49:32 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2004-08-04 12:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-01 18:49:32 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2004-08-04 12:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:42:55 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:05:11 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:51:00 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2004-08-04 12:00:00 1,012,224 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:54:44 1,013,248 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-08-04 12:00:00 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 02:28:38 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 12:00:00 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:29:33 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2006-01-21 14:01:22 25,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\genuinst.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-05-10 20:06:15 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-10 18:00:54 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 12:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2004-08-04 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:19:04 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-04 12:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:52:57 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 12:00:00 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:44:19 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:44:19 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-04 12:00:00 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:44:19 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-04 12:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:55:46 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-04 12:00:00 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:35:14 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:05:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 12:00:00 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 12:00:00 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 12:00:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 12:00:00 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:05:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:05:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 12:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:10:36 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-04 12:00:00 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:44:19 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 12:00:00 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:44:19 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2004-08-04 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:30:06 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 12:00:00 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:36:16 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 12:00:00 2,058,112 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:04:56 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-04 12:00:00 2,182,272 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 16:04:58 2,181,632 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-04 12:00:00 145,920 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:41:11 143,872 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-04 12:00:00 1,281,024 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:42:36 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-04 12:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:42:02 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:42:36 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:42:36 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2004-08-04 12:00:00 118,272 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:16:22 123,392 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2008-05-10 08:36:22 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-10 19:51:48 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-10 08:36:22 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-05-10 19:51:48 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-05-10 08:36:22 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-10 19:51:48 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-10 08:36:22 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-05-10 19:51:48 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
- 2004-08-04 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:05:14 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:44:30 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 12:00:00 1,439,744 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:18:14 1,439,744 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:45:40 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:54:46 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-04 12:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:55:46 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:53 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:42:36 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2004-08-04 12:00:00 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:05:15 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 12:00:00 8,412,672 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:22 8,483,328 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 12:00:00 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:05:15 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-04 12:00:00 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:51:04 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-01-19 19:30:18 16,096 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-04 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-11-18 08:42:52 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-04 12:00:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:34:12 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-04 12:00:00 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-24 11:19:52 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-04 12:00:00 714,240 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-20 01:39:31 714,240 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-04 12:00:00 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:21:40 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-04 12:00:00 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:29:17 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 12:00:00 77,312 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-11 02:31:23 77,824 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-04 12:00:00 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:42:36 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 12:00:00 118,784 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:40:06 123,904 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-04 12:00:00 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2004-08-04 12:00:00 602,112 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:05:15 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 578,560 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:42:55 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
- 2004-08-04 12:00:00 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:36:30 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2004-08-04 12:00:00 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:18:25 334,336 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-04 12:00:00 291,328 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 12:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:30:06 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-08-04 12:00:00 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-25 08:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-04 12:00:00 4,874,240 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 00:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\wmpns.dll
- 2004-08-04 12:00:00 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2007-10-25 08:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-04 12:00:00 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:44:19 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2008-02-15 23:03:24 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-01-19 12:52:03 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 12:52:03 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 12:52:04 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 12:52:04 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-08-25 15:51:13 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 21:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 21:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe [2008-05-10 11:04:32 946247]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 11:36:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-11 11:38:18
ComboFix-quarantined-files.txt 2008-05-11 09:38:12
ComboFix2.txt 2008-05-10 14:42:46
ComboFix3.txt 2008-05-10 10:17:51
Pre-Run: 36,436,226,048 bajtów wolnych
Post-Run: 36,580,790,272 bajtów wolnych
703 --- E O F --- 2008-05-10 19:07:06
- abdul83
- Forumowicz
- Posty: 5
- Dołączenie: 10 Maj 2008, 16:00
przez huber2t » 11 Maj 2008, 12:38
UA:
Log ok
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez pykoo » 13 Maj 2008, 13:07
UA:
jeszcze raz dzieki za pomoc
mam jeszcze jedno pytanie sadze ze infekcji nabawiłem sie przez pendriva
sformatowałem go ale cały czas sa na nim pliki
v.com
autorun.inf
w internecie wyczytałem, że powoduja one te bledy amvo.exe
podłączyłem pena, ale komputer raczej nie został zainfekowany przynajmniej nie ma jeszcze objawów
moje pytanie jak czy te pliki są groźne i jak je osunąć??
mam jeszcze jedno pytanie sadze ze infekcji nabawiłem sie przez pendriva
sformatowałem go ale cały czas sa na nim pliki
v.com
autorun.inf
w internecie wyczytałem, że powoduja one te bledy amvo.exe
podłączyłem pena, ale komputer raczej nie został zainfekowany przynajmniej nie ma jeszcze objawów
moje pytanie jak czy te pliki są groźne i jak je osunąć??
- pykoo
- Forumowicz
- Posty: 28
- Dołączenie: 09 Maj 2008, 17:37
przez huber2t » 13 Maj 2008, 13:55
UA:
to są wirusy
Do wyleczenia pendrive z wirusów użyj tego lub format
Albo podłacz pendrive i wykonaj skan combofixem
Do wyleczenia pendrive z wirusów użyj tego lub format
Albo podłacz pendrive i wykonaj skan combofixem
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez pykoo » 13 Maj 2008, 18:13
UA:
log z combofixa chyba nic nie wykrył
pendrive to u mnie dysk H
oczywiście był podłączony do komputera
a ten program co podałeś wcześniej nie chciał jakoś nie chciał działać
pendrive to u mnie dysk H
oczywiście był podłączony do komputera
a ten program co podałeś wcześniej nie chciał jakoś nie chciał działać
- Kod: Zaznacz wszystko
ComboFix 08-05-12.1 - pykoo 2008-05-13 18:03:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.243 [GMT 2:00]
Running from: C:\Documents and Settings\pykoo\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.
2008-05-10 15:05 . 2008-05-10 15:05 <DIR> d-------- C:\FPC
2008-05-09 18:09 . 2008-05-09 18:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-09 18:09 . 2008-05-09 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-05 18:06 . 2008-05-05 18:06 <DIR> d-------- C:\DESKJET
2008-05-05 18:04 . 2008-05-05 18:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-05 16:56 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-05 16:56 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 17:24 . 2008-05-02 17:24 <DIR> d-------- C:\Logs
2008-05-02 16:46 . 2008-05-02 16:46 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\Ahead
2008-05-02 14:53 . 2008-05-02 14:53 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-01 22:41 . 2008-05-01 22:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-01 22:12 . 2008-05-01 22:54 <DIR> d-------- C:\Program Files\Norton Ghost
2008-05-01 22:11 . 2008-05-01 22:11 <DIR> d-------- C:\Program Files\Symantec
2008-05-01 22:11 . 2008-05-01 22:55 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-01 22:11 . 2008-05-01 22:36 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\Symantec
2008-05-01 22:11 . 2008-05-01 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-01 22:05 . 2008-05-02 16:58 <DIR> d-------- C:\Program Files\FlashGet
2008-05-01 22:05 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-05-01 21:21 . 2008-05-01 21:21 <DIR> d-------- C:\Program Files\IrfanView
2008-05-01 20:53 . 2008-05-01 20:53 <DIR> d-------- C:\Program Files\LightSurf
2008-05-01 20:51 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 20:17 . 2008-05-01 20:18 <DIR> d-------- C:\Program Files\KonnektPlus
2008-05-01 20:15 . 2008-05-01 20:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-01 19:52 . 2008-05-01 19:52 <DIR> d-------- C:\WINDOWS\nview
2008-05-01 19:52 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-01 19:52 . 2008-05-01 19:53 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-01 19:52 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-01 19:51 . 2008-05-01 19:51 <DIR> d-------- C:\NVIDIA
2008-05-01 19:51 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-01 19:48 . 2008-05-01 19:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-01 19:48 . 2008-05-01 19:48 <DIR> d-------- C:\Program Files\Ahead
2008-05-01 19:48 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-05-01 19:48 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-05-01 19:48 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-05-01 19:48 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-01 19:48 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-01 19:48 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-05-01 19:48 . 2008-05-01 19:48 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-05-01 19:45 . 2008-05-01 19:45 2,301 --a------ C:\WINDOWS\mozver.dat
2008-05-01 19:41 . 2008-05-01 19:42 <DIR> d-------- C:\Program Files\DivX
2008-05-01 19:36 . 2008-05-01 19:36 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-01 19:36 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-01 19:30 . 2008-05-01 19:30 <DIR> d-------- C:\Program Files\Xvid
2008-05-01 19:30 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-01 19:30 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-01 19:30 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-01 18:55 . 2008-05-01 18:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-01 18:05 . 2008-05-10 18:51 1,224 --a------ C:\WINDOWS\bestplayer.ini
2008-05-01 18:05 . 2008-05-10 18:51 28 --a------ C:\WINDOWS\bestplayer.bpp
2008-05-01 18:05 . 2008-05-10 18:51 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-05-01 17:55 . 2008-05-01 17:55 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-01 17:47 . 2008-05-09 19:44 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-01 17:47 . 2008-05-01 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-05-01 17:45 . 2008-05-01 17:53 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-01 17:43 . 2008-05-01 17:43 <DIR> d-------- C:\Program Files\eMule
2008-05-01 17:42 . 2008-05-01 17:42 <DIR> d-------- C:\Program Files\foobar2000
2008-05-01 17:42 . 2008-05-12 14:09 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\foobar2000
2008-05-01 17:37 . 2008-05-01 17:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-01 17:36 . 2008-05-01 17:37 <DIR> d-------- C:\Program Files\BitComet
2008-05-01 17:02 . 2008-05-01 19:04 14 --a------ C:\WINDOWS\system32\getfile.dat
2008-05-01 15:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-01 15:54 . 2008-05-01 15:54 421 --a------ C:\WINDOWS\ODBC.INI
2008-05-01 15:53 . 2008-05-01 15:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-01 15:52 . 2008-05-01 15:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-01 15:52 . 2008-05-01 15:52 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-01 15:29 . 2008-05-01 16:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-01 15:29 . 2008-05-01 15:29 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-01 15:28 . 2008-05-01 22:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-01 15:17 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-01 15:17 . 2008-05-01 16:44 3,366 --a------ C:\WINDOWS\Ascd_tmp.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 14:58 --------- d-----w C:\Program Files\Opera
2008-05-01 14:16 --------- d-----w C:\Program Files\Neostrada TP
2008-05-01 14:13 --------- d-----w C:\Program Files\Thomson
2008-05-01 12:52 --------- d-----w C:\Program Files\Softwin
2008-05-01 12:52 --------- d-----w C:\Program Files\Common Files\Softwin
2008-05-01 12:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-01 12:28 --------- d-----w C:\Program Files\Usługi online
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2003-07-17 02:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-17 02:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 07:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2004-02-11 08:49 2015232]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28 360448]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09 33280]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\KonnektPlus\\konnekt.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27308:TCP"= 27308:TCP:BitComet 27308 TCP
"27308:UDP"= 27308:UDP:BitComet 27308 UDP
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2005-07-28 15:42]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 18:05:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-13 18:05:25
ComboFix-quarantined-files.txt 2008-05-13 16:05:23
Pre-Run: 8,168,935,424 bajtów wolnych
Post-Run: 8,159,989,760 bajtów wolnych
155
- pykoo
- Forumowicz
- Posty: 28
- Dołączenie: 09 Maj 2008, 17:37
61 posty(ów)
• Strona 2 z 5 • 1, 2, 3, 4, 5
Kto jest na forum
Zarejestrowani użytkownicy: Google [Bot]