Prosím o kontrolu logo z ComboFix

[kovárna]

jinak jsem si myslel,že nemam problém s pc,jenom jsem tak zkusil dát sem log z combofixu...

[motji]

tu složku pak smázneme combofixem, když tak mi to připomente .
Aby jste se Vy nenudil , máte toho trochu víc, zítra mknu na logy

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[kovárna]

zítra??? to bude tak za týden
ok,zatim díky a dobrou

[motji]

Klidně za týden , ale tak zlé to snad nebude , Avptool nechte běžet přes noc a u gmeru budu držet pěsti at to není na půl dne .
Dobrou noc

[kovárna]

Zdravím

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

SPTD mi nenabízí možnost Uninstall...

[kovárna]

Gmer log č. 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-30 17:35:12
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ENDA~1\LOCALS~1\Temp\pwpdykoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

[kovárna]

ten 2. log se nedaří,pc se na konci vždy sekne...zkusím zítra...

[motji]

Tak to stopněte těsně před koncem a udělejte log nebo ho zkuste v nouzovém režimu

[kovárna]

Zdravím ten 2.log jsem prostě nedostanu...v nouzovém r. se mi sám restartoval pc a vyskočila hláška o závažné chybě... nebo proste Gmer přestal komunikovat...v normálním režimu Gmer test dodělá,ale jakmile kliknu na save tak přestane komunikovat a musim ručně restartovat...

[kovárna]

zatím log z MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[kovárna]

log AVP Tool

Autoscan: completed 1 hour ago (events: 2, objects: 257016, time: 01:10:50)
31.12.2009 14:35:08 Task started
31.12.2009 15:45:59 Task completed

[kovárna]

Gmer log č. 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-31 17:39:16
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ENDA~1\LOCALS~1\Temp\pwpdykoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xA9F26C90]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xA9F26D7E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xA9F26BF4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateThread [0xA9F26EC4]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9A2B000, 0x17C39E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[716] SHELL32.dll!SHFileOperationW 7CA6FDEE 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\prodrv06 \Device\ProDrv06 E20FC008
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E16E9EC0

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Services\MRxDAV\EncryptedDirectories@

---- EOF - GMER 1.0.15 ----

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Restore::
c:\windows\system32\user32.dll
c:\windows\system32\winlogon.exe
Folder::
C:\Documents and Settings\čenda\Dokumenty\ICQ\207539483\ReceivedFiles\441096987 kika

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[kovárna]

Přeju hezký nový rok 2010

ten soubor kika se nesmazal...

ComboFix 09-12-29.03 - čenda 01.01.2010 11:15:08.4.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1514 [GMT 1:00]
Spuštěný z: c:\documents and settings\čenda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\čenda\Plocha\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\źenda\Dokumenty\cc_20091103_235724.reg
c:\documents and settings\źenda\Dokumenty\cc_20100101_090841.reg

Nakažená kopie c:\windows\system32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

c:\windows\system32\winlogon.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-05 11:55 . 2009-12-05 11:55 -------- d-----r- c:\documents and settings\LocalService\Dokumenty

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 10:17 . 2008-09-27 21:21 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-01 08:14 . 2008-08-27 06:20 -------- d-----w- c:\program files\VideoLAN
2009-12-31 14:25 . 2008-08-24 22:15 -------- d-----w- c:\program files\SpeedFan
2009-12-29 23:00 . 2008-08-24 20:20 -------- d-----w- c:\program files\D-Tools
2009-12-29 18:55 . 2009-02-13 23:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-29 18:17 . 2008-08-23 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 18:12 . 2008-12-12 18:18 -------- d-----w- c:\program files\Giant
2009-12-28 19:48 . 2009-07-15 19:45 -------- d-----w- c:\program files\ICQ6.5
2009-12-28 18:38 . 2009-02-12 15:52 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-12-28 16:33 . 2008-09-28 05:23 -------- d-----w- c:\program files\BitDefender
2009-12-28 16:31 . 2008-10-28 10:16 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-28 16:25 . 2009-11-28 16:16 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-24 21:57 . 2009-01-25 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 17:58 . 2009-11-07 16:08 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-24 17:58 . 2009-11-07 16:08 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-17 22:15 . 2008-08-24 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 09:19 . 2009-08-07 16:33 -------- d-----w- c:\program files\Common Files\Real
2009-12-05 08:39 . 2009-11-25 19:55 -------- d-----w- c:\program files\ffdshow
2009-12-03 15:14 . 2009-01-25 21:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-01-25 21:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 15:11 . 2009-11-29 15:11 0 ----a-w- c:\windows\system32\wsbl.dat
2009-11-29 15:11 . 2009-11-29 15:11 0 ----a-w- c:\windows\system32\ph_white.dat
2009-11-29 15:11 . 2009-11-29 15:11 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-11-29 15:11 . 2009-11-29 15:11 0 ----a-w- c:\windows\system32\ph_black.dat
2009-11-29 15:11 . 2009-11-29 15:11 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-11-29 15:11 . 2009-11-29 15:11 0 ----a-w- c:\windows\system32\pcwords.dat
2009-11-28 13:21 . 2009-11-28 13:21 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-11-28 13:21 . 2009-11-28 13:21 16 ----a-w- c:\windows\system32\asdict.dat
2009-11-28 13:03 . 2009-11-21 21:21 -------- d-----w- c:\program files\AVS4YOU
2009-11-28 12:17 . 2008-11-27 18:50 -------- d-----w- c:\program files\Common Files\Softwin
2009-11-25 21:09 . 2009-01-04 21:01 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-21 21:11 . 2009-11-21 21:11 -------- d-----w- c:\program files\MediaInfo
2009-11-21 16:46 . 2004-08-17 15:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 16:08 . 2009-11-07 16:08 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-07 16:08 . 2009-11-07 16:08 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-07 16:01 . 2008-09-07 21:25 -------- d-----w- c:\program files\Activision
2009-11-03 23:06 . 2009-02-13 23:08 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-03 22:59 . 2009-05-31 18:08 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-11-03 22:59 . 2009-02-13 23:08 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-11-03 22:20 . 2008-08-24 20:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-03 22:20 . 2008-08-27 08:14 -------- d-----w- c:\program files\Lavasoft
2009-11-03 18:41 . 2009-10-17 17:52 7 ----a-w- c:\windows\sbacknt.bin
2009-10-29 07:45 . 2004-08-17 15:49 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2004-08-17 15:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2004-08-17 15:49 17408 ------w- c:\windows\system32\corpol.dll
2009-10-25 09:51 . 2001-10-25 16:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 09:51 . 2001-10-25 16:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-10-21 06:03 . 2004-08-17 15:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2004-08-17 15:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 17:52 . 2009-10-17 17:52 152904 ----a-w- c:\windows\system32\vghd.scr
2009-10-13 10:53 . 2004-08-17 15:49 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-17 15:49 112640 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54 . 2004-08-17 15:49 69632 ----a-w- c:\windows\system32\raschap.dll
2009-12-28 18:38 . 2009-11-28 13:17 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-01-28 22:30 . 2008-09-11 21:06 12070944 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\kbdclass.sys
[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\netman.dll
[-] 2005-08-22 . 86AD5B0E02F2C968FBB096AB4C555C9C . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 86AD5B0E02F2C968FBB096AB4C555C9C . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
[-] 2005-08-22 . BB0557B62B95F366464C3C60A0BD6BDF . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2008-04-14 . CB1090BCA0E7B40D0B5B4E4D66531809 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\comctl32.dll
[-] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 . E26B26189B786E6B092F002041D5A1E2 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . E26B26189B786E6B092F002041D5A1E2 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:32 . 398314DF0B21338C4996B469101750D1 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 398314DF0B21338C4996B469101750D1 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:25 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:19 . 3440C414044935B124B5821C0994B37F . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 03:21 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\es.dll
[-] 2005-07-26 04:30 . 7B9199B6809586DC2CF30D411CECBD33 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-17 15:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\linkinfo.dll
[-] 2005-09-01 . 3E611531CC70649635FC890B421AECD0 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . B5DE324E0F9AEBEC885ABF5DB6B2F73D . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . B5DE324E0F9AEBEC885ABF5DB6B2F73D . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\msvcrt.dll
[-] 2008-04-14 . EC8D5E09C6CA5F52858A5EB71F308FDF . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . A6E79B60AC73241E5721AB6A573D2B24 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . A6E79B60AC73241E5721AB6A573D2B24 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 37BABA5DBD9027837FDC27E5D6EF33E1 . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\mswsock.dll
[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[7] 2009-02-06 . 1F43B8C0F4C767FBED89711C30E704D9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 1F43B8C0F4C767FBED89711C30E704D9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tapisrv.dll
[-] 2005-07-08 . 2EB5536278D697C5895A48514682BF64 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 250241D65CCF692AEACC318A266413C2 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 250241D65CCF692AEACC318A266413C2 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[-] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . 9B32416BD5988C97B6397CE0B02CAF97 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\shsvcs.dll
[-] 2006-12-19 . E26EDC7AFA8DA3C528055EABC82C8C79 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . E26EDC7AFA8DA3C528055EABC82C8C79 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . F961FDD353F9451440197024FDDFE086 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2001-10-25 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 03:21 . 7C3351F60B759D5D917E68342AE3307C . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\mfc40u.dll
[-] 2006-11-01 19:19 . 6C44E5766939B7552BFF75B2B6FF1161 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:19 . 6C44E5766939B7552BFF75B2B6FF1161 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2001-10-25 16:00 . A9D81C87BEF253D4CE3A5F8CEE2526C4 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-17 15:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 03:21 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ntmssvc.dll
[-] 2004-08-17 15:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-17 15:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\upnphost.dll
[-] 2007-02-05 . 6FD45FDC0C32BC4E81F718B671A3E017 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 0C0C2C77C6B52181369594F2AA36AF40 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 0C0C2C77C6B52181369594F2AA36AF40 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-29_22.07.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-27 20:48 . 2008-07-08 12:59 18296 c:\windows\system32\spmsg.dll
- 2008-09-27 20:48 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2004-08-17 15:49 . 2007-03-08 15:38 40960 c:\windows\system32\mf3216.dll
+ 2004-08-17 15:49 . 2007-03-08 15:51 40960 c:\windows\system32\mf3216.dll
+ 2004-08-17 15:49 . 2007-03-08 15:51 40960 c:\windows\system32\dllcache\mf3216.dll
- 2004-08-17 15:49 . 2007-03-08 15:38 40960 c:\windows\system32\dllcache\mf3216.dll
+ 2004-08-17 15:49 . 2007-03-08 15:51 578048 c:\windows\system32\user32.dll
+ 2004-08-17 15:49 . 2008-10-23 12:52 284160 c:\windows\system32\gdi32.dll
- 2008-08-23 22:35 . 2009-11-11 21:24 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-23 22:35 . 2009-12-30 16:27 118152 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-17 15:49 . 2008-10-23 12:52 284160 c:\windows\system32\dllcache\gdi32.dll
+ 2009-11-11 20:52 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB969947_0$\spuninst\updspapi.dll
+ 2009-11-11 20:52 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB969947_0$\spuninst\spuninst.exe
- 2009-11-11 20:52 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
- 2009-11-11 20:52 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2008-12-14 22:19 . 2008-07-09 07:36 391032 c:\windows\$NtUninstallKB956802_0$\spuninst\updspapi.dll
+ 2008-12-14 22:19 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB956802_0$\spuninst\spuninst.exe
+ 2008-12-14 22:19 . 2008-02-20 06:51 282624 c:\windows\$NtUninstallKB956802_0$\gdi32.dll
- 2008-12-14 22:19 . 2008-07-09 07:36 391032 c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
- 2008-12-14 22:19 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2004-08-17 15:44 . 2009-08-14 15:06 1859328 c:\windows\system32\win32k.sys
+ 2004-08-17 15:44 . 2009-08-14 15:06 1859328 c:\windows\system32\dllcache\win32k.sys
+ 2009-11-11 20:52 . 2009-04-19 20:11 1846656 c:\windows\$NtUninstallKB969947_0$\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-17 2002160]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-12-28 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-08-30 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 14:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\čenda\\Dokumenty\\DC strong\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Kyodai Mahjongg\\kmj.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29.2.2008 15:03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 15:03 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [6.10.2008 18:16 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18.9.2008 12:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12.2.2009 16:52 104456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 15:51 4096]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20.1.2009 19:16 172032]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [6.9.2009 20:38 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [6.9.2009 20:38 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [6.9.2009 20:38 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [6.9.2009 20:38 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [6.9.2009 20:38 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\čenda\Data aplikací\Mozilla\Firefox\Profiles\hgqcs2k6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 11:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1004336348-879983540-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:23,11,0f,51,b9,e7,93,0f,54,d7,c9,98,d0,0d,99,df,18,ea,18,94,5d,
59,a5,9f,86,64,cf,93,34,f1,3c,f6,d7,62,1b,3a,bc,88,2f,a8,75,35,4f,4e,32,02,\
"rkeysecu"=hex:0e,14,70,c0,92,08,57,09,04,10,69,92,65,36,5a,d6
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4024)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-01-01 11:22:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-01 10:21
ComboFix2.txt 2009-12-29 22:10

Před spuštěním: Volných bajtů: 13 495 861 248
Po spuštění: Volných bajtů: 13 467 062 272

- - End Of File - - 45353B5A8CCD2907469BAD1C602948FA

[motji]

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

-uložte ho na plochu a spustte.
-do okénka zkopírujte

Kód: Vybrat vše

:filefind
441096987 kika
winlogon.exe

-klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem