Logfile of random's system information tool 1.06 (written by random/random)
Run by Xell at 2010-02-12 19:10:44
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (17%) free of 14 GB
Total RAM: 447 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:07, on 12.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\explorer\explorer.exe
D:\MS Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\taskmgr.exe
D:\RSIT(2).exe
D:\Xell.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MS Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Xell\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "D:\MS Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\explorer\explorer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\explorer\explorer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\explorer\explorer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\explorer\explorer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MS Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Služba Google Update (gupdate1ca013955f170d0) (gupdate1ca013955f170d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
--
End of file - 4700 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-22 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\MS Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Xell\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-24 150768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=D:\MS Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-22 198160]
"HKLM"=C:\WINDOWS\system32\explorer\explorer.exe [2005-04-10 762676]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\system32\explorer\explorer.exe [2005-04-10 762676]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-16 323392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"HKCU"=C:\WINDOWS\system32\explorer\explorer.exe [2005-04-10 762676]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\system32\explorer\explorer.exe [2005-04-10 762676]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\MS Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\MS Office\Office12\OUTLOOK.EXE"="D:\MS Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\MS Office\Office12\GROOVE.EXE"="D:\MS Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\MS Office\Office12\ONENOTE.EXE"="D:\MS Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-12 09:45:47 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-12 00:30:09 ----AC---- C:\Documents and Settings\Xell\Data aplikací\SQLite3.dll
2010-02-10 10:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 10:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 10:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 10:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 10:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 10:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 10:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 10:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 10:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-05 19:31:09 ----DC---- C:\Program Files\HP
2010-01-25 14:53:39 ----DC---- C:\Documents and Settings\Xell\Data aplikací\BitTorrent
2010-01-22 20:41:12 ----DC---- C:\Program Files\Common Files\xing shared
2010-01-22 20:40:53 ----AC---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-22 20:40:30 ----AC---- C:\WINDOWS\system32\pndx5032.dll
2010-01-22 20:40:30 ----AC---- C:\WINDOWS\system32\pndx5016.dll
2010-01-22 20:40:26 ----AC---- C:\WINDOWS\system32\pncrt.dll
2010-01-22 20:40:15 ----DC---- C:\Program Files\Real
2010-01-19 15:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-12 19:10:52 ----DC---- C:\WINDOWS\Prefetch
2010-02-12 19:05:42 ----DC---- C:\Program Files\Mozilla Firefox
2010-02-12 19:04:35 ----DC---- C:\Documents and Settings\Xell\Data aplikací\DNA
2010-02-12 17:54:48 ----DC---- C:\WINDOWS\temp
2010-02-12 17:54:25 ----DC---- C:\Program Files\DNA
2010-02-12 16:03:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 12:59:05 ----RDC---- C:\Program Files
2010-02-12 12:59:03 ----DC---- C:\WINDOWS\system32\drivers
2010-02-12 12:17:05 ----AC---- C:\WINDOWS\WINCMD.INI
2010-02-12 09:47:49 ----SHDC---- C:\WINDOWS\Installer
2010-02-12 09:47:48 ----DC---- C:\WINDOWS
2010-02-12 09:47:47 ----HDC---- C:\Config.Msi
2010-02-12 09:46:39 ----DC---- C:\Program Files\Lavasoft
2010-02-12 09:46:38 ----DC---- C:\WINDOWS\system32
2010-02-12 09:46:29 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2010-02-12 09:45:47 ----DC---- C:\Program Files\Common Files
2010-02-11 10:21:59 ----DC---- C:\Program Files\QIP
2010-02-10 20:35:57 ----DC---- C:\WINDOWS\Debug
2010-02-10 10:46:58 ----HDC---- C:\WINDOWS\inf
2010-02-10 10:46:46 ----HDC---- C:\WINDOWS\$hf_mig$
2010-02-10 10:46:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-10 10:40:59 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2010-02-10 10:21:04 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-02-06 16:54:01 ----DC---- C:\Documents and Settings\Xell\Data aplikací\Image Zone Express
2010-02-05 20:07:36 ----DC---- C:\Program Files\Common Files\HP
2010-02-05 20:06:36 ----AC---- C:\WINDOWS\win.ini
2010-02-01 20:26:20 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-01-30 14:23:31 ----DC---- C:\Program Files\Soulseek
2010-01-28 18:44:44 ----SDC---- C:\WINDOWS\Tasks
2010-01-25 14:51:49 ----DC---- C:\Program Files\BitTorrent
2010-01-24 02:07:47 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-22 20:42:05 ----DC---- C:\Documents and Settings\Xell\Data aplikací\Real
2010-01-22 20:41:02 ----DC---- C:\Program Files\Common Files\Real
2010-01-22 20:40:27 ----AC---- C:\WINDOWS\system32\msvcr71.dll
2010-01-22 20:40:27 ----AC---- C:\WINDOWS\system32\msvcp71.dll
2010-01-22 10:40:54 ----DC---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 is-U5BOPdrv;is-U5BOPdrv; C:\WINDOWS\system32\DRIVERS\53359295.sys [2008-07-08 148496]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2003-11-07 12160]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 HidUsb;USB Keyboard HID Device; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2004-08-18 9600]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-18 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-16 47360]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-18 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-06-01 227712]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-18 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-18 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-18 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-18 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-18 59648]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 gupdate1ca013955f170d0;Služba Google Update (gupdate1ca013955f170d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-10 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-12 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\MS Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119382
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Pokud neznáte tohle: D:\Xell.exe , otestujte online na www.virustotal.com .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Je to v pořádku. Problém je v tom, že ve správci úloh se objevuje proces explorer.exe hned 2x, přičemž ten druhý příliš zatěžuje PC.
-
Rudy
- Site Admin
- Příspěvky: 119382
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
ComboFix 10-02-12.01 - Xell 13.02.2010 12:17:39.31.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.160 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\959563
c:\windows\system32\Explorer
c:\windows\system32\Explorer\explorer.exe
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\winlogon.bak
c:\windows\system32\winlogon.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-05 18:31 . 2010-02-05 19:07 -------- dc----w- c:\program files\HP
2010-01-22 19:41 . 2010-01-22 19:41 -------- dc----w- c:\program files\Common Files\xing shared
2010-01-22 19:40 . 2010-01-22 19:40 -------- dc----w- c:\program files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 11:31 . 2008-11-22 22:02 1649893408 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-02-13 11:13 . 2008-11-22 22:02 19322624 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-02-13 11:10 . 2008-08-24 19:41 -------- dc----w- c:\program files\DNA
2010-02-12 08:46 . 2009-07-02 15:56 -------- dc----w- c:\program files\Lavasoft
2010-02-11 09:21 . 2008-12-20 08:22 -------- dc----w- c:\program files\QIP
2010-02-05 19:15 . 2009-08-27 12:56 127678 -c--a-w- c:\windows\hpoins11.dat
2010-02-05 19:07 . 2009-01-04 17:19 -------- dc----w- c:\program files\Common Files\HP
2010-01-30 13:23 . 2007-02-24 23:42 -------- dc----w- c:\program files\Soulseek
2010-01-25 13:51 . 2009-10-15 15:10 -------- dc----w- c:\program files\BitTorrent
2010-01-24 01:07 . 2001-09-20 11:00 85936 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 01:07 . 2001-09-20 11:00 444232 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 19:41 . 2009-01-15 12:00 -------- dc----w- c:\program files\Common Files\Real
2010-01-22 19:40 . 2006-11-13 19:20 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2010-01-22 19:40 . 2006-11-13 19:20 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2010-01-01 16:35 . 2008-08-16 17:58 -------- dc----w- c:\program files\SpeedFan
2009-12-31 16:14 . 2009-07-07 17:26 352640 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2007-02-08 11:17 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2009-07-07 17:27 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2009-07-07 17:26 2059904 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:28 . 2009-07-07 17:26 2182528 -c--a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2009-07-07 17:27 453760 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 12:00 1293824 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:35 . 2004-08-17 15:49 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:40 . 2004-08-18 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:46 . 2004-08-18 12:00 470528 -c--a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
[-] 2007-02-22 . 7C5D7EC8A21D2D90D1C15612EAC35D59 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 09:20 150768 -c--a-w- c:\documents and settings\Xell\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-16 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="d:\ms office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-22 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\MS Office\\Office12\\OUTLOOK.EXE"=
"d:\\MS Office\\Office12\\GROOVE.EXE"=
"d:\\MS Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7731:TCP"= 7731:TCP:Microsoft standard protector
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"8457:TCP"= 8457:TCP:BitComet 8457 TCP
"8457:UDP"= 8457:UDP:BitComet 8457 UDP
R1 is-U5BOPdrv;is-U5BOPdrv;c:\windows\system32\drivers\53359295.sys [22.11.2008 23:01 148496]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [14.11.2006 17:26 12160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2008 10:57 717296]
S2 gupdate1ca013955f170d0;Služba Google Update (gupdate1ca013955f170d0);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2009 9:35 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Xell\Data aplikací\Mozilla\Firefox\Profiles\14o85xfn.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\xell\Program Files\Adobe\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ActiveSetup-{67KG2H65-47TJ-EL35-TP2L-TT1IIH7P3V6K} - c:\windows\system32\explorer\explorer.exe
AddRemove-HijackThis - D:\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 12:28
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
a
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-02-13 12:34:43
ComboFix-quarantined-files.txt 2010-02-13 11:34
ComboFix2.txt 2009-08-12 13:40
ComboFix3.txt 2009-07-27 06:34
ComboFix4.txt 2009-07-25 09:26
ComboFix5.txt 2010-02-13 11:16
Před spuštěním: 2 143 916 032
Po spuštění: 2 169 118 720
- - End Of File - - 8F603B8A8E327A7EBEEF75615A810512
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.160 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\959563
c:\windows\system32\Explorer
c:\windows\system32\Explorer\explorer.exe
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\winlogon.bak
c:\windows\system32\winlogon.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-05 18:31 . 2010-02-05 19:07 -------- dc----w- c:\program files\HP
2010-01-22 19:41 . 2010-01-22 19:41 -------- dc----w- c:\program files\Common Files\xing shared
2010-01-22 19:40 . 2010-01-22 19:40 -------- dc----w- c:\program files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 11:31 . 2008-11-22 22:02 1649893408 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-02-13 11:13 . 2008-11-22 22:02 19322624 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-02-13 11:10 . 2008-08-24 19:41 -------- dc----w- c:\program files\DNA
2010-02-12 08:46 . 2009-07-02 15:56 -------- dc----w- c:\program files\Lavasoft
2010-02-11 09:21 . 2008-12-20 08:22 -------- dc----w- c:\program files\QIP
2010-02-05 19:15 . 2009-08-27 12:56 127678 -c--a-w- c:\windows\hpoins11.dat
2010-02-05 19:07 . 2009-01-04 17:19 -------- dc----w- c:\program files\Common Files\HP
2010-01-30 13:23 . 2007-02-24 23:42 -------- dc----w- c:\program files\Soulseek
2010-01-25 13:51 . 2009-10-15 15:10 -------- dc----w- c:\program files\BitTorrent
2010-01-24 01:07 . 2001-09-20 11:00 85936 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 01:07 . 2001-09-20 11:00 444232 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 19:41 . 2009-01-15 12:00 -------- dc----w- c:\program files\Common Files\Real
2010-01-22 19:40 . 2006-11-13 19:20 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2010-01-22 19:40 . 2006-11-13 19:20 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2010-01-01 16:35 . 2008-08-16 17:58 -------- dc----w- c:\program files\SpeedFan
2009-12-31 16:14 . 2009-07-07 17:26 352640 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2007-02-08 11:17 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2009-07-07 17:27 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2009-07-07 17:26 2059904 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:28 . 2009-07-07 17:26 2182528 -c--a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2009-07-07 17:27 453760 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 12:00 1293824 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:35 . 2004-08-17 15:49 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:40 . 2004-08-18 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:46 . 2004-08-18 12:00 470528 -c--a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
[-] 2007-02-22 . 7C5D7EC8A21D2D90D1C15612EAC35D59 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 09:20 150768 -c--a-w- c:\documents and settings\Xell\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-16 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="d:\ms office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-22 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\MS Office\\Office12\\OUTLOOK.EXE"=
"d:\\MS Office\\Office12\\GROOVE.EXE"=
"d:\\MS Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7731:TCP"= 7731:TCP:Microsoft standard protector
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"8457:TCP"= 8457:TCP:BitComet 8457 TCP
"8457:UDP"= 8457:UDP:BitComet 8457 UDP
R1 is-U5BOPdrv;is-U5BOPdrv;c:\windows\system32\drivers\53359295.sys [22.11.2008 23:01 148496]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [14.11.2006 17:26 12160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2008 10:57 717296]
S2 gupdate1ca013955f170d0;Služba Google Update (gupdate1ca013955f170d0);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2009 9:35 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Xell\Data aplikací\Mozilla\Firefox\Profiles\14o85xfn.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\xell\Program Files\Adobe\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ActiveSetup-{67KG2H65-47TJ-EL35-TP2L-TT1IIH7P3V6K} - c:\windows\system32\explorer\explorer.exe
AddRemove-HijackThis - D:\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 12:28
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
a
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-02-13 12:34:43
ComboFix-quarantined-files.txt 2010-02-13 11:34
ComboFix2.txt 2009-08-12 13:40
ComboFix3.txt 2009-07-27 06:34
ComboFix4.txt 2009-07-25 09:26
ComboFix5.txt 2010-02-13 11:16
Před spuštěním: 2 143 916 032
Po spuštění: 2 169 118 720
- - End Of File - - 8F603B8A8E327A7EBEEF75615A810512
-
Rudy
- Site Admin
- Příspěvky: 119382
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\drivers\53359295.sys
Driver::
is-U5BOPdrv
FCopy::
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Už je vše v pořádku?
ComboFix 10-02-12.01 - Xell 14.02.2010 9:41.32.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.168 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Xell\Plocha\CFScript.txt
file zipped: c:\windows\system32\drivers\53359295.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\53359295.sys
c:\windows\system32\winlogon.exe . . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IS-U5BOPDRV
-------\Service_is-U5BOPdrv
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-05 18:31 . 2010-02-05 19:07 -------- dc----w- c:\program files\HP
2010-01-22 19:41 . 2010-01-22 19:41 -------- dc----w- c:\program files\Common Files\xing shared
2010-01-22 19:40 . 2010-01-22 19:40 -------- dc----w- c:\program files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 08:57 . 2008-08-24 19:41 -------- dc----w- c:\program files\DNA
2010-02-14 08:54 . 2008-11-22 22:02 19381664 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-02-14 08:54 . 2008-11-22 22:02 1653721120 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-02-12 08:46 . 2009-07-02 15:56 -------- dc----w- c:\program files\Lavasoft
2010-02-11 09:21 . 2008-12-20 08:22 -------- dc----w- c:\program files\QIP
2010-02-05 19:15 . 2009-08-27 12:56 127678 -c--a-w- c:\windows\hpoins11.dat
2010-02-05 19:07 . 2009-01-04 17:19 -------- dc----w- c:\program files\Common Files\HP
2010-01-30 13:23 . 2007-02-24 23:42 -------- dc----w- c:\program files\Soulseek
2010-01-25 13:51 . 2009-10-15 15:10 -------- dc----w- c:\program files\BitTorrent
2010-01-24 01:07 . 2001-09-20 11:00 85936 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 01:07 . 2001-09-20 11:00 444232 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 19:41 . 2009-01-15 12:00 -------- dc----w- c:\program files\Common Files\Real
2010-01-22 19:40 . 2006-11-13 19:20 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2010-01-22 19:40 . 2006-11-13 19:20 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2010-01-01 16:35 . 2008-08-16 17:58 -------- dc----w- c:\program files\SpeedFan
2009-12-31 16:14 . 2009-07-07 17:26 352640 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 -c----w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2007-02-08 11:17 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2009-07-07 17:27 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2009-07-07 17:26 2059904 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:28 . 2009-07-07 17:26 2182528 -c----w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2009-07-07 17:27 453760 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 12:00 1293824 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:35 . 2004-08-17 15:49 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:40 . 2004-08-18 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:46 . 2004-08-18 12:00 470528 -c--a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
[-] 2007-02-22 . 7C5D7EC8A21D2D90D1C15612EAC35D59 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 09:20 150768 -c--a-w- c:\documents and settings\Xell\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-16 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="d:\ms office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-22 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\MS Office\\Office12\\OUTLOOK.EXE"=
"d:\\MS Office\\Office12\\GROOVE.EXE"=
"d:\\MS Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7731:TCP"= 7731:TCP:Microsoft standard protector
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"8457:TCP"= 8457:TCP:BitComet 8457 TCP
"8457:UDP"= 8457:UDP:BitComet 8457 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2008 10:57 717296]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [14.11.2006 17:26 12160]
S2 gupdate1ca013955f170d0;Služba Google Update (gupdate1ca013955f170d0);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2009 9:35 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Xell\Data aplikací\Mozilla\Firefox\Profiles\14o85xfn.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\xell\Program Files\Adobe\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 09:57
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll >>UNKNOWN [0x845891F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75f9fc3
\Driver\ACPI -> ACPI.sys @ 0xf7374cb8
\Driver\atapi -> prosync1.sys @ 0xf7ac1661
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7200bc3
PacketIndicateHandler -> NDIS.sys @ 0xf720cb21
SendHandler -> NDIS.sys @ 0xf7200d33
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\locator.exe
.
**************************************************************************
.
Celkový čas: 2010-02-14 10:03:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 09:03
ComboFix2.txt 2010-02-13 11:34
ComboFix3.txt 2009-08-12 13:40
ComboFix4.txt 2009-07-27 06:34
ComboFix5.txt 2010-02-14 08:40
Před spuštěním: 2 180 788 224
Po spuštění: 2 146 885 632
- - End Of File - - 55DE98AA531F5E88A0C3D1E58E50970D
ComboFix 10-02-12.01 - Xell 14.02.2010 9:41.32.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.168 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Xell\Plocha\CFScript.txt
file zipped: c:\windows\system32\drivers\53359295.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\53359295.sys
c:\windows\system32\winlogon.exe . . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IS-U5BOPDRV
-------\Service_is-U5BOPdrv
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-05 18:31 . 2010-02-05 19:07 -------- dc----w- c:\program files\HP
2010-01-22 19:41 . 2010-01-22 19:41 -------- dc----w- c:\program files\Common Files\xing shared
2010-01-22 19:40 . 2010-01-22 19:40 -------- dc----w- c:\program files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 08:57 . 2008-08-24 19:41 -------- dc----w- c:\program files\DNA
2010-02-14 08:54 . 2008-11-22 22:02 19381664 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-02-14 08:54 . 2008-11-22 22:02 1653721120 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-02-12 08:46 . 2009-07-02 15:56 -------- dc----w- c:\program files\Lavasoft
2010-02-11 09:21 . 2008-12-20 08:22 -------- dc----w- c:\program files\QIP
2010-02-05 19:15 . 2009-08-27 12:56 127678 -c--a-w- c:\windows\hpoins11.dat
2010-02-05 19:07 . 2009-01-04 17:19 -------- dc----w- c:\program files\Common Files\HP
2010-01-30 13:23 . 2007-02-24 23:42 -------- dc----w- c:\program files\Soulseek
2010-01-25 13:51 . 2009-10-15 15:10 -------- dc----w- c:\program files\BitTorrent
2010-01-24 01:07 . 2001-09-20 11:00 85936 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 01:07 . 2001-09-20 11:00 444232 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 19:41 . 2009-01-15 12:00 -------- dc----w- c:\program files\Common Files\Real
2010-01-22 19:40 . 2006-11-13 19:20 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2010-01-22 19:40 . 2006-11-13 19:20 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2010-01-01 16:35 . 2008-08-16 17:58 -------- dc----w- c:\program files\SpeedFan
2009-12-31 16:14 . 2009-07-07 17:26 352640 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 -c----w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2007-02-08 11:17 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2009-07-07 17:27 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2009-07-07 17:26 2059904 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:28 . 2009-07-07 17:26 2182528 -c----w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2009-07-07 17:27 453760 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 12:00 1293824 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:35 . 2004-08-17 15:49 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:40 . 2004-08-18 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:46 . 2004-08-18 12:00 470528 -c--a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
[-] 2007-02-22 . 7C5D7EC8A21D2D90D1C15612EAC35D59 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 09:20 150768 -c--a-w- c:\documents and settings\Xell\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-16 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="d:\ms office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-22 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\MS Office\\Office12\\OUTLOOK.EXE"=
"d:\\MS Office\\Office12\\GROOVE.EXE"=
"d:\\MS Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7731:TCP"= 7731:TCP:Microsoft standard protector
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"8457:TCP"= 8457:TCP:BitComet 8457 TCP
"8457:UDP"= 8457:UDP:BitComet 8457 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2008 10:57 717296]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [14.11.2006 17:26 12160]
S2 gupdate1ca013955f170d0;Služba Google Update (gupdate1ca013955f170d0);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2009 9:35 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 08:33]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Xell\Data aplikací\Mozilla\Firefox\Profiles\14o85xfn.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\xell\Program Files\Adobe\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 09:57
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll >>UNKNOWN [0x845891F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75f9fc3
\Driver\ACPI -> ACPI.sys @ 0xf7374cb8
\Driver\atapi -> prosync1.sys @ 0xf7ac1661
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7200bc3
PacketIndicateHandler -> NDIS.sys @ 0xf720cb21
SendHandler -> NDIS.sys @ 0xf7200d33
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\locator.exe
.
**************************************************************************
.
Celkový čas: 2010-02-14 10:03:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 09:03
ComboFix2.txt 2010-02-13 11:34
ComboFix3.txt 2009-08-12 13:40
ComboFix4.txt 2009-07-27 06:34
ComboFix5.txt 2010-02-14 08:40
Před spuštěním: 2 180 788 224
Po spuštění: 2 146 885 632
- - End Of File - - 55DE98AA531F5E88A0C3D1E58E50970D
-
Rudy
- Site Admin
- Příspěvky: 119382
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Bohužel není. Rootkit byl smazán, ale winlogon je pořád infikovaný. Posílám vám jiný v příloze, rozbalte jej na plochu a spusťte CF tímto skriptem:
FCopy::
c:\documents and settings\Xell\Plocha\winlogon.exe | c:\windows\system32\winlogon.exe
- Přílohy
-
- winlogon.ace
- (264.84 KiB) Staženo 83 x
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
ComboFix 10-02-12.01 - Xell 14.02.2010 12:40:56.33.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.147 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Xell\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\documents and settings\Xell\Plocha\winlogon.exe --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-05 18:31 . 2010-02-05 19:07 -------- dc----w- c:\program files\HP
2010-01-22 19:41 . 2010-01-22 19:41 -------- dc----w- c:\program files\Common Files\xing shared
2010-01-22 19:40 . 2010-01-22 19:40 -------- dc----w- c:\program files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 11:36 . 2008-08-24 19:41 -------- dc----w- c:\program files\DNA
2010-02-14 08:54 . 2008-11-22 22:02 19381664 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-02-14 08:54 . 2008-11-22 22:02 1653721120 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-02-12 08:46 . 2009-07-02 15:56 -------- dc----w- c:\program files\Lavasoft
2010-02-11 09:21 . 2008-12-20 08:22 -------- dc----w- c:\program files\QIP
2010-02-05 19:15 . 2009-08-27 12:56 127678 -c--a-w- c:\windows\hpoins11.dat
2010-02-05 19:07 . 2009-01-04 17:19 -------- dc----w- c:\program files\Common Files\HP
2010-01-30 13:23 . 2007-02-24 23:42 -------- dc----w- c:\program files\Soulseek
2010-01-25 13:51 . 2009-10-15 15:10 -------- dc----w- c:\program files\BitTorrent
2010-01-24 01:07 . 2001-09-20 11:00 85936 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 01:07 . 2001-09-20 11:00 444232 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 19:41 . 2009-01-15 12:00 -------- dc----w- c:\program files\Common Files\Real
2010-01-22 19:40 . 2006-11-13 19:20 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2010-01-22 19:40 . 2006-11-13 19:20 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2010-01-01 16:35 . 2008-08-16 17:58 -------- dc----w- c:\program files\SpeedFan
2009-12-31 16:14 . 2009-07-07 17:26 352640 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 -c----w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2007-02-08 11:17 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2009-07-07 17:27 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2009-07-07 17:26 2059904 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:28 . 2009-07-07 17:26 2182528 -c----w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2009-07-07 17:27 453760 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 12:00 1293824 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:35 . 2004-08-17 15:49 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:40 . 2004-08-18 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:46 . 2004-08-18 12:00 470528 -c--a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-07-12_20.47.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 17:41 . 2009-07-11 17:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
- 2009-01-04 17:17 . 2009-01-04 17:17 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2009-08-27 13:11 . 2009-08-27 13:11 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2005-05-26 03:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2007-01-14 13:50 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2007-02-08 11:17 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-18 12:00 . 2009-06-25 08:48 59392 c:\windows\system32\wdigest.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 50176 c:\windows\system32\utilman.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 50176 c:\windows\system32\utilman.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 36352 c:\windows\system32\umandlg.dll
+ 2004-08-18 12:00 . 2006-10-04 13:39 36352 c:\windows\system32\umandlg.dll
+ 2007-02-23 10:02 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-07-29 19:10 . 2008-07-29 19:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2004-08-18 12:00 . 2009-06-15 11:33 81408 c:\windows\system32\tlntsess.exe
+ 2004-08-18 12:00 . 2009-06-15 11:33 78336 c:\windows\system32\telnet.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 75776 c:\windows\system32\strmfilt.dll
+ 2009-08-14 08:04 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-04-12 12:42 . 2008-11-10 09:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-04-12 12:42 . 2008-11-10 09:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-10-21 07:56 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-21 07:56 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-18 12:00 . 2009-06-25 08:48 56320 c:\windows\system32\secur32.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 69632 c:\windows\system32\raschap.dll
+ 2004-08-18 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
+ 2008-07-29 17:59 . 2008-07-29 17:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2001-09-20 11:00 . 2010-01-24 01:07 73752 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2004-08-18 12:00 54784 c:\windows\system32\narrator.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 54784 c:\windows\system32\narrator.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-05-08 15:08 . 2007-05-08 15:08 86728 c:\windows\system32\msxml6r.dll
+ 2009-03-01 22:20 . 2008-11-10 09:41 32656 c:\windows\system32\msonpmon.dll
- 2009-03-08 02:31 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 02:31 . 2009-12-21 19:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 83968 c:\windows\system32\mscories.dll
+ 2004-08-18 12:00 . 2009-09-04 20:47 58880 c:\windows\system32\msasn1.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 48640 c:\windows\system32\mqupgrd.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 95744 c:\windows\system32\mqsec.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 95744 c:\windows\system32\mqsec.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 16896 c:\windows\system32\mqise.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 16896 c:\windows\system32\mqise.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 47104 c:\windows\system32\mqdscli.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-18 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 19968 c:\windows\system32\mqbkup.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 72704 c:\windows\system32\magnify.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 72704 c:\windows\system32\magnify.exe
- 2004-08-18 12:00 . 2009-04-30 21:16 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-18 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\jsproxy.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 11264 c:\windows\system32\icardres.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 25088 c:\windows\system32\httpapi.dll
+ 2007-02-23 16:10 . 2006-03-03 20:02 57344 c:\windows\system32\HPZisn12.dll
- 2007-02-23 16:10 . 2006-03-03 19:02 57344 c:\windows\system32\HPZisn12.dll
+ 2007-02-23 16:10 . 2006-03-03 20:02 94208 c:\windows\system32\HPZipt12.dll
- 2007-02-23 16:10 . 2006-03-03 19:02 94208 c:\windows\system32\HPZipt12.dll
+ 2007-02-23 16:10 . 2006-03-03 20:03 65536 c:\windows\system32\HPZinw12.exe
- 2007-02-23 16:10 . 2006-03-03 19:03 65536 c:\windows\system32\HPZinw12.exe
+ 2004-08-18 12:00 . 2009-10-15 17:22 82432 c:\windows\system32\fontsub.dll
+ 2008-07-29 19:10 . 2008-07-29 19:10 73720 c:\windows\system32\dxva2.dll
+ 2004-08-18 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2009-07-07 17:27 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
- 2009-06-28 11:27 . 2009-04-30 21:16 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-28 11:27 . 2009-12-21 19:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-01-14 13:50 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-02-08 11:17 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-11-09 12:09 . 2009-06-25 08:48 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-18 12:00 . 2006-10-04 13:34 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-18 12:00 . 2006-10-04 13:39 36352 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 36352 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-18 12:00 . 2009-06-15 11:33 81408 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-18 12:00 . 2009-06-15 11:33 78336 c:\windows\system32\dllcache\telnet.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2008-11-09 12:09 . 2009-06-25 08:48 56320 c:\windows\system32\dllcache\secur32.dll
+ 2008-11-09 12:09 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2008-11-09 12:09 . 2004-08-18 12:00 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 54784 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 54784 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-17 15:49 . 2009-11-27 17:35 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-18 12:00 . 2009-11-27 16:40 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2004-08-18 12:00 . 2009-11-27 16:40 11264 c:\windows\system32\dllcache\msrle32.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
- 2007-04-25 07:43 . 2009-03-08 02:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-04-25 07:43 . 2009-12-21 19:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-11-09 12:09 . 2009-09-04 20:47 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 95744 c:\windows\system32\dllcache\mqsec.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-18 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-18 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2004-08-18 12:00 . 2004-08-18 12:00 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 72704 c:\windows\system32\dllcache\magnify.exe
+ 2008-11-09 12:08 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-18 12:00 . 2009-04-30 21:16 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-18 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-17 15:49 . 2009-11-27 16:40 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2004-08-18 12:00 . 2009-10-15 17:22 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2009-08-14 08:02 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2008-11-09 12:09 . 2009-12-14 07:37 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-18 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-18 12:00 . 2009-11-27 16:40 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-11-09 12:10 . 2004-08-18 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-11-09 12:10 . 2009-07-17 18:57 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 96760 c:\windows\system32\dfshim.dll
- 2006-11-13 18:16 . 2009-07-07 18:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-11-13 18:16 . 2009-08-12 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-18 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 58880 c:\windows\system32\atl.dll
+ 2004-08-18 12:00 . 2009-07-17 18:57 58880 c:\windows\system32\atl.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 19:10 . 2008-07-29 19:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 17:59 . 2008-07-29 17:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 19:10 . 2008-07-29 19:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 17:32 . 2008-07-29 17:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 09:17 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 02:59 . 2008-11-25 02:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-11-03 09:12 . 2009-11-03 09:12 22528 c:\windows\Installer\323f66.msi
+ 2008-07-29 19:07 . 2008-07-29 19:07 23040 c:\windows\Installer\2e409e.msp
+ 2009-08-14 07:56 . 2009-08-14 07:56 88576 c:\windows\Installer\207573.msi
Log je příliš dlouhý, je nutné ho sem dávat celý?
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.147 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Xell\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\documents and settings\Xell\Plocha\winlogon.exe --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-05 18:31 . 2010-02-05 19:07 -------- dc----w- c:\program files\HP
2010-01-22 19:41 . 2010-01-22 19:41 -------- dc----w- c:\program files\Common Files\xing shared
2010-01-22 19:40 . 2010-01-22 19:40 -------- dc----w- c:\program files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 11:36 . 2008-08-24 19:41 -------- dc----w- c:\program files\DNA
2010-02-14 08:54 . 2008-11-22 22:02 19381664 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-02-14 08:54 . 2008-11-22 22:02 1653721120 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-02-12 08:46 . 2009-07-02 15:56 -------- dc----w- c:\program files\Lavasoft
2010-02-11 09:21 . 2008-12-20 08:22 -------- dc----w- c:\program files\QIP
2010-02-05 19:15 . 2009-08-27 12:56 127678 -c--a-w- c:\windows\hpoins11.dat
2010-02-05 19:07 . 2009-01-04 17:19 -------- dc----w- c:\program files\Common Files\HP
2010-01-30 13:23 . 2007-02-24 23:42 -------- dc----w- c:\program files\Soulseek
2010-01-25 13:51 . 2009-10-15 15:10 -------- dc----w- c:\program files\BitTorrent
2010-01-24 01:07 . 2001-09-20 11:00 85936 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 01:07 . 2001-09-20 11:00 444232 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 19:41 . 2009-01-15 12:00 -------- dc----w- c:\program files\Common Files\Real
2010-01-22 19:40 . 2006-11-13 19:20 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2010-01-22 19:40 . 2006-11-13 19:20 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2010-01-01 16:35 . 2008-08-16 17:58 -------- dc----w- c:\program files\SpeedFan
2009-12-31 16:14 . 2009-07-07 17:26 352640 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 -c----w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2007-02-08 11:17 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2009-07-07 17:27 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2009-07-07 17:26 2059904 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:28 . 2009-07-07 17:26 2182528 -c----w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2009-07-07 17:27 453760 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 12:00 1293824 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:35 . 2004-08-17 15:49 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:40 . 2004-08-18 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:40 . 2004-08-17 15:49 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:46 . 2004-08-18 12:00 470528 -c--a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-07-12_20.47.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 17:41 . 2009-07-11 17:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
- 2009-01-04 17:17 . 2009-01-04 17:17 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2009-08-27 13:11 . 2009-08-27 13:11 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2005-05-26 03:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2007-01-14 13:50 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2007-02-08 11:17 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-18 12:00 . 2009-06-25 08:48 59392 c:\windows\system32\wdigest.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 50176 c:\windows\system32\utilman.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 50176 c:\windows\system32\utilman.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 36352 c:\windows\system32\umandlg.dll
+ 2004-08-18 12:00 . 2006-10-04 13:39 36352 c:\windows\system32\umandlg.dll
+ 2007-02-23 10:02 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-07-29 19:10 . 2008-07-29 19:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2004-08-18 12:00 . 2009-06-15 11:33 81408 c:\windows\system32\tlntsess.exe
+ 2004-08-18 12:00 . 2009-06-15 11:33 78336 c:\windows\system32\telnet.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 75776 c:\windows\system32\strmfilt.dll
+ 2009-08-14 08:04 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-04-12 12:42 . 2008-11-10 09:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-04-12 12:42 . 2008-11-10 09:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-10-21 07:56 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-21 07:56 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-18 12:00 . 2009-06-25 08:48 56320 c:\windows\system32\secur32.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 69632 c:\windows\system32\raschap.dll
+ 2004-08-18 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
+ 2008-07-29 17:59 . 2008-07-29 17:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2001-09-20 11:00 . 2010-01-24 01:07 73752 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2004-08-18 12:00 54784 c:\windows\system32\narrator.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 54784 c:\windows\system32\narrator.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-05-08 15:08 . 2007-05-08 15:08 86728 c:\windows\system32\msxml6r.dll
+ 2009-03-01 22:20 . 2008-11-10 09:41 32656 c:\windows\system32\msonpmon.dll
- 2009-03-08 02:31 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 02:31 . 2009-12-21 19:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 83968 c:\windows\system32\mscories.dll
+ 2004-08-18 12:00 . 2009-09-04 20:47 58880 c:\windows\system32\msasn1.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 48640 c:\windows\system32\mqupgrd.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 95744 c:\windows\system32\mqsec.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 95744 c:\windows\system32\mqsec.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 16896 c:\windows\system32\mqise.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 16896 c:\windows\system32\mqise.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 47104 c:\windows\system32\mqdscli.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-18 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 19968 c:\windows\system32\mqbkup.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 72704 c:\windows\system32\magnify.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 72704 c:\windows\system32\magnify.exe
- 2004-08-18 12:00 . 2009-04-30 21:16 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-18 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\jsproxy.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 11264 c:\windows\system32\icardres.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 25088 c:\windows\system32\httpapi.dll
+ 2007-02-23 16:10 . 2006-03-03 20:02 57344 c:\windows\system32\HPZisn12.dll
- 2007-02-23 16:10 . 2006-03-03 19:02 57344 c:\windows\system32\HPZisn12.dll
+ 2007-02-23 16:10 . 2006-03-03 20:02 94208 c:\windows\system32\HPZipt12.dll
- 2007-02-23 16:10 . 2006-03-03 19:02 94208 c:\windows\system32\HPZipt12.dll
+ 2007-02-23 16:10 . 2006-03-03 20:03 65536 c:\windows\system32\HPZinw12.exe
- 2007-02-23 16:10 . 2006-03-03 19:03 65536 c:\windows\system32\HPZinw12.exe
+ 2004-08-18 12:00 . 2009-10-15 17:22 82432 c:\windows\system32\fontsub.dll
+ 2008-07-29 19:10 . 2008-07-29 19:10 73720 c:\windows\system32\dxva2.dll
+ 2004-08-18 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2009-07-07 17:27 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
- 2009-06-28 11:27 . 2009-04-30 21:16 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-28 11:27 . 2009-12-21 19:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-01-14 13:50 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-02-08 11:17 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-11-09 12:09 . 2009-06-25 08:48 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-18 12:00 . 2006-10-04 13:34 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-18 12:00 . 2006-10-04 13:39 36352 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 36352 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-18 12:00 . 2009-06-15 11:33 81408 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-18 12:00 . 2009-06-15 11:33 78336 c:\windows\system32\dllcache\telnet.exe
- 2004-08-18 12:00 . 2004-08-18 12:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2008-11-09 12:09 . 2009-06-25 08:48 56320 c:\windows\system32\dllcache\secur32.dll
+ 2008-11-09 12:09 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2008-11-09 12:09 . 2004-08-18 12:00 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 54784 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 54784 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-17 15:49 . 2009-11-27 17:35 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-18 12:00 . 2009-11-27 16:40 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2004-08-18 12:00 . 2009-11-27 16:40 11264 c:\windows\system32\dllcache\msrle32.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
- 2007-04-25 07:43 . 2009-03-08 02:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-04-25 07:43 . 2009-12-21 19:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-11-09 12:09 . 2009-09-04 20:47 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 95744 c:\windows\system32\dllcache\mqsec.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-18 12:00 . 2009-06-25 18:37 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-18 12:00 . 2007-07-06 12:51 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-18 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-18 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2004-08-18 12:00 . 2004-08-18 12:00 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-18 12:00 . 2006-10-04 13:34 72704 c:\windows\system32\dllcache\magnify.exe
+ 2008-11-09 12:08 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-18 12:00 . 2009-04-30 21:16 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-18 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-17 15:49 . 2009-11-27 16:40 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2004-08-18 12:00 . 2009-10-21 06:03 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2004-08-18 12:00 . 2009-10-15 17:22 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2009-08-14 08:02 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2008-11-09 12:09 . 2009-12-14 07:37 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-18 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-18 12:00 . 2009-11-27 16:40 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-11-09 12:10 . 2004-08-18 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-11-09 12:10 . 2009-07-17 18:57 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 96760 c:\windows\system32\dfshim.dll
- 2006-11-13 18:16 . 2009-07-07 18:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-11-13 18:16 . 2009-08-12 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-18 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
- 2004-08-18 12:00 . 2004-08-18 12:00 58880 c:\windows\system32\atl.dll
+ 2004-08-18 12:00 . 2009-07-17 18:57 58880 c:\windows\system32\atl.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 19:10 . 2008-07-29 19:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 17:59 . 2008-07-29 17:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 19:10 . 2008-07-29 19:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 17:32 . 2008-07-29 17:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 09:17 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 02:59 . 2008-11-25 02:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-11-03 09:12 . 2009-11-03 09:12 22528 c:\windows\Installer\323f66.msi
+ 2008-07-29 19:07 . 2008-07-29 19:07 23040 c:\windows\Installer\2e409e.msp
+ 2009-08-14 07:56 . 2009-08-14 07:56 88576 c:\windows\Installer\207573.msi
Log je příliš dlouhý, je nutné ho sem dávat celý?
-
Rudy
- Site Admin
- Příspěvky: 119382
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Nemusíte, stačí mi ten konec od "Spouštěcí body v registru". Winlogon už je OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?