Prosim o radu

Zpráva

#16 Příspěvek od **Rudy** » 01 úno 2011 22:17

Dejte ještě log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

filas251 · #17 Příspěvek od **filas251** » 02 úno 2011 07:22

Našlo to regedit.exe je infikován.

filas251 · #18 Příspěvek od **filas251** » 02 úno 2011 08:18

Tak už tu mám informace z BSOD

PAGE_FAULT_IN_NONPAGED_AREA
technické informace:
***STOP:0X00000050(0X9D2431A4,0X00000000,0X805B7479,0X00000000)

#19 Příspěvek od **motji** » 02 úno 2011 08:32

Vložte sem kolegovi log z combofixu, je přímo na disku C. Regedit bude asi v pořádku, combofix ho občas falešně detekoval.

Podívejte se prosím po složce C:\WINDOWS\minidump, pokud se Vám tam při bsod vytvořil soubor, tak mi ho někde upněte a vložte zde link.

filas251 · #20 Příspěvek od **filas251** » 03 úno 2011 12:18

2011-02-01 20:13 . 2011-02-01 20:13 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-02-01 19:35 . 2011-02-01 19:52 -------- d-----w- C:\9f0d7d02308a811d6d28b0a5cb6669e8
2011-01-31 20:38 . 2011-01-31 20:38 -------- d-----w- c:\documents and settings\Filépek\Data aplikací\Malwarebytes
2011-01-31 20:38 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 20:38 . 2011-01-31 20:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-31 20:38 . 2011-02-01 05:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 20:38 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:36 . 2011-01-31 20:32 -------- d-----w- c:\program files\trend micro
2011-01-31 16:41 . 2011-01-31 16:41 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-01-31 16:34 . 2011-01-31 16:34 -------- d-----w- c:\program files\Alcohol Soft
2011-01-31 16:28 . 2011-01-31 16:28 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\Identities
2011-01-31 16:04 . 1998-02-13 13:30 143872 ----a-w- c:\windows\system32\iacenc.dll
2011-01-31 16:04 . 1997-11-06 11:53 27648 ----a-w- c:\windows\system32\ir50_lcs.dll
2011-01-31 16:04 . 1997-08-27 08:53 391168 ----a-w- c:\windows\system32\i263_32.drv
2011-01-31 16:04 . 1997-06-13 07:56 56832 ----a-w- c:\windows\system32\Iyvu9_32.dll
2011-01-31 16:01 . 2011-01-31 16:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2011-01-31 16:01 . 2011-01-31 16:01 -------- d-----w- c:\program files\VistaCodecPack
2011-01-31 15:17 . 2011-01-31 15:17 -------- d-----w- c:\program files\CABviaActiveSync
2011-01-30 12:35 . 2011-01-30 12:35 -------- d-----w- c:\program files\VirtualDJ
2011-01-30 09:59 . 2011-01-30 09:59 74641 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights ES.exe
2011-01-30 09:59 . 2011-01-30 09:59 74690 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights ES Foliage.exe
2011-01-30 09:57 . 2011-01-30 09:57 74662 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights Any XP.exe
2011-01-30 09:57 . 2011-01-30 09:57 74751 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights Civilization Objects.exe
2011-01-30 09:56 . 2011-01-30 09:56 74683 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights Foliage 1.exe
2011-01-30 09:56 . 2011-01-30 09:56 74641 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights MM.exe
2011-01-30 09:56 . 2011-01-30 09:56 74332 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights MM Animals 2.exe
2011-01-30 09:56 . 2011-01-30 09:56 74704 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights MM Animals 1.exe
2011-01-30 09:56 . 2011-01-30 09:56 74792 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights Download First.exe
2011-01-30 09:55 . 2011-01-30 09:55 74320 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights Any XP 2.exe
2011-01-26 14:11 . 2011-01-26 14:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-25 20:21 . 2011-01-25 20:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-25 20:20 . 2011-01-25 20:25 -------- d-----w- c:\program files\Google
2011-01-25 18:07 . 2011-01-25 18:07 -------- d-----w- c:\documents and settings\Filépek\Data aplikací\Registry Mechanic
2011-01-24 20:50 . 2006-09-16 22:21 2332368 ----a-w- c:\windows\d3dx9_29.dll
2011-01-24 20:50 . 2006-06-26 02:19 2323664 ----a-w- c:\windows\d3dx9_28.dll
2011-01-24 20:50 . 2006-06-26 02:19 2388176 ----a-w- c:\windows\d3dx9_30.dll
2011-01-24 20:50 . 2005-07-22 18:59 2319568 ----a-w- c:\windows\d3dx9_27.dll
2011-01-24 20:50 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\d3dx9_26.dll
2011-01-24 20:50 . 2001-11-06 23:03 208896 ----a-w- c:\windows\DINPUT8.DLL
2011-01-24 20:50 . 2005-07-15 13:41 2337488 ----a-w- c:\windows\d3dx9_25.dll
2011-01-24 20:50 . 2005-02-05 19:45 2222800 ----a-w- c:\windows\d3dx9_24.dll
2011-01-24 19:54 . 2011-01-24 19:54 -------- d-----w- C:\YouTrack
2011-01-24 19:41 . 2010-09-16 11:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-01-24 19:41 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-01-24 19:41 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-01-24 19:41 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-01-24 19:41 . 2011-01-24 19:41 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-24 19:41 . 2011-01-31 18:00 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2011-01-24 19:30 . 2011-01-24 19:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-01-24 19:29 . 2011-02-01 19:56 252932 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-24 19:29 . 2011-02-01 19:56 252936 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-01-24 19:29 . 2011-02-01 19:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-24 19:29 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-24 19:29 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-24 19:29 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-24 19:29 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-24 19:29 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-24 19:29 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-01-24 19:29 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-24 19:29 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-24 19:28 . 2011-02-01 19:50 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-24 19:28 . 2011-01-24 19:28 -------- d-----w- C:\NVIDIA
2011-01-24 19:28 . 2011-01-24 19:28 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\PackageAware
2011-01-15 11:38 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-01-12 16:03 . 2011-01-12 16:03 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\Mozilla
2011-01-11 17:55 . 2011-01-26 14:12 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-01-11 17:54 . 2011-01-11 17:54 -------- d-----w- c:\documents and settings\Filépek\Data aplikací\VDownloader
2011-01-11 17:54 . 2011-01-11 18:35 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\VDownloader
2011-01-11 17:54 . 2011-01-12 15:55 -------- d-----w- C:\ProgramData
2011-01-11 17:54 . 2011-01-27 20:23 -------- d-----w- c:\program files\VDownloader
2011-01-06 21:15 . 2000-02-29 12:43 283648 ----a-w- c:\windows\uninst.exe
2011-01-06 21:15 . 2011-01-06 21:15 -------- d-----w- c:\documents and settings\Filépek\WINDOWS
2011-01-05 19:50 . 2011-01-05 19:50 -------- d-----w- c:\windows\Sun
2011-01-05 03:01 . 2011-01-05 03:01 -------- d-----w- C:\e858b1ce9ca69ddd13
2011-01-04 17:16 . 2011-01-04 17:16 -------- d-----w- c:\program files\Profibot
2011-01-04 13:25 . 2011-01-25 20:25 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\Temp
2011-01-04 12:31 . 2011-01-04 12:31 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\PCHealth
2011-01-03 21:21 . 2011-01-03 21:21 -------- d-----w- c:\documents and settings\Filépek\Data aplikací\DVDVideoSoftIEHelpers
2011-01-03 21:21 . 2011-01-03 21:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-03 21:21 . 2011-01-03 21:21 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-03 21:19 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-01-03 20:50 . 2011-01-03 20:50 -------- d-----w- c:\documents and settings\Filépek\Data aplikací\SuperMP3Download
2011-01-03 20:50 . 2011-01-03 20:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SuperMP3Download
2011-01-03 20:45 . 2008-07-12 13:59 1343488 ----a-w- c:\windows\system32\AdjMmsEng.dll
2011-01-03 20:45 . 2005-11-05 17:34 145408 ----a-w- c:\windows\system32\Lame.exe
2011-01-03 20:45 . 2005-06-28 16:31 499712 ----a-w- c:\windows\system32\LameEncoderX.ocx
2011-01-03 20:45 . 2005-05-17 14:37 76800 ----a-w- c:\windows\system32\Faac.exe
2011-01-03 20:45 . 2005-01-13 14:52 389120 ----a-w- c:\windows\system32\PulseSoundTouchForVB.ocx
2011-01-03 20:45 . 2002-07-19 10:48 157696 ----a-w- c:\windows\system32\OggEnc.exe
2011-01-03 20:45 . 2001-10-05 10:25 139264 ----a-w- c:\windows\system32\SmartNetButton.ocx
2011-01-03 20:45 . 2001-04-27 14:11 24576 ----a-w- c:\windows\system32\SmartSubClass.dll
2011-01-03 20:45 . 2011-01-03 20:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Pianosoft
2011-01-03 18:24 . 2011-01-03 18:24 -------- d-----w- c:\program files\FDRLab
2011-01-03 18:15 . 2011-01-03 18:15 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2011-01-03 18:15 . 2011-01-03 18:15 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2011-01-03 18:15 . 2011-01-03 18:15 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\mdnslib
2011-01-03 18:15 . 2011-02-01 19:34 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\FLVService
2011-01-03 18:15 . 2011-01-03 18:19 -------- d-----w- c:\program files\Replay Media Catcher
2011-01-03 18:15 . 2011-01-03 18:15 -------- d-----w- c:\windows\Replay Media Catcher
2011-01-03 17:29 . 2011-01-03 17:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-01-03 17:27 . 2010-02-10 03:18 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-01-03 17:27 . 2011-01-11 17:55 -------- d-----w- c:\documents and settings\Filépek\Local Settings\Data aplikací\OpenCandy
2011-01-03 17:27 . 2011-01-11 17:54 -------- d-----w- c:\documents and settings\Filépek\Data aplikací\OpenCandy
2011-01-03 13:48 . 2007-12-26 16:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2011-01-03 13:48 . 2007-12-26 16:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-31 16:32 . 2010-12-27 20:09 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-25 20:55 . 2010-12-27 20:17 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2011-01-24 20:49 . 2011-01-24 20:47 7547726 ----a-w- c:\windows\system32\dll-pack-for-flatout2.zip
2011-01-08 03:27 . 2007-06-28 16:43 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-01-08 03:27 . 2007-06-28 16:43 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27 . 2007-06-28 16:43 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2007-06-28 16:43 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-30 11:14 . 2010-12-30 11:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-30 11:14 . 2010-12-30 11:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-28 09:37 . 2010-12-28 09:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-27 20:46 . 2010-12-27 20:45 17488 ----a-w- c:\windows\gdrv.sys
2010-11-18 18:15 . 2010-12-27 19:53 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 06:51 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2008-05-08 07:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2008-05-08 07:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2008-05-08 07:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 06:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 06:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . EC8D5E09C6CA5F52858A5EB71F308FDF . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2001-10-25 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-05-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll

[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2001-10-25 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2001-10-25 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-05-08 07:15 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2008-05-08 07:15 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2008-05-08 07:15 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2008-04-14 06:51 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 06:51 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 06:51 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2008-04-14 06:51 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll
[-] 2008-04-14 06:51 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 06:51 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll

[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\w32time.dll
[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll

[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wiaservc.dll
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-02-02_06.12.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-02 06:33 . 2011-02-02 06:33 16384 c:\windows\temp\Perflib_Perfdata_5f8.dat
- 2001-10-25 12:00 . 2011-02-02 06:11 67312 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2011-02-02 06:37 67312 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2011-02-02 06:11 77850 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2011-02-02 06:37 77850 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2011-02-02 06:37 431112 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2011-02-02 06:11 431112 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2011-02-02 06:11 428744 c:\windows\system32\perfh005.dat
+ 2001-10-25 12:00 . 2011-02-02 06:37 428744 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.12.2010 21:09 436792]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [24.1.2011 20:41 632792]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.1.2011 21:20 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.12.2010 21:44 1684736]
S3 YouTrack;YouTrack Web Server;c:\youtrack\bin\tomcat6.exe [9.3.2010 16:06 61440]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 20:20]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 20:20]

2011-01-31 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-01-24 19:42]

2011-02-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-12-29 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=piano
IE: Free YouTube to MP3 Converter - c:\documents and settings\Filépek\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 07:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1957994488-764733703-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:17,c0,be,06,37,61,f3,66,37,e6,bf,33,a0,b3,3b,37,88,01,76,c9,05,
a8,ac,a2,7e,85,64,e7,8a,18,e9,df,a2,a3,51,14,c8,5c,b1,7f,81,8e,b6,b0,74,b4,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-02-02 07:40:27
ComboFix-quarantined-files.txt 2011-02-02 06:40
ComboFix2.txt 2011-02-02 06:13

Před spuštěním: Volných bajtů: 301 015 248 896
Po spuštění: Volných bajtů: 301 010 661 376

- - End Of File - - 4EC87F213F83F00FF92FF4B239964542

filas251 · #21 Příspěvek od **filas251** » 03 úno 2011 12:26

link: http://www.uloz.to/7688611/minidump-rar

#22 Příspěvek od **motji** » 03 úno 2011 12:33

Chybí začátek logu combofixu. Na minidump mrknu

filas251 · #23 Příspěvek od **filas251** » 03 úno 2011 13:08

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Filépek\Data aplikací\facemoods.com

c:\windows\regedit.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-02 do 2011-02-02 )))))))))))))))))))))))))))))))

#24 Příspěvek od **motji** » 03 úno 2011 13:21

Otestujte na www.virustotal.com
c:\windows\regedit.exe

Soubor také prosím dejte do raru a upněte mi ho na http://vyosek.ic.cz/havet/uploader.php, díky

#25 Příspěvek od **motji** » 03 úno 2011 13:54

Vypadá to, že za BSOD může Java. Zkuste ji aktualizovat, příadně odinstalovat a uvidíte.

filas251 · #26 Příspěvek od **filas251** » 03 úno 2011 14:18

dobře zkusím to

filas251 · #27 Příspěvek od **filas251** » 03 úno 2011 14:24

Ještě bych se potřeboval zeptat.Nevíte čím to může být že mi nejdou nainstalovat žádné hry krom Zoo tycoon 2 který se po pár minutách hraní zasekne a PC na nic nereaguje.Vždy v půl instalaci naskočí nějaký error.

#28 Příspěvek od **motji** » 03 úno 2011 14:28

Můžete dát screen toho erroru?
Odkdy je tento problém?

filas251 · #29 Příspěvek od **filas251** » 03 úno 2011 14:40

Screen přidám.Teď přesně nevím ale už přetrvává dlouho,ale myslím že od chvíle co mi odešlo pár věcí v PC.

#30 Příspěvek od **motji** » 03 úno 2011 14:52

filas251 píše:Screen přidám.Teď přesně nevím ale už přetrvává dlouho,ale myslím že od chvíle co mi odešlo pár věcí v PC.

jaké věci například? Už z logu combofixu jde poznat, že tam není něco v pořádku.
Jaký máte systém a sp?

VIRY.CZ

Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu

Re: Prosim o radu