zdravím prosím o kontolu možná vir

brankar · Příspěvekod **brankar** » 03 srp 2009 21:26

http://www.virustotal.com/cs/analisis/a ... 1249327089
http://www.virustotal.com/cs/analisis/3 ... 1249327452
http://www.virustotal.com/cs/analisis/a ... 1249327583
http://www.virustotal.com/cs/analisis/5 ... 1249327712
http://www.virustotal.com/cs/analisis/a ... 1249327863
http://www.virustotal.com/cs/analisis/a ... 1249327972

Reklama

Příspěvekod **jaro3** » 03 srp 2009 21:42

Spyware Terminátor- odinstalovaný?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\drivers\sp_rsdrv2.sys

Driver::
sp_rsdrv2

DirLook::
C:\exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Znáš tuto složku:
C:\exe ?

brankar · Příspěvekod **brankar** » 04 srp 2009 06:26

C:\exe ?
NEZNAM :mad:

brankar · Příspěvekod **brankar** » 04 srp 2009 06:51

TADY JE LOG

ComboFix 09-08-02.04 - user 04.08.2009 6:31.15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.271 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Dokumenty\Filmy\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FILE ::
"c:\windows\system32\drivers\sp_rsdrv2.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sp_rsdrv2.sys
c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SP_RSDRV2
-------\Service_sp_rsdrv2

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 15:17 . 2009-08-03 15:26 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-08-03 14:31 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 14:31 . 2009-08-03 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 14:31 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 10:22 . 2009-08-03 10:30 -------- d-s---w- C:\exe
2009-08-03 10:17 . 2009-08-03 10:18 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-08-02 16:55 . 2009-08-02 17:04 -------- d-----w- C:\8022991167aaf0737e
2009-07-30 05:11 . 2009-07-30 05:17 -------- d-----w- C:\da199075f5f4ccc737efbb
2009-07-29 06:48 . 2009-07-29 06:48 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-07-29 06:48 . 2009-07-29 06:48 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-07-29 06:47 . 2008-04-14 12:00 147968 ----a-w- c:\windows\R.COM
2009-07-29 06:47 . 2008-04-14 12:00 137216 ----a-w- c:\windows\system32\T.COM
2009-07-29 06:47 . 2009-07-29 06:47 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-07-21 12:34 . 2009-07-21 12:34 -------- d-----w- c:\documents and settings\user\DoctorWeb
2009-07-20 19:50 . 2009-07-29 14:07 -------- d-s---w- C:\tatajede
2009-07-16 05:49 . 2009-07-16 06:59 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 05:49 . 2009-07-16 07:05 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-16 05:48 . 2009-07-16 05:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-16 05:13 . 2009-07-16 06:59 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2009-07-15 19:43 . 2009-07-15 19:43 -------- d-----w- C:\a30d88b0d814d68b1fbf9a83
2009-07-12 15:00 . 2009-07-12 15:01 -------- d-----w- C:\a95438541064ea37b452
2009-07-12 08:52 . 2009-07-12 08:52 -------- d-----w- c:\program files\Fifa Master
2009-07-09 18:19 . 2009-07-09 18:19 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-09 18:19 . 2009-07-09 18:20 -------- d-----w- c:\program files\Hamachi
2009-07-07 18:17 . 2009-07-07 18:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-07 17:30 . 2009-07-07 17:30 -------- d-----w- c:\documents and settings\user\fontconfig
2009-07-07 17:26 . 2009-08-03 13:03 -------- d-----w- c:\documents and settings\user\.smplayer
2009-07-07 17:24 . 2009-07-20 09:12 -------- d-----w- c:\program files\SMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 15:22 . 2009-05-18 11:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-03 13:25 . 2009-06-08 05:52 -------- d-----w- c:\program files\trend micro
2009-07-26 05:46 . 2009-05-12 11:25 -------- d-----w- c:\program files\GameSpy Arcade
2009-07-20 06:37 . 2009-04-21 08:57 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-20 06:37 . 2009-04-21 08:57 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-20 06:37 . 2009-04-21 08:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-20 06:37 . 2009-04-21 08:57 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-08 18:55 . 2008-10-26 06:54 -------- d-----w- c:\program files\EA Sports
2009-07-07 18:17 . 2008-10-22 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-07 18:16 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-01 14:24 . 2009-06-21 17:20 -------- d-----w- c:\program files\PowerISO
2009-06-26 16:51 . 2008-04-14 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 09:23 . 2009-06-26 09:11 -------- d-----w- c:\program files\Real Madrid The Game
2009-06-21 17:33 . 2009-06-21 17:33 -------- d-----w- c:\program files\Sega
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-08 04:43 . 2008-10-17 20:55 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-08 04:43 . 2008-10-17 20:55 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-07 17:24 . 2008-12-27 09:03 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-03 19:11 . 2008-04-14 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2008-04-14 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\exe ----

------- Sigcheck -------

[-] 2008-04-14 03:22 14336 455569F52AE2B3DDA964DFB9DDAC3360 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\svchost.exe
[-] 2008-04-14 12:00 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2008-04-14 12:00 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-14 12:00 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\SoftwareDistribution\Download\34bf42ba0188a0a7d6780ed3353bf90e\sp2gdr\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\SoftwareDistribution\Download\34bf42ba0188a0a7d6780ed3353bf90e\sp2qfe\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2gdr\user32.dll
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\user32.dll
[-] 2008-04-14 12:00 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2008-04-14 12:00 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 12:00 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\dllcache\cache\user32.dll

[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ws2_32.dll
[-] 2008-04-14 12:00 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2008-04-14 12:00 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\dllcache\ws2_32.dll
[-] 2008-04-14 12:00 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2008-08-20 05:34 668672 33183CC4099D4952BBBAF9F951BFD1C1 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 05:10 667136 2DE6ADBDA278778837B78B39C18DEBC2 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 05:07 667648 805DE4C27B23B68A56C07E1A96E10693 c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-10-16 10:36 668672 DC068C9C851B3F601D91BFA93E053993 c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 01:03 667136 8E7DE90524F7DD5DB33CC38AD9A1B0B4 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 01:06 668160 370940E124256D20DE4CA7E51377335C c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2009-02-20 07:59 668672 585EF6E32838E273D7B8C5F6CD9703B7 c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2009-04-29 04:29 669184 30BA85CFADF955E3E7608161892E6AC7 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-06-26 16:48 669184 6B6948F5A8E5951821681E54513E19B5 c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2008-04-14 12:00 667136 3FE5E65A7ED9EC98AEE9167CA07812D3 c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2009-02-20 08:12 667136 17C127DDBC21172FED2B472FC6D16F6D c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-04-29 04:35 667648 E4A6A4E8806C154CCB7EB9FA77A9E8F5 c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2008-04-14 03:22 667136 3FE5E65A7ED9EC98AEE9167CA07812D3 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\wininet.dll
[-] 2009-06-26 16:51 667648 EE5E9CB4D60A1671A46461FCCA898D1A c:\windows\SoftwareDistribution\Download\1ee72f339865ef74dbfb6106d087c9e0\sp3gdr\wininet.dll
[-] 2009-06-26 16:48 669184 6B6948F5A8E5951821681E54513E19B5 c:\windows\SoftwareDistribution\Download\1ee72f339865ef74dbfb6106d087c9e0\sp3qfe\wininet.dll
[-] 2009-07-03 16:59 915456 FCD887F2BA15CD8D95F8D70766D42739 c:\windows\SoftwareDistribution\Download\b8d526d04b664905f601c694eaa9eabc\SP3GDR\wininet.dll
[-] 2009-07-03 17:02 915456 0B1AA91DFEDB1298FF7D93EBA45F8DB5 c:\windows\SoftwareDistribution\Download\b8d526d04b664905f601c694eaa9eabc\SP3QFE\wininet.dll
[-] 2009-06-26 16:51 667648 EE5E9CB4D60A1671A46461FCCA898D1A c:\windows\system32\wininet.dll
[-] 2009-06-26 16:51 667648 EE5E9CB4D60A1671A46461FCCA898D1A c:\windows\system32\dllcache\wininet.dll
[-] 2009-06-26 16:51 667648 EE5E9CB4D60A1671A46461FCCA898D1A c:\windows\system32\dllcache\cache\wininet.dll

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-14 12:00 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 03:22 507904 63ECFA7C4411CF13B2D8EAE3304C6FA0 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\winlogon.exe
[-] 2008-04-14 12:00 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2008-04-14 12:00 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-14 12:00 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ndis.sys
[-] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[-] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ip6fw.sys
[-] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:40 2065152 6BB160864CAABEEA24D6BA9EDE18B641 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:26 2068224 09CD607918C3F5600D8A111155F62CA6 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 12:00 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ntkrnlpa.exe
[-] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:40 2188160 C45C335F78C90DC75C05D5260B6888C7 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:26 2191360 91F18AB1E9ACBF6E27A5545A8F57C89B c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-04-14 12:00 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ntoskrnl.exe
[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\cache\ntoskrnl.exe

[-] 2008-04-14 12:00 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2008-04-14 03:22 1034240 A67498EBA038C2BA4033A1DFEC2EBD4A c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[-] 2007-06-13 13:23 1052160 AFD28A5CD36007C5B2D440EF29B40FC4 c:\windows\SoftwareDistribution\Download\24d1fd667c6a6d363e6ced5186970a96\sp2gdr\explorer.exe
[-] 2007-06-13 13:11 1033728 06EB0FF1FB2AADA601A08C3D2B47AE3D c:\windows\SoftwareDistribution\Download\24d1fd667c6a6d363e6ced5186970a96\sp2qfe\explorer.exe
[-] 2008-04-14 12:00 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-14 12:00 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\system32\dllcache\cache\explorer.exe

[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 12:00 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 E26F57B6BCCAC040297805ACDFCFEF87 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\cache\services.exe

[-] 2008-04-14 03:22 13312 0B447DAF1EDECFF5ACD1AA74EE2E91BC c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lsass.exe
[-] 2008-04-14 12:00 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2008-04-14 12:00 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 12:00 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2008-04-14 03:22 34304 34C3EF1C17AD817A2D39615730E80F02 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ctfmon.exe
[-] 2008-04-14 12:00 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2008-04-14 12:00 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 12:00 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2008-04-14 03:22 57856 11040FE55203E2843778BAA68076455D c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\spoolsv.exe
[-] 2005-06-10 23:53 57856 01CE4CFC1E235F22DA341318AE4ADB72 c:\windows\SoftwareDistribution\Download\a25ecfc361977be77521d4ce0798cbae\sp2gdr\spoolsv.exe
[-] 2005-06-11 00:17 57856 2B9AE403F948C72A349B8805C080DC37 c:\windows\SoftwareDistribution\Download\a25ecfc361977be77521d4ce0798cbae\sp2qfe\spoolsv.exe
[-] 2008-04-14 12:00 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2008-04-14 12:00 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 12:00 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2008-04-14 03:22 26112 23AEE32646A4C5BCBA3128C5DFC8781D c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[-] 2008-04-14 12:00 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2008-04-14 12:00 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 12:00 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\dllcache\cache\userinit.exe

[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\termsrv.dll
[-] 2008-04-14 12:00 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2008-04-14 12:00 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\dllcache\termsrv.dll
[-] 2008-04-14 12:00 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 12:00 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\powrprof.dll
[-] 2008-04-14 12:00 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2008-04-14 12:00 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 12:00 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\imm32.dll
[-] 2008-04-14 12:00 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2008-04-14 12:00 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\dllcache\imm32.dll
[-] 2008-04-14 12:00 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\dllcache\cache\imm32.dll

[-] 2006-02-20 23:06 3073024 CDD766C610E7DE86CCE91CD339C79BCF c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[-] 2008-08-20 05:34 3088384 DC651274AF7EDE52B06C0A1C6F3DCA60 c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[-] 2008-08-20 05:10 3088896 91EBFC5DCC5F7D5E1E1630F8BB1A2490 c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 05:07 3088896 78160DA0DB2913BB30473AC3F6619C3E c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-10-16 10:36 3088384 6FE6816E7E6677FF4E47E5FC470C42CC c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 01:03 3088896 793E26EF8767C58436A3B40A0899B180 c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-10-16 05:36 3088896 2A9F87DE02E61CFB762121C160E87F6A c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-12-12 17:30 3088384 74EB9C0ECFBF18B78E2A1EA73AADB13C c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 17:03 3088896 96AD32D5C30A1F79F487A99BC1D5AFE9 c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-12-12 17:15 3088896 0E5ED45F7D6CBBCC973C92247FBE9F30 c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2009-02-20 07:59 3089408 5D6B7B01507A38B8486D36BD2875CEE4 c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2009-04-29 04:30 3090432 B665D1D8FE9FBB4742707D7C481589F5 c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-07-18 15:34 3090944 A5D3E41824AA0BEA9D4A7DD190057452 c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2008-04-14 12:00 3066880 DAF9947DE2A6EA20AE524B7C50487E57 c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2009-02-20 08:12 3089408 C7EE3CE7CC3B39D2B48006A2AA719E6F c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2009-04-29 04:35 3089920 767B5E05899837D95D2ACF07E578A932 c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2008-04-14 03:21 3066880 DAF9947DE2A6EA20AE524B7C50487E57 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\mshtml.dll
[-] 2009-07-18 16:05 3090432 2931C4746F8F2845CFD85F50FDC997E5 c:\windows\SoftwareDistribution\Download\1ee72f339865ef74dbfb6106d087c9e0\sp3gdr\mshtml.dll
[-] 2009-07-18 15:34 3090944 A5D3E41824AA0BEA9D4A7DD190057452 c:\windows\SoftwareDistribution\Download\1ee72f339865ef74dbfb6106d087c9e0\sp3qfe\mshtml.dll
[-] 2009-07-19 13:16 5937152 D6DA6137433E02999C1229DC692250CD c:\windows\SoftwareDistribution\Download\b8d526d04b664905f601c694eaa9eabc\SP3GDR\mshtml.dll
[-] 2009-07-19 13:08 5938176 54E07F3B4EEF71607437367BA1922F6A c:\windows\SoftwareDistribution\Download\b8d526d04b664905f601c694eaa9eabc\SP3QFE\mshtml.dll
[-] 2009-07-18 16:05 3090432 2931C4746F8F2845CFD85F50FDC997E5 c:\windows\system32\mshtml.dll
[-] 2009-07-18 16:05 3090432 2931C4746F8F2845CFD85F50FDC997E5 c:\windows\system32\dllcache\mshtml.dll
[-] 2009-07-18 16:05 3090432 2931C4746F8F2845CFD85F50FDC997E5 c:\windows\system32\dllcache\cache\mshtml.dll

[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\kbdclass.sys
[-] 2008-04-14 12:00 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2008-04-14 12:00 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\comres.dll
[-] 2008-04-14 12:00 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\system32\comres.dll
[-] 2008-04-14 12:00 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\system32\dllcache\comres.dll
[-] 2008-04-14 12:00 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\system32\dllcache\cache\comres.dll

[-] 2008-04-14 03:21 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lpk.dll
[-] 2008-04-14 12:00 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\system32\lpk.dll
[-] 2008-04-14 12:00 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\system32\dllcache\lpk.dll
[-] 2008-04-14 12:00 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\system32\dllcache\cache\lpk.dll

[-] 2008-04-14 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys
[-] 2008-04-14 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\cache\null.sys
[-] 2008-04-14 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\SoftwareDistribution\Download\798c2b1d212eb7352400a51d77fd6ecb\sp2gdr\aec.sys
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\SoftwareDistribution\Download\798c2b1d212eb7352400a51d77fd6ecb\sp2qfe\aec.sys
[-] 2008-04-14 12:00 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\dllcache\cache\aec.sys
[-] 2008-04-14 12:00 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 03:21 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\mfc40u.dll
[-] 2006-11-01 19:19 927504 6C44E5766939B7552BFF75B2B6FF1161 c:\windows\SoftwareDistribution\Download\31081c53fdf82897403792e17717d8e4\sp2qfe\mfc40u.dll
[-] 2008-04-14 12:00 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\system32\mfc40u.dll
[-] 2008-04-14 12:00 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:00 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\system32\dllcache\cache\mfc40u.dll

[-] 2009-02-09 10:59 401408 C0BD34A62508BA68F146E22CE45919F9 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 12:00 399360 C868F3AE15CF71A93F2AA3A32856D839 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 03:21 399360 C868F3AE15CF71A93F2AA3A32856D839 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\rpcss.dll
[-] 2005-07-26 04:42 397824 DBDE980506B54AE928D151D12419B425 c:\windows\SoftwareDistribution\Download\4eb89d2162da1a584b809080d66223f7\sp2gdr\rpcss.dll
[-] 2005-07-26 04:31 398336 46C3197AAC32EBA82453ACDD84114DC2 c:\windows\SoftwareDistribution\Download\4eb89d2162da1a584b809080d66223f7\sp2qfe\rpcss.dll
[-] 2005-04-28 19:32 395776 676E6C3C8F3B4F8B64BE33FD20ADFCE2 c:\windows\SoftwareDistribution\Download\b70932353029c8ba64387748781c48c9\sp2gdr\rpcss.dll
[-] 2005-04-28 19:36 396288 5DE239E9CC9DB7430233EA7BE10EAD32 c:\windows\SoftwareDistribution\Download\b70932353029c8ba64387748781c48c9\sp2qfe\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\dllcache\cache\rpcss.dll

[-] 2008-04-14 03:21 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\msgsvc.dll
[-] 2008-04-14 12:00 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\system32\msgsvc.dll
[-] 2008-04-14 12:00 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\system32\dllcache\msgsvc.dll
[-] 2008-04-14 12:00 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\system32\dllcache\cache\msgsvc.dll

[-] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\comctl32.dll
[-] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-17 05:06 925184 33DFA99B7ACF485A51E96C18CA68D473 c:\windows\SoftwareDistribution\Download\3bf6999727ddb1d518f5b60a6000e8ba\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:54 925184 3ABCC88C3C67D873170A96A25C93616F c:\windows\SoftwareDistribution\Download\acce8888a2025362d898d606b12a9a53\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:51 617472 E26B26189B786E6B092F002041D5A1E2 c:\windows\SoftwareDistribution\Download\acce8888a2025362d898d606b12a9a53\sp2qfe\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\SoftwareDistribution\Download\acce8888a2025362d898d606b12a9a53\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2005-08-31 17:32 925184 7EEDB3AF3DDBB57CA98A00D0280613AB c:\windows\SoftwareDistribution\Download\d74a58a2257733dd923587d311758d6c\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 12:00 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\system32\comctl32.dll
[-] 2008-04-14 12:00 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-14 12:00 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\system32\dllcache\cache\comctl32.dll
[-] 2006-03-02 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\70343\comctl32.dll
[-] 2008-04-14 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-03-02 12:00 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2008-04-14 12:00 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 12:00 11776 AFDFF022A01F0B11C776F0860C3B282F c:\windows\system32\dllcache\cache\acpiec.sys
[-] 2008-04-14 12:00 11776 AFDFF022A01F0B11C776F0860C3B282F c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 03:21 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\sfc.dll
[-] 2008-04-14 12:00 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\system32\sfc.dll
[-] 2008-04-14 12:00 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\system32\dllcache\sfc.dll
[-] 2008-04-14 12:00 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\system32\dllcache\cache\sfc.dll

[-] 2008-04-14 03:21 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\netlogon.dll
[-] 2008-04-14 12:00 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\system32\netlogon.dll
[-] 2008-04-14 12:00 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 12:00 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\system32\dllcache\cache\netlogon.dll

[-] 2008-04-14 03:21 409088 19395D092FD85DDC2D9C7729CF5A2AC8 c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\qmgr.dll
[-] 2008-04-14 12:00 409088 19395D092FD85DDC2D9C7729CF5A2AC8 c:\windows\system32\qmgr.dll
[-] 2008-04-14 12:00 409088 19395D092FD85DDC2D9C7729CF5A2AC8 c:\windows\system32\dllcache\qmgr.dll
[-] 2008-04-14 12:00 409088 19395D092FD85DDC2D9C7729CF5A2AC8 c:\windows\system32\dllcache\cache\qmgr.dll

[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\asyncmac.sys
[-] 2008-04-14 12:00 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 12:00 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\dllcache\cache\asyncmac.sys
[-] 2008-04-14 12:00 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\SoftwareDistribution\Download\53b506440add8bed5aec578eeae6bb86\sp2gdr\ntfs.sys
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\SoftwareDistribution\Download\53b506440add8bed5aec578eeae6bb86\sp2qfe\ntfs.sys
[-] 2008-04-14 12:00 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 12:00 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\cache\ntfs.sys
[-] 2008-04-14 12:00 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-20 1793808]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-30 69632]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-7-9 625952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\Opera\\Opera.exe"= c:\program files\Opera\Opera.exe:*:Disabled:Opera Internet Browser
"c:\\Program Files\\uTorrent\\uTorrent.exe"= c:\program files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"= c:\program files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited
"c:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"= c:\program files\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08
"c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"= c:\program files\EA Sports\FIFA 09\FIFA09.exe:*:Enabled:FIFA09
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= c:\program files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"= c:\program files\Wolfenstein - Enemy Territory\ETDED.exe:*:Enabled:ETDED
"c:\\Program Files\\FlatOut\\flatout.exe"= c:\program files\FlatOut\flatout.exe:*:Enabled:flatout

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 11:14 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.4.2009 10:57 132040]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2009 11:43 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 55024]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [22.3.2009 22:18 30136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
eapsvcs REG_MULTI_SZ eaphost
dot3svc REG_MULTI_SZ dot3svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
HidServ
LanmanWorkstation
Messenger
Netman
TrkWks
W32Time
WZCSVC
wscsvc
xmlprov
napagent
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 06:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:93,0e,67,23,69,96,a9,27,63,58,a7,ae,cc,f3,c2,08,04,6b,33,37,e6,d2,4a,
d3,dc,fe,b3,67,88,4e,06,fd,bf,b2,9f,25,19,62,d6,e9,67,f7,d4,46,64,0e,77,75,\
"??"=hex:74,76,4f,d4,0b,44,70,18,88,2b,db,b1,69,c6,95,26

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,4d,8c,a1,66,59,d4,ee,8d,27,72,77,96,fc,f0,44,7e,c3,ac,d1,82,
55,ab,c3,2c,d2,34,74,f9,c0,6e,7c,49,54,78,86,01,bd,9a,fb,a9,22,e1,0a,f0,e0,\
"rkeysecu"=hex:fb,81,90,31,d2,93,d3,3d,73,a6,fd,d8,95,a1,26,4b

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
@="{901A509E-23C3-4FEC-96DE-3E1D38C15E63}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
@="{901A509E-23C3-4FEC-96DE-3E1D38C15E63}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
"GlobalState"=hex:41,49,2f,22,d8,c3,25,1b,d0,e2,07,4a,39,03,8f,c0,0c,92,16,c5

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\systemSystem\ControlSet002\Services\TDSSserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\TDSSmqlt.sys"
"group"="file system"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
.
**************************************************************************
.
Celkový čas: 2009-08-04 6:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-04 04:50
ComboFix2.txt 2009-08-03 17:40
ComboFix3.txt 2009-08-03 16:38
ComboFix4.txt 2009-08-03 15:43
ComboFix5.txt 2009-08-04 04:30

Před spuštěním: Volných bajtů: 73 595 490 304
Po spuštění: Volných bajtů: 73 522 876 416

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
524 --- E O F --- 2009-08-02 17:04

Příspěvekod **jaro3** » 04 srp 2009 09:47

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
C:\exe

Driver::
TDSSserv
TDSSmqlt

RegNull::
[HKEY_LOCAL_MACHINE\systemSystem\ControlSet002\Services\TDSSserv.sys]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

brankar · Příspěvekod **brankar** » 04 srp 2009 15:23

hodilo to chybu svchost exe chyba aplikace

Log combo fix

aComboFix 09-08-02.04 - user 04.08.2009 15:02.16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.351 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Dokumenty\Filmy\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 15:17 . 2009-08-03 15:26 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-08-03 14:31 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 14:31 . 2009-08-03 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 14:31 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 10:17 . 2009-08-03 10:18 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-08-02 16:55 . 2009-08-02 17:04 -------- d-----w- C:\8022991167aaf0737e
2009-07-30 05:11 . 2009-07-30 05:17 -------- d-----w- C:\da199075f5f4ccc737efbb
2009-07-29 06:48 . 2009-07-29 06:48 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-07-29 06:48 . 2009-07-29 06:48 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-07-29 06:47 . 2008-04-14 12:00 147968 ----a-w- c:\windows\R.COM
2009-07-29 06:47 . 2008-04-14 12:00 137216 ----a-w- c:\windows\system32\T.COM
2009-07-29 06:47 . 2009-07-29 06:47 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-07-21 12:34 . 2009-07-21 12:34 -------- d-----w- c:\documents and settings\user\DoctorWeb
2009-07-20 19:50 . 2009-07-29 14:07 -------- d-s---w- C:\tatajede
2009-07-16 05:49 . 2009-07-16 06:59 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 05:49 . 2009-07-16 07:05 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-16 05:48 . 2009-07-16 05:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-15 19:43 . 2009-07-15 19:43 -------- d-----w- C:\a30d88b0d814d68b1fbf9a83
2009-07-12 15:00 . 2009-07-12 15:01 -------- d-----w- C:\a95438541064ea37b452
2009-07-12 08:52 . 2009-07-12 08:52 -------- d-----w- c:\program files\Fifa Master
2009-07-09 18:19 . 2009-07-09 18:19 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-09 18:19 . 2009-07-09 18:20 -------- d-----w- c:\program files\Hamachi
2009-07-07 18:17 . 2009-07-07 18:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-07 17:30 . 2009-07-07 17:30 -------- d-----w- c:\documents and settings\user\fontconfig
2009-07-07 17:26 . 2009-08-03 13:03 -------- d-----w- c:\documents and settings\user\.smplayer
2009-07-07 17:24 . 2009-07-20 09:12 -------- d-----w- c:\program files\SMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 05:14 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 15:22 . 2009-05-18 11:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-03 13:25 . 2009-06-08 05:52 -------- d-----w- c:\program files\trend micro
2009-07-26 05:46 . 2009-05-12 11:25 -------- d-----w- c:\program files\GameSpy Arcade
2009-07-20 06:37 . 2009-04-21 08:57 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-20 06:37 . 2009-04-21 08:57 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-20 06:37 . 2009-04-21 08:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-20 06:37 . 2009-04-21 08:57 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-08 18:55 . 2008-10-26 06:54 -------- d-----w- c:\program files\EA Sports
2009-07-07 18:17 . 2008-10-22 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-01 14:24 . 2009-06-21 17:20 -------- d-----w- c:\program files\PowerISO
2009-06-26 16:51 . 2008-04-14 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 09:23 . 2009-06-26 09:11 -------- d-----w- c:\program files\Real Madrid The Game
2009-06-21 17:33 . 2009-06-21 17:33 -------- d-----w- c:\program files\Sega
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-08 04:43 . 2008-10-17 20:55 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-08 04:43 . 2008-10-17 20:55 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-07 17:24 . 2008-12-27 09:03 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-03 19:11 . 2008-04-14 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2008-04-14 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-20 1793808]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-30 69632]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-7-9 625952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=
"c:\\Program Files\\FlatOut\\flatout.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 11:14 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.4.2009 10:57 132040]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2009 11:43 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 55024]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [22.3.2009 22:18 30136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 15:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:93,0e,67,23,69,96,a9,27,63,58,a7,ae,cc,f3,c2,08,04,6b,33,37,e6,d2,4a,
d3,dc,fe,b3,67,88,4e,06,fd,bf,b2,9f,25,19,62,d6,e9,67,f7,d4,46,64,0e,77,75,\
"??"=hex:74,76,4f,d4,0b,44,70,18,88,2b,db,b1,69,c6,95,26

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,4d,8c,a1,66,59,d4,ee,8d,27,72,77,96,fc,f0,44,7e,c3,ac,d1,82,
55,ab,c3,2c,d2,34,74,f9,c0,6e,7c,49,54,78,86,01,bd,9a,fb,a9,22,e1,0a,f0,e0,\
"rkeysecu"=hex:fb,81,90,31,d2,93,d3,3d,73,a6,fd,d8,95,a1,26,4b
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
.
**************************************************************************
.
Celkový čas: 2009-08-04 15:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-04 13:20
ComboFix2.txt 2009-08-04 04:50
ComboFix3.txt 2009-08-03 17:40
ComboFix4.txt 2009-08-03 16:38
ComboFix5.txt 2009-08-04 13:01

Před spuštěním: Volných bajtů: 78 542 258 176
Po spuštění: Volných bajtů: 78 529 359 872

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
157 --- E O F --- 2009-08-02 17:04

Příspěvekod **jaro3** » 04 srp 2009 15:37

Log z CF je OK.

Ta chyba svchost exe- hláška ve win?

Zkus toto:
Start-spustit-napiš: notepad .do něho vlož tento celý text:

Kód: Vybrat vše

dir \svchost.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

brankar · Příspěvekod **brankar** » 04 srp 2009 18:39

tady je vypis

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je A47E-D0A5.

Výpis adresáře C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39

14.04.2008 05:22 14 336 svchost.exe
1 souborů, 14 336 bajtů

Výpis adresáře C:\WINDOWS\system32

14.04.2008 14:00 14 336 svchost.exe
1 souborů, 14 336 bajtů

Výpis adresáře C:\WINDOWS\system32\dllcache

14.04.2008 14:00 14 336 svchost.exe
1 souborů, 14 336 bajtů

Výpis adresáře C:\WINDOWS\system32\dllcache\cache

14.04.2008 14:00 14 336 svchost.exe
1 souborů, 14 336 bajtů

Příspěvekod **jaro3** » 04 srp 2009 19:07

svchost je v pořádku, chtělo by to napsat celou chybu-screen.

Vlož ještě nový log z HJT.

brankar · Příspěvekod **brankar** » 04 srp 2009 19:13

NECHCI DO NĚČEHO KECAT NEMŮŽE TO EXE BÝT VIR

Příspěvekod **jaro3** » 04 srp 2009 19:16

svchost.exe --to je legitimní soubor windows, mají všechny správnou hodnotu i polohu, tudíž to na infekci nevypadá.

brankar · Příspěvekod **brankar** » 04 srp 2009 19:20

Tady je sprava když se restartuje počítač

Instrukce na adrese 0x76d02ed1 odkazovala na adresu paměti 0x76d02ed1. S pamětí nelze provést operaci: read.

vše se mi přeplo do windows 98

zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Re: zdravím prosím o kontolu možná vir

Kdo je online