TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.
Od dnia 25.05.2018 r. na terenie Unii Europejskiej wchodzi w życie Rozporządzenie Parlamentu Europejskiego w sprawie ochrony danych osobowych. Prosimy o zapoznanie się z polityką prywatności oraz regulaminem serwisu  [X]

Prosze o sprawdzenie logow [combofix]

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź

Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 19 Lis 2009, 22:12

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

Zainfekowana kopia c:\windows\system32\drivers\atapi.sys została znaleziona. Problem naprawiono
Plik odzyskano z - Kitty ate it :p
.
((((((((((((((((((((((((( Pliki utworzone od 2009-10-19 do 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 18:57 . 2009-11-19 18:57 34816 ----a-w- c:\windows\system32\oledsp32.dll
2009-11-19 18:39 . 2009-11-19 18:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-19 18:38 . 2009-11-19 18:38 -------- d-----w- c:\documents and settings\LocalService\Pulpit
2009-11-19 18:35 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-19 18:35 . 2009-11-19 18:35 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-19 18:35 . 2009-11-19 18:35 93360 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-19 18:34 . 2009-11-19 18:35 862040 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-19 18:34 . 2009-11-19 18:34 554280 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-19 18:34 . 2009-11-19 18:34 15880 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-19 18:34 . 2009-11-19 18:34 206944 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-19 18:34 . 2009-11-19 18:34 390288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-19 18:34 . 2009-11-19 18:34 537576 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-19 18:34 . 2009-11-19 18:34 212480 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-19 18:34 . 2009-11-19 18:34 283944 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-19 18:33 . 2009-11-19 18:34 370744 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-19 18:33 . 2009-11-19 18:33 163728 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-19 18:33 . 2009-11-19 18:33 194104 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-19 18:33 . 2009-11-19 18:33 1223976 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-19 18:33 . 2009-11-19 18:33 242984 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-19 18:29 . 2009-11-19 18:29 5908024 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-19 18:29 . 2009-11-19 18:29 327000 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-19 18:29 . 2009-11-19 18:29 87496 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-19 18:29 . 2009-11-19 18:29 933120 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-19 18:29 . 2009-11-19 18:29 641632 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-19 18:27 . 2009-11-19 18:27 816272 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-19 18:27 . 2009-11-19 18:27 822904 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-19 18:27 . 2009-11-19 18:27 1638640 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-19 18:27 . 2009-11-19 18:27 788880 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-19 18:27 . 2009-11-19 18:27 1184912 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-19 18:22 . 2009-11-19 18:22 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-19 18:22 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-19 18:22 . 2009-11-19 18:22 -------- d-----w- c:\program files\Lavasoft
2009-11-19 18:22 . 2009-11-19 18:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2009-11-17 19:53 . 2009-11-17 19:53 -------- d-----w- c:\program files\AskBarDis
2009-11-17 19:15 . 2009-11-17 19:15 -------- d-----w- c:\program files\ZoneAlarmSB
2009-11-17 19:15 . 2009-11-19 16:06 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-17 19:15 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll
2009-11-16 14:53 . 2009-11-16 14:54 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Tibia
2009-11-16 13:55 . 2009-11-16 13:55 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
2009-11-16 13:54 . 2009-11-16 13:54 -------- d-----r- c:\documents and settings\NetworkService\Ulubione
2009-11-15 21:01 . 2009-11-15 21:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier
2009-11-15 21:00 . 2009-11-19 15:54 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-15 21:00 . 2004-04-27 03:40 11264 ----a-w- c:\windows\system32\SpOrder.dll
2009-11-15 21:00 . 2009-11-19 16:06 -------- d-----w- c:\windows\Internet Logs
2009-11-07 18:54 . 2009-11-07 18:54 -------- d-----w- c:\documents and settings\mariusz\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
2009-11-07 18:20 . 2009-11-08 13:00 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\ipla
2009-11-07 18:20 . 2009-11-07 18:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-11-07 18:20 . 2009-11-07 18:20 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2009-11-07 18:20 . 2009-11-07 18:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-11-07 18:20 . 2009-11-07 18:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-11-03 19:52 . 2009-11-03 19:52 -------- d-----w- c:\documents and settings\mariusz\Ustawienia lokalne\Dane aplikacji\Ares
2009-10-31 19:53 . 2009-10-31 20:01 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Ventrilo
2009-10-30 07:35 . 2009-10-30 07:35 -------- d-----w- c:\documents and settings\wiola\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-10-27 18:17 . 2009-10-27 18:17 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\OpenFM
2009-10-27 15:08 . 2009-10-27 15:08 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\teamspeak2
2009-10-27 14:50 . 2009-10-27 14:50 35840 --sh--w- c:\documents and settings\mariusz\ord32.dll
2009-10-27 11:48 . 2009-10-27 11:48 -------- d-----w- c:\program files\Winamp Toolbar
2009-10-27 11:48 . 2009-10-27 11:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar
2009-10-25 18:21 . 2009-10-25 18:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-25 18:21 . 2009-10-25 18:21 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\skypePM
2009-10-25 18:17 . 2009-11-19 17:31 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Skype
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-----w- c:\program files\Common Files\Skype
2009-10-25 18:16 . 2009-10-25 18:17 -------- d-----r- c:\program files\Skype
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-10-22 17:04 . 2001-08-17 18:19 96256 -c--a-w- c:\windows\system32\dllcache\ctlsb16.sys
2009-10-22 17:04 . 2001-08-17 18:19 96256 ----a-w- c:\windows\system32\drivers\ctlsb16.sys
2009-10-21 15:32 . 2004-04-30 07:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-10-21 15:32 . 2004-04-30 07:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-10-21 15:32 . 2004-05-06 10:11 65024 ----a-w- c:\documents and settings\mariusz\trial_setup.exe
2009-10-21 15:32 . 2004-05-06 10:11 4289024 ----a-w- c:\documents and settings\mariusz\trial_setup.msi
2009-10-21 15:17 . 2009-10-21 15:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-21 15:04 . 2009-11-17 18:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 20:04 . 2009-10-19 15:51 736384 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-11-17 18:44 . 2009-10-19 17:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-16 13:52 . 2009-10-20 13:30 14272 ----a-w- c:\documents and settings\wiola\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-15 14:27 . 2009-10-17 13:44 14272 ----a-w- c:\documents and settings\mariusz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-03 18:21 . 2009-10-17 16:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-11-01 12:36 . 2009-10-27 11:47 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Winamp
2009-10-31 17:43 . 2009-10-19 17:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-10-25 18:54 . 2009-10-19 19:24 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Nowe Gadu-Gadu
2009-10-25 12:09 . 2001-10-26 17:15 83880 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 12:09 . 2001-10-26 17:15 490628 ----a-w- c:\windows\system32\perfh015.dat
2009-10-20 13:30 . 2009-10-20 13:30 -------- d-----w- c:\documents and settings\wiola\Dane aplikacji\ATI
2009-10-19 16:55 . 2009-10-19 16:55 -------- d--h--r- c:\documents and settings\mariusz\Dane aplikacji\SecuROM
2009-10-19 16:41 . 2009-10-19 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-19 16:32 . 2009-10-19 16:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-19 15:56 . 2009-10-17 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 15:51 . 2009-10-19 15:51 -------- d-----w- c:\program files\MSBuild
2009-10-19 15:49 . 2009-10-19 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-19 15:32 . 2009-10-17 13:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-19 13:56 . 2009-10-19 13:56 0 ----a-w- c:\windows\nsreg.dat
2009-10-19 13:37 . 2009-10-17 13:46 15600 ----a-w- c:\windows\gdrv.sys
2009-10-18 19:45 . 2009-10-17 13:22 -------- d-----w- c:\program files\Usługi online
2009-10-18 14:08 . 2009-10-17 14:00 -------- d-----w- c:\program files\Realtek
2009-10-18 14:07 . 2009-10-18 14:07 -------- d-----w- c:\program files\Marvell
2009-10-17 16:45 . 2009-10-17 16:45 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-17 16:37 . 2009-10-17 16:37 -------- d-----w- c:\program files\Yahoo!
2009-10-17 15:04 . 2009-10-17 15:04 8854 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\UNINST_Uninstall_Gam_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-10-17 15:04 . 2009-10-17 15:04 65536 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\NewShortcut1_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-10-17 15:04 . 2009-10-17 15:04 65536 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\HUD.exe_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-10-17 15:04 . 2009-10-17 15:04 1150 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\ARPPRODUCTICON.exe
2009-10-17 15:04 . 2009-10-17 15:04 -------- d-----w- c:\program files\GIGABYTE
2009-10-17 14:00 . 2009-10-17 14:00 339968 ----a-w- c:\windows\HideWin.exe
2009-10-17 13:59 . 2009-10-17 13:59 -------- d-----w- c:\program files\DIFX
2009-10-17 13:44 . 2009-10-17 13:44 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\ATI
2009-10-17 13:44 . 2009-10-17 13:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI
2009-10-17 13:43 . 2009-10-17 13:43 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-17 13:42 . 2009-10-17 13:36 -------- d-----w- c:\program files\ATI Technologies
2009-10-17 13:40 . 2009-10-17 13:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-17 13:39 . 2009-10-17 13:39 9158 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-10-17 13:39 . 2009-10-17 13:39 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-10-17 13:23 . 2009-10-17 13:23 -------- d-----w- c:\program files\microsoft frontpage
2009-10-17 13:20 . 2009-10-17 13:20 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-14 20:50 . 2004-08-03 22:44 162155 --sha-r- c:\windows\system32\ikfbmcp.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-19_17.19.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-11-19 18:35 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-11-19 18:21 . 2009-11-19 18:21 236032 c:\windows\Installer\2aff6a.msi
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2009-11-19 18:22 . 2009-11-19 18:22 1861120 c:\windows\Installer\2aff75.msi
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-10-19 306088]
"ares"="d:\program files\Ares\Ares.exe" [2008-12-13 906752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-26 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\mariusz\Menu Start\Programy\Autostart\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2008-10-14 1976832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
"d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows
"3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP)
"1751:TCP"= 1751:TCP:xqetjask

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-19 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-21 721904]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1184912]
S2 pkvik;Config Task;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);c:\windows\system32\drivers\ctlsb16.sys [2009-10-22 96256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pkvik
.
Zawartość folderu 'Zaplanowane zadania'

2009-11-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:27]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\65s9rahg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - component: c:\documents and settings\mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\65s9rahg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 21:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ADD01F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e3dcb8
\Driver\atapi -> 0x8ab37420
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cc1bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9ccea21
SendHandler -> NDIS.sys @ 0xb9cac87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pkvik]
"ServiceDll"="c:\windows\system32\ikfbmcp.dll"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-1715567821-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,21,36,f7,2f,57,96,77,33,61,ad,ea,1e,db,2a,f2,df,91,33,30,61,
de,2b,3e,5d,dc,76,f6,07,c5,b9,8c,f1,ca,bf,2f,12,9b,c1,f0,64,26,bf,15,22,15,\
"rkeysecu"=hex:5d,7c,7f,06,b2,19,11,4f,13,7d,87,43,75,df,0e,ea
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-11-19 21:08
ComboFix-quarantined-files.txt 2009-11-19 20:08
ComboFix2.txt 2009-11-19 17:38
ComboFix3.txt 2009-11-19 17:20

Przed: 892 530 688 bajtów wolnych
Po: 1 151 246 336 bajtów wolnych

- - End Of File - - 380386495B9F488E47A1841541F883AD
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez AJAN » 19 Lis 2009, 22:22

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

log ucięty
Przeskanuj kompa http://www2.gmer.net/mbr/mbr.exe (Opis) i daj loga, oraz Dr.Web Cure It!
gdy będą wirusy pokaż raport (po zakończeniu skanowania Plik -> Zapisz listę raportu)
Desktop: AMD 1,8ghz, 1GB RAM, graf: Gforce2 FX5200
PG K8-755-A2/ESC WINDOWS XP Pro 5.1.2600 SP 3, 80GB, DVD SH-S182D
Laptop: Toshiba Portege M300
net: 3Mb/1,5Mb
KLIK Pomogłem? Daj +
Image
Awatar użytkownika
AJAN
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 810
Dołączenie: 07 Lis 2008, 00:10
Miejscowość: 49°37'30.12"N, 20°41'44.13"E
Pochwały: 62
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez mateo8898 » 19 Lis 2009, 22:35

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

Odinstaluj Winamp Toolbar

Wklej do notatnika:
Kod: Zaznacz wszystko
File::
c:\windows\system32\oledsp32.dll
c:\documents and settings\mariusz\ord32.dll

Folder::
c:\program files\AskBarDis

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1751:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pkvik]

Driver::
pkvik

NetSvc::
pkvik

Plik -> zapisz jako -> CFScript.txt
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Image
Rozpocznie się usuwanie i powstanie log, który dajesz na forum.


Autor postu otrzymał pochwałę
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 19 Lis 2009, 22:42

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

z mbrem mam problem poniewaz po dwu kliknieciu okno sie otwiera i zamyka natomiast Dr.Web Cure It nie moge sciagnac gdyz pokazuje mi ze nie odnaleziono strony ,poniewaz mam zainfekowanego kompa ;/
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez mateo8898 » 19 Lis 2009, 22:44

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

Bo masz prawdopodobnie Confickera. Wykonaj to, co napisałem w poprzednim poście
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 19 Lis 2009, 22:59

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

Problem zneutralizowany ;] .Dzieki CI ;] pochwala
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez mateo8898 » 19 Lis 2009, 23:02

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

Podaj log z usuwania
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 20 Lis 2009, 14:46

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

log sie nie zapisal
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez mateo8898 » 20 Lis 2009, 17:34

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

To podaj nowy log z Combofixa bo chcę widzieć, czy wszystko się usunęło
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 21 Lis 2009, 23:52

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

podziele log na pol bo sie nie miesci



ComboFix 09-11-20.05 - mariusz 2009-11-21 22:40.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3583.3108 [GMT 1:00]
Uruchomiony z: c:\documents and settings\mariusz\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\mariusz\Pulpit\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\documents and settings\mariusz\ord32.dll"
"c:\windows\system32\oledsp32.dll"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
c:\documents and settings\mariusz\ord32.dll
c:\program files\AskBarDis\zonealarm.ico
c:\windows\system32\oledsp32.dll

Zainfekowana kopia c:\windows\system32\drivers\atapi.sys została znaleziona. Problem naprawiono
Plik odzyskano z - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PKVIK
-------\Service_pkvik


((((((((((((((((((((((((( Pliki utworzone od 2009-10-21 do 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 21:23 . 2009-11-21 21:31 -------- d-----w- c:\program files\trend micro
2009-11-21 21:23 . 2009-11-21 21:23 -------- d-----w- C:\rsit
2009-11-20 19:44 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-11-20 19:44 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-11-20 18:20 . 2009-11-20 18:20 -------- d-s---w- c:\documents and settings\wiola\UserData
2009-11-20 11:31 . 2009-11-20 11:31 109072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2009-11-20 11:31 . 2009-11-20 11:31 59920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2009-11-20 11:31 . 2009-11-20 11:31 33808 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-11-20 11:31 . 2009-11-20 11:31 208616 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-11-20 11:31 . 2009-11-20 11:31 226832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-11-19 21:11 . 2009-11-20 11:31 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-19 21:11 . 2009-11-20 11:31 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-19 21:11 . 2009-11-21 21:37 286752 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-19 21:11 . 2009-11-21 21:37 1236512 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-19 21:10 . 2009-11-19 21:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-11-19 20:55 . 2009-11-19 20:55 36352 ----a-w- c:\windows\system32\drivers\disk_2.sys
2009-11-19 18:38 . 2009-11-19 18:38 -------- d-----w- c:\documents and settings\LocalService\Pulpit
2009-11-19 18:35 . 2009-11-19 18:35 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-19 18:22 . 2009-11-20 19:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2009-11-17 19:15 . 2009-11-17 19:15 -------- d-----w- c:\program files\ZoneAlarmSB
2009-11-17 19:15 . 2009-11-19 16:06 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-17 19:15 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll
2009-11-16 14:53 . 2009-11-16 14:54 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Tibia
2009-11-16 13:55 . 2009-11-16 13:55 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
2009-11-16 13:54 . 2009-11-16 13:54 -------- d-----r- c:\documents and settings\NetworkService\Ulubione
2009-11-15 21:01 . 2009-11-15 21:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier
2009-11-15 21:00 . 2009-11-19 15:54 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-15 21:00 . 2004-04-27 03:40 11264 ----a-w- c:\windows\system32\SpOrder.dll
2009-11-15 21:00 . 2009-11-19 16:06 -------- d-----w- c:\windows\Internet Logs
2009-11-07 18:20 . 2009-11-08 13:00 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\ipla
2009-11-07 18:20 . 2009-11-07 18:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-11-07 18:20 . 2009-11-07 18:20 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2009-11-07 18:20 . 2009-11-07 18:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-11-07 18:20 . 2009-11-07 18:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-11-03 19:52 . 2009-11-03 19:52 -------- d-----w- c:\documents and settings\mariusz\Ustawienia lokalne\Dane aplikacji\Ares
2009-10-31 19:53 . 2009-10-31 20:01 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Ventrilo
2009-10-30 07:35 . 2009-10-30 07:35 -------- d-----w- c:\documents and settings\wiola\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-10-27 18:17 . 2009-10-27 18:17 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\OpenFM
2009-10-27 15:08 . 2009-10-27 15:08 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\teamspeak2
2009-10-25 18:21 . 2009-10-25 18:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-25 18:21 . 2009-10-25 18:21 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\skypePM
2009-10-25 18:17 . 2009-11-21 21:34 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Skype
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-----w- c:\program files\Common Files\Skype
2009-10-25 18:16 . 2009-10-25 18:17 -------- d-----r- c:\program files\Skype
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 21:37 . 2009-11-19 21:11 4156 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-21 21:37 . 2009-11-19 21:11 12836 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 21:37 . 2009-10-19 15:51 736384 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-11-21 19:57 . 2009-10-17 16:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-11-20 15:10 . 2009-10-17 14:00 86016 ------r- c:\windows\SoundMan.exe
2009-11-20 15:10 . 2009-10-17 14:00 1826816 ------r- c:\windows\SkyTel.exe
2009-11-20 15:09 . 2009-10-17 14:00 1191936 ------r- c:\windows\RtlUpd.exe
2009-11-20 15:09 . 2009-10-17 14:00 9715200 ------r- c:\windows\RTLCPL.exe
2009-11-20 15:09 . 2009-10-17 14:00 2165760 ------r- c:\windows\MicCal.exe
2009-11-20 15:09 . 2009-10-17 14:00 2808832 ------r- c:\windows\alcwzrd.exe
2009-11-20 15:09 . 2009-10-17 14:00 315392 ----a-w- c:\windows\HideWin.exe
2009-11-20 15:08 . 2009-10-21 15:32 40448 ----a-w- c:\documents and settings\mariusz\trial_setup.exe
2009-11-20 15:08 . 2009-10-17 15:04 40960 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\NewShortcut1_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-11-20 15:08 . 2009-10-17 15:04 40960 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\HUD.exe_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-11-20 11:31 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-11-19 21:11 . 2009-10-17 16:45 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-17 18:44 . 2009-10-21 15:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 18:44 . 2009-10-19 17:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-16 13:52 . 2009-10-20 13:30 14272 ----a-w- c:\documents and settings\wiola\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-15 14:27 . 2009-10-17 13:44 14272 ----a-w- c:\documents and settings\mariusz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-01 12:36 . 2009-10-27 11:47 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Winamp
2009-10-31 17:43 . 2009-10-19 17:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-10-25 18:54 . 2009-10-19 19:24 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Nowe Gadu-Gadu
2009-10-25 12:09 . 2001-10-26 17:15 83880 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 12:09 . 2001-10-26 17:15 490628 ----a-w- c:\windows\system32\perfh015.dat
2009-10-21 15:17 . 2009-10-21 15:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 13:30 . 2009-10-20 13:30 -------- d-----w- c:\documents and settings\wiola\Dane aplikacji\ATI
2009-10-19 16:55 . 2009-10-19 16:55 -------- d--h--r- c:\documents and settings\mariusz\Dane aplikacji\SecuROM
2009-10-19 16:41 . 2009-10-19 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-19 16:32 . 2009-10-19 16:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-19 15:56 . 2009-10-17 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 15:51 . 2009-10-19 15:51 -------- d-----w- c:\program files\MSBuild
2009-10-19 15:49 . 2009-10-19 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-19 15:32 . 2009-10-17 13:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-19 13:56 . 2009-10-19 13:56 0 ----a-w- c:\windows\nsreg.dat
2009-10-19 13:37 . 2009-10-17 13:46 15600 ----a-w- c:\windows\gdrv.sys
2009-10-18 19:45 . 2009-10-17 13:22 -------- d-----w- c:\program files\Usługi online
2009-10-18 14:08 . 2009-10-17 14:00 -------- d-----w- c:\program files\Realtek
2009-10-18 14:07 . 2009-10-18 14:07 -------- d-----w- c:\program files\Marvell
2009-10-17 16:37 . 2009-10-17 16:37 -------- d-----w- c:\program files\Yahoo!
2009-10-17 15:04 . 2009-10-17 15:04 8854 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\UNINST_Uninstall_Gam_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-10-17 15:04 . 2009-10-17 15:04 1150 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\ARPPRODUCTICON.exe
2009-10-17 15:04 . 2009-10-17 15:04 -------- d-----w- c:\program files\GIGABYTE
2009-10-17 13:59 . 2009-10-17 13:59 -------- d-----w- c:\program files\DIFX
2009-10-17 13:44 . 2009-10-17 13:44 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\ATI
2009-10-17 13:44 . 2009-10-17 13:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI
2009-10-17 13:43 . 2009-10-17 13:43 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-17 13:42 . 2009-10-17 13:36 -------- d-----w- c:\program files\ATI Technologies
2009-10-17 13:40 . 2009-10-17 13:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-17 13:39 . 2009-10-17 13:39 9158 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-10-17 13:39 . 2009-10-17 13:39 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-10-17 13:23 . 2009-10-17 13:23 -------- d-----w- c:\program files\microsoft frontpage
2009-10-17 13:20 . 2009-10-17 13:20 21856 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-19_17.19.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2008-06-21 03:54 . 2008-06-21 03:54 66600 c:\windows\system32\drivers\sbhips.sys
+ 2008-11-11 18:58 . 2008-11-11 18:58 25601 c:\windows\system32\drivers\klopp.dat
+ 2008-04-30 16:06 . 2008-04-30 16:06 24592 c:\windows\system32\drivers\klim5.sys
- 2009-10-17 13:26 . 2009-10-26 10:19 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-10-17 13:26 . 2009-11-21 09:47 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-11-20 11:31 . 2009-11-21 09:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-19 15:31 . 2009-11-20 15:10 30720 c:\windows\ServicePackFiles\i386\xcopy.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 13824 c:\windows\ServicePackFiles\i386\wscntfy.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 11776 c:\windows\ServicePackFiles\i386\wpnpinst.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 32256 c:\windows\ServicePackFiles\i386\wpabaln.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 66048 c:\windows\ServicePackFiles\i386\wextract.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 30208 c:\windows\ServicePackFiles\i386\wabmig.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 46080 c:\windows\ServicePackFiles\i386\wab.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 28672 c:\windows\ServicePackFiles\i386\verclsid.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 50176 c:\windows\ServicePackFiles\i386\utilman.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 26624 c:\windows\ServicePackFiles\i386\userinit.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 18432 c:\windows\ServicePackFiles\i386\ups.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 16896 c:\windows\ServicePackFiles\i386\upnpcont.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 60416 c:\windows\ServicePackFiles\i386\tzchange.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 12800 c:\windows\ServicePackFiles\i386\tracert.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 82944 c:\windows\ServicePackFiles\i386\tp4mon.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 75264 c:\windows\ServicePackFiles\i386\tlntsvr.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 80384 c:\windows\ServicePackFiles\i386\tlntsess.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 63488 c:\windows\ServicePackFiles\i386\tlntadmn.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 77824 c:\windows\ServicePackFiles\i386\telnet.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 32768 c:\windows\ServicePackFiles\i386\tcptest.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 79360 c:\windows\ServicePackFiles\i386\tasklist.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 78848 c:\windows\ServicePackFiles\i386\taskkill.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 73728 c:\windows\ServicePackFiles\i386\sysinfo.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 14336 c:\windows\ServicePackFiles\i386\svchost.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 65536 c:\windows\ServicePackFiles\i386\stub_fpsrvwin.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 16384 c:\windows\ServicePackFiles\i386\stub_fpsrvadm.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 14848 c:\windows\ServicePackFiles\i386\stimon.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 14336 c:\windows\ServicePackFiles\i386\ssstars.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 18944 c:\windows\ServicePackFiles\i386\ssmyst.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 47104 c:\windows\ServicePackFiles\i386\ssmypics.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 20992 c:\windows\ServicePackFiles\i386\ssmarque.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 19968 c:\windows\ServicePackFiles\i386\ssbezier.scr
+ 2008-04-14 20:51 . 2009-11-20 15:10 20992 c:\windows\ServicePackFiles\i386\spupdwxp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 57856 c:\windows\ServicePackFiles\i386\spoolsv.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 11264 c:\windows\ServicePackFiles\i386\spnpinst.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 12800 c:\windows\ServicePackFiles\i386\spiisupd.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 24576 c:\windows\ServicePackFiles\i386\sort.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 32768 c:\windows\ServicePackFiles\i386\snmp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 50688 c:\windows\ServicePackFiles\i386\smss.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 91136 c:\windows\ServicePackFiles\i386\smlogsvc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 73728 c:\windows\ServicePackFiles\i386\slserv.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 32768 c:\windows\ServicePackFiles\i386\slrundll.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 26112 c:\windows\ServicePackFiles\i386\skeys.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 70656 c:\windows\ServicePackFiles\i386\sigverif.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 20480 c:\windows\ServicePackFiles\i386\shutdown.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 16384 c:\windows\ServicePackFiles\i386\shtml.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 78336 c:\windows\ServicePackFiles\i386\shrpubw.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 45056 c:\windows\ServicePackFiles\i386\shmgrate.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 32768 c:\windows\ServicePackFiles\i386\setupn.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 73728 c:\windows\ServicePackFiles\i386\setup50.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 23040 c:\windows\ServicePackFiles\i386\setup.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 32768 c:\windows\ServicePackFiles\i386\sethc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 19456 c:\windows\ServicePackFiles\i386\secedit.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 77824 c:\windows\ServicePackFiles\i386\sdbinst.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 36352 c:\windows\ServicePackFiles\i386\scrcons.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 98304 c:\windows\ServicePackFiles\i386\scardsvr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 13824 c:\windows\ServicePackFiles\i386\savedump.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 14336 c:\windows\ServicePackFiles\i386\runonce.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 33280 c:\windows\ServicePackFiles\i386\rundll32.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 77824 c:\windows\ServicePackFiles\i386\rtcshare.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 15360 c:\windows\ServicePackFiles\i386\rsh.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 14336 c:\windows\ServicePackFiles\i386\rexec.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 12288 c:\windows\ServicePackFiles\i386\regsvr32.exe
+ 2007-06-27 16:27 . 2009-11-20 15:10 28672 c:\windows\ServicePackFiles\i386\regasm.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 53248 c:\windows\ServicePackFiles\i386\reg.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 67072 c:\windows\ServicePackFiles\i386\rdshost.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 13824 c:\windows\ServicePackFiles\i386\rdsaddin.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 62976 c:\windows\ServicePackFiles\i386\rdpclip.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 22016 c:\windows\ServicePackFiles\i386\rcp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 35840 c:\windows\ServicePackFiles\i386\rcimlby.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 56832 c:\windows\ServicePackFiles\i386\rasphone.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 20992 c:\windows\ServicePackFiles\i386\qprocess.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 50688 c:\windows\ServicePackFiles\i386\proquota.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 49152 c:\windows\ServicePackFiles\i386\powercfg.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 18944 c:\windows\ServicePackFiles\i386\ping.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 15872 c:\windows\ServicePackFiles\i386\perfmon.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 59392 c:\windows\ServicePackFiles\i386\packager.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 70144 c:\windows\ServicePackFiles\i386\opnfiles.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 51712 c:\windows\ServicePackFiles\i386\oobebaln.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 60928 c:\windows\ServicePackFiles\i386\oemig50.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 69632 c:\windows\ServicePackFiles\i386\odbcconf.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 32768 c:\windows\ServicePackFiles\i386\odbcad32.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 79872 c:\windows\ServicePackFiles\i386\nslookup.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 15360 c:\windows\ServicePackFiles\i386\nppagent.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 70144 c:\windows\ServicePackFiles\i386\notepad.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 38400 c:\windows\ServicePackFiles\i386\netstat.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 87040 c:\windows\ServicePackFiles\i386\netsh.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 42496 c:\windows\ServicePackFiles\i386\net.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 55296 c:\windows\ServicePackFiles\i386\narrator.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 12288 c:\windows\ServicePackFiles\i386\mstinit.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 29184 c:\windows\ServicePackFiles\i386\msoobe.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 40960 c:\windows\ServicePackFiles\i386\msiregmv.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 60928 c:\windows\ServicePackFiles\i386\msimn.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 78848 c:\windows\ServicePackFiles\i386\msiexec.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 29184 c:\windows\ServicePackFiles\i386\mshta.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 19968 c:\windows\ServicePackFiles\i386\mqbkup.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 17408 c:\windows\ServicePackFiles\i386\mofcomp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 32768 c:\windows\ServicePackFiles\i386\mnmsrvc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 33792 c:\windows\ServicePackFiles\i386\mmcperf.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 57344 c:\windows\ServicePackFiles\i386\makecab.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 73216 c:\windows\ServicePackFiles\i386\magnify.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 13312 c:\windows\ServicePackFiles\i386\lsass.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 60928 c:\windows\ServicePackFiles\i386\logman.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 75264 c:\windows\ServicePackFiles\i386\locator.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 44032 c:\windows\ServicePackFiles\i386\lang\tintlphr.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 70144 c:\windows\ServicePackFiles\i386\lang\pintlphr.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 59392 c:\windows\ServicePackFiles\i386\lang\imscinst.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 57344 c:\windows\ServicePackFiles\i386\lang\cplexe.exe
+ 2007-06-27 16:24 . 2009-11-20 15:09 40960 c:\windows\ServicePackFiles\i386\jsc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 24064 c:\windows\ServicePackFiles\i386\ipxroute.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 53248 c:\windows\ServicePackFiles\i386\ipv6.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 56832 c:\windows\ServicePackFiles\i386\ipconfig.exe
+ 2007-06-27 16:24 . 2009-11-20 15:09 24576 c:\windows\ServicePackFiles\i386\installutil.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 20480 c:\windows\ServicePackFiles\i386\inetwiz.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 15872 c:\windows\ServicePackFiles\i386\inetin51.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 31232 c:\windows\ServicePackFiles\i386\iisrstas.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 93184 c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 18432 c:\windows\ServicePackFiles\i386\iedw.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 34304 c:\windows\ServicePackFiles\i386\ie4uinit.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 24576 c:\windows\ServicePackFiles\i386\icwrmind.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 86016 c:\windows\ServicePackFiles\i386\icwconn2.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 18432 c:\windows\ServicePackFiles\i386\hscupd.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 10752 c:\windows\ServicePackFiles\i386\hh.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 15872 c:\windows\ServicePackFiles\i386\help.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 39424 c:\windows\ServicePackFiles\i386\grpconv.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 61440 c:\windows\ServicePackFiles\i386\getmac.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 44544 c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 28672 c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 20480 c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 24576 c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 14848 c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 21504 c:\windows\ServicePackFiles\i386\fontview.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 23040 c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 28160 c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 20992 c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 24064 c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 86016 c:\windows\ServicePackFiles\i386\evtrig.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 93184 c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 26112 c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 52736 c:\windows\ServicePackFiles\i386\evcreate.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 17920 c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 10752 c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 65024 c:\windows\ServicePackFiles\i386\drvqry.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 83456 c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 18432 c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 29696 c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 15872 c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 87040 c:\windows\ServicePackFiles\i386\diantz.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 82944 c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 25088 c:\windows\ServicePackFiles\i386\defrag.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 30720 c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 42496 c:\windows\ServicePackFiles\i386\davcdata.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 15360 c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-13 19:40 . 2009-11-20 15:09 49152 c:\windows\ServicePackFiles\i386\csc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 27648 c:\windows\ServicePackFiles\i386\conime.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 64512 c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 39424 c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 25600 c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 33280 c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 20480 c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 56832 c:\windows\ServicePackFiles\i386\cipher.exe
+ 2007-06-27 16:23 . 2009-11-20 15:09 94208 c:\windows\ServicePackFiles\i386\caspol.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 20992 c:\windows\ServicePackFiles\i386\cacls.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 71680 c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 11264 c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 16384 c:\windows\ServicePackFiles\i386\author.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 14336 c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 12288 c:\windows\ServicePackFiles\i386\attrib.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 11264 c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 25600 c:\windows\ServicePackFiles\i386\at.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 32768 c:\windows\ServicePackFiles\i386\asr_pfu.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 30208 c:\windows\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-13 19:40 . 2009-11-20 15:09 32768 c:\windows\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-13 19:40 . 2009-11-20 15:09 32768 c:\windows\ServicePackFiles\i386\aspnet_state.exe
+ 2008-04-13 19:40 . 2009-11-20 15:09 24576 c:\windows\ServicePackFiles\i386\aspnet_regiis.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 44544 c:\windows\ServicePackFiles\i386\alg.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 98304 c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 16384 c:\windows\ServicePackFiles\i386\admin.exe
+ 2008-07-25 09:17 . 2009-11-20 15:09 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 09:17 . 2009-11-20 15:09 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 09:16 . 2009-11-20 15:09 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 09:16 . 2009-11-20 15:09 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 09:17 . 2009-11-20 15:09 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 09:16 . 2009-11-20 15:09 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 09:16 . 2009-11-20 15:09 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2009-10-21 15:32 . 2009-11-20 15:09 49152 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
+ 2009-11-20 19:45 . 2009-11-20 19:45 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
+ 2009-11-20 19:45 . 2009-11-20 19:45 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2009-11-20 19:45 . 2009-11-20 19:45 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 58368 c:\windows\ehome\medctrro.exe
+ 2009-10-17 13:42 . 2009-11-20 15:09 49152 c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2009-10-17 13:42 . 2009-11-20 15:09 86016 c:\windows\assembly\GAC_MSIL\LOG\2.0.3175.37076__90ba9c70f846762e\LOG.EXE
+ 2009-10-17 13:42 . 2009-11-20 15:09 49152 c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2009-10-17 13:42 . 2009-11-20 15:09 49152 c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2009-10-19 15:30 . 2009-11-20 15:09 30720 c:\windows\$NtServicePackUninstall$\xcopy.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 13824 c:\windows\$NtServicePackUninstall$\wscntfy.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 32768 c:\windows\$NtServicePackUninstall$\wpnpinst.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 32256 c:\windows\$NtServicePackUninstall$\wpabaln.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 73728 c:\windows\$NtServicePackUninstall$\wmplayer.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 66048 c:\windows\$NtServicePackUninstall$\wextract.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 30208 c:\windows\$NtServicePackUninstall$\wabmig.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 46080 c:\windows\$NtServicePackUninstall$\wab.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 50176 c:\windows\$NtServicePackUninstall$\utilman.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 25088 c:\windows\$NtServicePackUninstall$\userinit.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 18432 c:\windows\$NtServicePackUninstall$\ups.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 16896 c:\windows\$NtServicePackUninstall$\upnpcont.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 12800 c:\windows\$NtServicePackUninstall$\tracert.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 75264 c:\windows\$NtServicePackUninstall$\tlntsvr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 80384 c:\windows\$NtServicePackUninstall$\tlntsess.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 63488 c:\windows\$NtServicePackUninstall$\tlntadmn.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 77312 c:\windows\$NtServicePackUninstall$\telnet.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 32768 c:\windows\$NtServicePackUninstall$\tcptest.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 73728 c:\windows\$NtServicePackUninstall$\tasklist.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 74752 c:\windows\$NtServicePackUninstall$\taskkill.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 70144 c:\windows\$NtServicePackUninstall$\systeminfo.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 70144 c:\windows\$NtServicePackUninstall$\sysinfo.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 14336 c:\windows\$NtServicePackUninstall$\svchost.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 14848 c:\windows\$NtServicePackUninstall$\stimon.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 14848 c:\windows\$NtServicePackUninstall$\ssstars.scr
+ 2009-10-19 15:30 . 2009-11-20 15:09 18944 c:\windows\$NtServicePackUninstall$\ssmyst.scr
+ 2009-10-19 15:30 . 2009-11-20 15:09 47104 c:\windows\$NtServicePackUninstall$\ssmypics.scr
+ 2009-10-19 15:30 . 2009-11-20 15:09 20992 c:\windows\$NtServicePackUninstall$\ssmarque.scr
+ 2009-10-19 15:30 . 2009-11-20 15:09 19968 c:\windows\$NtServicePackUninstall$\ssbezier.scr
+ 2009-10-19 15:30 . 2009-11-20 15:08 57856 c:\windows\$NtServicePackUninstall$\spoolsv.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 11776 c:\windows\$NtServicePackUninstall$\spnpinst.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 12800 c:\windows\$NtServicePackUninstall$\spiisupd.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 23552 c:\windows\$NtServicePackUninstall$\sort.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 32256 c:\windows\$NtServicePackUninstall$\snmp.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 50688 c:\windows\$NtServicePackUninstall$\smss.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 91136 c:\windows\$NtServicePackUninstall$\smlogsvc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 26112 c:\windows\$NtServicePackUninstall$\skeys.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 70656 c:\windows\$NtServicePackUninstall$\sigverif.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 20480 c:\windows\$NtServicePackUninstall$\shutdown.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 16384 c:\windows\$NtServicePackUninstall$\shtml.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 78336 c:\windows\$NtServicePackUninstall$\shrpubw.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 42496 c:\windows\$NtServicePackUninstall$\shmgrate.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 73728 c:\windows\$NtServicePackUninstall$\setup50.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 23040 c:\windows\$NtServicePackUninstall$\setup.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 32768 c:\windows\$NtServicePackUninstall$\sethc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 18944 c:\windows\$NtServicePackUninstall$\secedit.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 77824 c:\windows\$NtServicePackUninstall$\sdbinst.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 36864 c:\windows\$NtServicePackUninstall$\scrcons.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 98304 c:\windows\$NtServicePackUninstall$\scardsvr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 13824 c:\windows\$NtServicePackUninstall$\savedump.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 14336 c:\windows\$NtServicePackUninstall$\runonce.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 33280 c:\windows\$NtServicePackUninstall$\rundll32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 77824 c:\windows\$NtServicePackUninstall$\rtcshare.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 15360 c:\windows\$NtServicePackUninstall$\rsh.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 14336 c:\windows\$NtServicePackUninstall$\rexec.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 12288 c:\windows\$NtServicePackUninstall$\regsvr32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 53248 c:\windows\$NtServicePackUninstall$\reg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 67072 c:\windows\$NtServicePackUninstall$\rdshost.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 13824 c:\windows\$NtServicePackUninstall$\rdsaddin.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 62464 c:\windows\$NtServicePackUninstall$\rdpclip.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 22016 c:\windows\$NtServicePackUninstall$\rcp.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 35840 c:\windows\$NtServicePackUninstall$\rcimlby.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 56832 c:\windows\$NtServicePackUninstall$\rasphone.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 20992 c:\windows\$NtServicePackUninstall$\qprocess.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 50688 c:\windows\$NtServicePackUninstall$\proquota.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 49152 c:\windows\$NtServicePackUninstall$\powercfg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 70144 c:\windows\$NtServicePackUninstall$\pintlphr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 18944 c:\windows\$NtServicePackUninstall$\ping.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 15872 c:\windows\$NtServicePackUninstall$\perfmon.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 59392 c:\windows\$NtServicePackUninstall$\packager.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 70144 c:\windows\$NtServicePackUninstall$\opnfiles.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 70144 c:\windows\$NtServicePackUninstall$\openfiles.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 51712 c:\windows\$NtServicePackUninstall$\oobebaln.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 60928 c:\windows\$NtServicePackUninstall$\oemig50.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 69632 c:\windows\$NtServicePackUninstall$\odbcconf.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 32768 c:\windows\$NtServicePackUninstall$\odbcad32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 79872 c:\windows\$NtServicePackUninstall$\nslookup.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 15360 c:\windows\$NtServicePackUninstall$\nppagent.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 70144 c:\windows\$NtServicePackUninstall$\notepad.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 38400 c:\windows\$NtServicePackUninstall$\netstat.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 87040 c:\windows\$NtServicePackUninstall$\netsh.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 42496 c:\windows\$NtServicePackUninstall$\net.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 55296 c:\windows\$NtServicePackUninstall$\narrator.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 12288 c:\windows\$NtServicePackUninstall$\mstinit.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 28160 c:\windows\$NtServicePackUninstall$\msoobe.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 40960 c:\windows\$NtServicePackUninstall$\msiregmv.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 60928 c:\windows\$NtServicePackUninstall$\msimn.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 78848 c:\windows\$NtServicePackUninstall$\msiexec.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 29184 c:\windows\$NtServicePackUninstall$\mshta.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 19968 c:\windows\$NtServicePackUninstall$\mqbkup.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 17408 c:\windows\$NtServicePackUninstall$\mofcomp.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 32768 c:\windows\$NtServicePackUninstall$\mnmsrvc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 85504 c:\windows\$NtServicePackUninstall$\makecab.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 73216 c:\windows\$NtServicePackUninstall$\magnify.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 13312 c:\windows\$NtServicePackUninstall$\lsass.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 60928 c:\windows\$NtServicePackUninstall$\logman.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 75264 c:\windows\$NtServicePackUninstall$\locator.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 24064 c:\windows\$NtServicePackUninstall$\ipxroute.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 53760 c:\windows\$NtServicePackUninstall$\ipv6.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 57344 c:\windows\$NtServicePackUninstall$\ipconfig.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 20480 c:\windows\$NtServicePackUninstall$\inetwiz.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 15872 c:\windows\$NtServicePackUninstall$\inetin51.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 31232 c:\windows\$NtServicePackUninstall$\iisrstas.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 93184 c:\windows\$NtServicePackUninstall$\iexplore.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 18432 c:\windows\$NtServicePackUninstall$\iedw.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 34304 c:\windows\$NtServicePackUninstall$\ie4uinit.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 24576 c:\windows\$NtServicePackUninstall$\icwrmind.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 86016 c:\windows\$NtServicePackUninstall$\icwconn2.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 18944 c:\windows\$NtServicePackUninstall$\hscupd.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 10752 c:\windows\$NtServicePackUninstall$\hh.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 14848 c:\windows\$NtServicePackUninstall$\help.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 39424 c:\windows\$NtServicePackUninstall$\grpconv.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 56832 c:\windows\$NtServicePackUninstall$\getmac.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 44544 c:\windows\$NtServicePackUninstall$\ftp.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 20480 c:\windows\$NtServicePackUninstall$\fpremadm.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 24576 c:\windows\$NtServicePackUninstall$\fpadmcgi.exe
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 21 Lis 2009, 23:53

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

+ 2009-10-19 15:30 . 2009-11-20 15:08 21504 c:\windows\$NtServicePackUninstall$\fontview.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 22528 c:\windows\$NtServicePackUninstall$\fltmc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 28160 c:\windows\$NtServicePackUninstall$\findstr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 45568 c:\windows\$NtServicePackUninstall$\extrac32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 80896 c:\windows\$NtServicePackUninstall$\evtrig.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 93184 c:\windows\$NtServicePackUninstall$\evntwin.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 26112 c:\windows\$NtServicePackUninstall$\evntcmd.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 80896 c:\windows\$NtServicePackUninstall$\eventtriggers.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 52224 c:\windows\$NtServicePackUninstall$\eventcreate.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 52224 c:\windows\$NtServicePackUninstall$\evcreate.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 17920 c:\windows\$NtServicePackUninstall$\dvdupgrd.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 10752 c:\windows\$NtServicePackUninstall$\dumprep.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 60416 c:\windows\$NtServicePackUninstall$\drvqry.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 60416 c:\windows\$NtServicePackUninstall$\driverquery.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 83456 c:\windows\$NtServicePackUninstall$\dpvsetup.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 18432 c:\windows\$NtServicePackUninstall$\dpnsvr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 30208 c:\windows\$NtServicePackUninstall$\dplaysvr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 15872 c:\windows\$NtServicePackUninstall$\dmremote.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 85504 c:\windows\$NtServicePackUninstall$\diantz.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 82432 c:\windows\$NtServicePackUninstall$\dfrgfat.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 25088 c:\windows\$NtServicePackUninstall$\defrag.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 30720 c:\windows\$NtServicePackUninstall$\ddeshare.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 42496 c:\windows\$NtServicePackUninstall$\davcdata.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 15360 c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 98304 c:\windows\$NtServicePackUninstall$\cscript.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 27648 c:\windows\$NtServicePackUninstall$\conime.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 64512 c:\windows\$NtServicePackUninstall$\cmstp.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 39424 c:\windows\$NtServicePackUninstall$\cmmon32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 47104 c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 33280 c:\windows\$NtServicePackUninstall$\clipsrv.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 20480 c:\windows\$NtServicePackUninstall$\cliconfg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 56320 c:\windows\$NtServicePackUninstall$\cipher.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 19456 c:\windows\$NtServicePackUninstall$\cacls.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 71680 c:\windows\$NtServicePackUninstall$\blastcln.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 11264 c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 16384 c:\windows\$NtServicePackUninstall$\author.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 14336 c:\windows\$NtServicePackUninstall$\auditusr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 11264 c:\windows\$NtServicePackUninstall$\attrib.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 11264 c:\windows\$NtServicePackUninstall$\atmadm.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 25600 c:\windows\$NtServicePackUninstall$\at.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 32768 c:\windows\$NtServicePackUninstall$\asr_pfu.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 30208 c:\windows\$NtServicePackUninstall$\asr_fmt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 44544 c:\windows\$NtServicePackUninstall$\alg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 98304 c:\windows\$NtServicePackUninstall$\ahui.exe
+ 2009-10-17 13:37 . 2009-11-20 15:08 77312 c:\windows\$MSI31Uninstall_KB893803v2$\msiexec.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 5632 c:\windows\ServicePackFiles\i386\winver.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 7680 c:\windows\ServicePackFiles\i386\spdwnwxp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 8704 c:\windows\ServicePackFiles\i386\snmptrap.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 8192 c:\windows\ServicePackFiles\i386\smbinst.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 9216 c:\windows\ServicePackFiles\i386\scrnsave.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 9728 c:\windows\ServicePackFiles\i386\proxycfg.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 4096 c:\windows\ServicePackFiles\i386\nddeapir.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 6144 c:\windows\ServicePackFiles\i386\msdtc.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 4608 c:\windows\ServicePackFiles\i386\mqsvc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 7680 c:\windows\ServicePackFiles\i386\migregdb.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 7680 c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 5120 c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 6144 c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 6144 c:\windows\ServicePackFiles\i386\csrss.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 9728 c:\windows\ServicePackFiles\i386\comsdupd.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 6144 c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 9728 c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 5632 c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 4096 c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2009-10-21 15:32 . 2009-11-20 15:09 5120 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
+ 2009-10-31 19:51 . 2009-11-20 15:09 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 5632 c:\windows\$NtServicePackUninstall$\winver.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 8704 c:\windows\$NtServicePackUninstall$\snmptrap.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 8192 c:\windows\$NtServicePackUninstall$\smbinst.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 9216 c:\windows\$NtServicePackUninstall$\scrnsave.scr
+ 2009-10-19 15:30 . 2009-11-20 15:08 9728 c:\windows\$NtServicePackUninstall$\proxycfg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 4096 c:\windows\$NtServicePackUninstall$\nddeapir.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 6144 c:\windows\$NtServicePackUninstall$\msdtc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 4608 c:\windows\$NtServicePackUninstall$\mqsvc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 4608 c:\windows\$NtServicePackUninstall$\mplayer2.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 7680 c:\windows\$NtServicePackUninstall$\migregdb.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 7168 c:\windows\$NtServicePackUninstall$\forcedos.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 5120 c:\windows\$NtServicePackUninstall$\dllhost.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 5120 c:\windows\$NtServicePackUninstall$\dcomcnfg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 6144 c:\windows\$NtServicePackUninstall$\csrss.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 5120 c:\windows\$NtServicePackUninstall$\comrereg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 9728 c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 5632 c:\windows\$NtServicePackUninstall$\cisvc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 4096 c:\windows\$NtServicePackUninstall$\actmovie.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-11-11 19:00 . 2008-11-11 19:00 218376 c:\windows\system32\klogon.dll
+ 2009-11-19 21:11 . 2009-11-20 11:31 226832 c:\windows\system32\drivers\klif.sys
+ 2008-07-21 16:34 . 2008-07-21 16:34 121872 c:\windows\system32\drivers\kl1.sys
+ 2009-10-19 15:31 . 2009-11-20 15:10 558080 c:\windows\ServicePackFiles\i386\xpnetdg.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 168960 c:\windows\ServicePackFiles\i386\wuauclt1.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 112128 c:\windows\ServicePackFiles\i386\wuauclt.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 155648 c:\windows\ServicePackFiles\i386\wscript.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 217088 c:\windows\ServicePackFiles\i386\wordpad.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 218112 c:\windows\ServicePackFiles\i386\wmiprvse.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 367104 c:\windows\ServicePackFiles\i386\wmic.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 126464 c:\windows\ServicePackFiles\i386\wmiapsrv.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 196608 c:\windows\ServicePackFiles\i386\wmiadap.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 285696 c:\windows\ServicePackFiles\i386\winhlp32.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 435712 c:\windows\ServicePackFiles\i386\wiaacmgr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 118272 c:\windows\ServicePackFiles\i386\wbemtest.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 291840 c:\windows\ServicePackFiles\i386\vssvc.exe
+ 2007-06-27 16:30 . 2009-11-20 15:10 716800 c:\windows\ServicePackFiles\i386\vbc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 151040 c:\windows\ServicePackFiles\i386\uploadm.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 260096 c:\windows\ServicePackFiles\i386\tracerpt.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 347136 c:\windows\ServicePackFiles\i386\tourstrt.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 139776 c:\windows\ServicePackFiles\i386\taskmgr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 107008 c:\windows\ServicePackFiles\i386\sysocmgr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 679936 c:\windows\ServicePackFiles\i386\sstext3d.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 610304 c:\windows\ServicePackFiles\i386\sspipes.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 393216 c:\windows\ServicePackFiles\i386\ssflwbox.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 708608 c:\windows\ServicePackFiles\i386\ss3dfo.scr
+ 2009-10-19 15:31 . 2009-11-20 15:10 538624 c:\windows\ServicePackFiles\i386\spider.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 132608 c:\windows\ServicePackFiles\i386\sndrec32.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 236544 c:\windows\ServicePackFiles\i386\smi2smir.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 142336 c:\windows\ServicePackFiles\i386\sessmgr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 109056 c:\windows\ServicePackFiles\i386\services.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 128000 c:\windows\ServicePackFiles\i386\sctasks.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 382976 c:\windows\ServicePackFiles\i386\rstrui.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 107520 c:\windows\ServicePackFiles\i386\rsnotify.exe
+ 2008-04-14 20:51 . 2009-11-20 15:10 149504 c:\windows\ServicePackFiles\i386\regedit.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 109568 c:\windows\ServicePackFiles\i386\progman.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 283136 c:\windows\ServicePackFiles\i386\pinball.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 231424 c:\windows\ServicePackFiles\i386\osloader.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 216064 c:\windows\ServicePackFiles\i386\osk.exe
+ 2008-04-13 22:02 . 2009-11-20 15:10 166912 c:\windows\ServicePackFiles\i386\oschoice.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 421376 c:\windows\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-13 19:41 . 2009-11-20 15:09 147456 c:\windows\ServicePackFiles\i386\ngen.exe
+ 2008-04-14 20:56 . 2009-11-20 15:09 332288 c:\windows\ServicePackFiles\i386\netsetup.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 114688 c:\windows\ServicePackFiles\i386\netdde.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 124928 c:\windows\ServicePackFiles\i386\net1.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 176640 c:\windows\ServicePackFiles\i386\napstat.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 119808 c:\windows\ServicePackFiles\i386\mtstocom.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 345088 c:\windows\ServicePackFiles\i386\mspaint.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 171520 c:\windows\ServicePackFiles\i386\msconfig.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 117248 c:\windows\ServicePackFiles\i386\mqtgsvc.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 124928 c:\windows\ServicePackFiles\i386\mplay32.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 143872 c:\windows\ServicePackFiles\i386\mobsync.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 241152 c:\windows\ServicePackFiles\i386\migwiza.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 247808 c:\windows\ServicePackFiles\i386\migwiz.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 104448 c:\windows\ServicePackFiles\i386\migload.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 515072 c:\windows\ServicePackFiles\i386\logonui.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 220672 c:\windows\ServicePackFiles\i386\logon.scr
+ 2009-10-19 15:31 . 2009-11-20 15:09 677888 c:\windows\ServicePackFiles\i386\lhmstsc.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 455168 c:\windows\ServicePackFiles\i386\lang\tintsetp.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 262144 c:\windows\ServicePackFiles\i386\lang\imjputy.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 233472 c:\windows\ServicePackFiles\i386\lang\imjprw.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 208896 c:\windows\ServicePackFiles\i386\lang\imjpmig.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 196608 c:\windows\ServicePackFiles\i386\lang\imjpinst.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 155648 c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 307200 c:\windows\ServicePackFiles\i386\lang\imjpdct.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 480256 c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 152064 c:\windows\ServicePackFiles\i386\irftp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 150528 c:\windows\ServicePackFiles\i386\imapi.exe
+ 2008-04-13 19:40 . 2009-11-20 15:09 184320 c:\windows\ServicePackFiles\i386\ilasm.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 114688 c:\windows\ServicePackFiles\i386\iexpress.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 216576 c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 744448 c:\windows\ServicePackFiles\i386\helpsvc.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 769024 c:\windows\ServicePackFiles\i386\helpctr.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 123904 c:\windows\ServicePackFiles\i386\gprslt.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 233472 c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 142848 c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 193024 c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 188416 c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 109568 c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 194048 c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 180224 c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 225280 c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 164864 c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 105472 c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 139264 c:\windows\ServicePackFiles\i386\cscript.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 396288 c:\windows\ServicePackFiles\i386\cmd.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 103424 c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 188416 c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2009-10-19 15:32 . 2009-11-20 15:09 154624 c:\windows\ServicePackFiles\i386\bootcfg.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 602112 c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 624128 c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 610304 c:\windows\ServicePackFiles\i386\autochk.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 256512 c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 188416 c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2009-10-19 15:32 . 2009-11-19 21:22 558080 c:\windows\network diagnostic\xpnetdiag.exe
+ 2008-07-25 09:17 . 2009-11-20 15:09 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 09:16 . 2009-11-20 15:09 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2009-11-19 18:21 . 2009-11-19 18:21 236032 c:\windows\Installer\2aff6a.msi
+ 2009-11-20 19:45 . 2009-11-20 19:45 481280 c:\windows\Installer\103761.msi
+ 2009-10-17 13:27 . 2009-11-20 15:09 166400 c:\windows\Installer\{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
+ 2009-10-19 16:31 . 2009-11-20 15:09 103936 c:\windows\$NtUninstallWMFDist11$\logagent.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 168960 c:\windows\$NtServicePackUninstall$\wuauclt1.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 112128 c:\windows\$NtServicePackUninstall$\wuauclt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 114688 c:\windows\$NtServicePackUninstall$\wscript.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 217088 c:\windows\$NtServicePackUninstall$\wordpad.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 218112 c:\windows\$NtServicePackUninstall$\wmiprvse.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 367104 c:\windows\$NtServicePackUninstall$\wmic.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 126464 c:\windows\$NtServicePackUninstall$\wmiapsrv.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 196608 c:\windows\$NtServicePackUninstall$\wmiadap.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 285696 c:\windows\$NtServicePackUninstall$\winhlp32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 435712 c:\windows\$NtServicePackUninstall$\wiaacmgr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 118272 c:\windows\$NtServicePackUninstall$\wbemtest.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 291840 c:\windows\$NtServicePackUninstall$\vssvc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 151040 c:\windows\$NtServicePackUninstall$\uploadm.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 208896 c:\windows\$NtServicePackUninstall$\unregmp2.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 260096 c:\windows\$NtServicePackUninstall$\tracerpt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 347136 c:\windows\$NtServicePackUninstall$\tourstrt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 347136 c:\windows\$NtServicePackUninstall$\tourstart.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 139776 c:\windows\$NtServicePackUninstall$\taskmgr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 107008 c:\windows\$NtServicePackUninstall$\sysocmgr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:09 679936 c:\windows\$NtServicePackUninstall$\sstext3d.scr
+ 2009-10-19 15:30 . 2009-11-20 15:09 610304 c:\windows\$NtServicePackUninstall$\sspipes.scr
+ 2009-10-19 15:30 . 2009-11-20 15:09 393216 c:\windows\$NtServicePackUninstall$\ssflwbox.scr
+ 2009-10-19 15:30 . 2009-11-20 15:08 708608 c:\windows\$NtServicePackUninstall$\ss3dfo.scr
+ 2009-10-19 15:30 . 2009-11-20 15:08 539136 c:\windows\$NtServicePackUninstall$\spider.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 132608 c:\windows\$NtServicePackUninstall$\sndrec32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 236544 c:\windows\$NtServicePackUninstall$\smi2smir.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 774144 c:\windows\$NtServicePackUninstall$\setup_wm.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 141824 c:\windows\$NtServicePackUninstall$\sessmgr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 108544 c:\windows\$NtServicePackUninstall$\services.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 128000 c:\windows\$NtServicePackUninstall$\sctasks.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 128000 c:\windows\$NtServicePackUninstall$\schtasks.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 382976 c:\windows\$NtServicePackUninstall$\rstrui.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 107520 c:\windows\$NtServicePackUninstall$\rsnotify.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 149504 c:\windows\$NtServicePackUninstall$\regedit.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 109568 c:\windows\$NtServicePackUninstall$\progman.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 283136 c:\windows\$NtServicePackUninstall$\pinball.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 216064 c:\windows\$NtServicePackUninstall$\osk.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 420352 c:\windows\$NtServicePackUninstall$\ntvdm.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 332288 c:\windows\$NtServicePackUninstall$\netsetup.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 114688 c:\windows\$NtServicePackUninstall$\netdde.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 124928 c:\windows\$NtServicePackUninstall$\net1.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 111104 c:\windows\$NtServicePackUninstall$\mtstocom.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 408576 c:\windows\$NtServicePackUninstall$\mstsc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 345088 c:\windows\$NtServicePackUninstall$\mspaint.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 159744 c:\windows\$NtServicePackUninstall$\msconfig.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 117248 c:\windows\$NtServicePackUninstall$\mqtgsvc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 124928 c:\windows\$NtServicePackUninstall$\mplay32.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 143872 c:\windows\$NtServicePackUninstall$\mobsync.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 815616 c:\windows\$NtServicePackUninstall$\mmc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 242688 c:\windows\$NtServicePackUninstall$\migwiz.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 786432 c:\windows\$NtServicePackUninstall$\migrate.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 103936 c:\windows\$NtServicePackUninstall$\migload.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 515072 c:\windows\$NtServicePackUninstall$\logonui.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 220672 c:\windows\$NtServicePackUninstall$\logon.scr
+ 2009-10-19 15:30 . 2009-11-20 15:08 103936 c:\windows\$NtServicePackUninstall$\logagent.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 150016 c:\windows\$NtServicePackUninstall$\imapi.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 114688 c:\windows\$NtServicePackUninstall$\iexpress.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 216576 c:\windows\$NtServicePackUninstall$\icwconn1.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 743936 c:\windows\$NtServicePackUninstall$\helpsvc.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 768512 c:\windows\$NtServicePackUninstall$\helpctr.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 122880 c:\windows\$NtServicePackUninstall$\gprslt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 122880 c:\windows\$NtServicePackUninstall$\gpresult.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 233472 c:\windows\$NtServicePackUninstall$\fxscover.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 143360 c:\windows\$NtServicePackUninstall$\fxsclnt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 193024 c:\windows\$NtServicePackUninstall$\fsquirt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 188416 c:\windows\$NtServicePackUninstall$\fpcount.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 194048 c:\windows\$NtServicePackUninstall$\eudcedit.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 180224 c:\windows\$NtServicePackUninstall$\dwwin.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 225280 c:\windows\$NtServicePackUninstall$\dmadmin.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 164864 c:\windows\$NtServicePackUninstall$\diskpart.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 104960 c:\windows\$NtServicePackUninstall$\dfrgntfs.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 395776 c:\windows\$NtServicePackUninstall$\cmd.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 103424 c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 188416 c:\windows\$NtServicePackUninstall$\cfgwiz.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 148480 c:\windows\$NtServicePackUninstall$\bootcfg.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 602112 c:\windows\$NtServicePackUninstall$\autofmt.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 624128 c:\windows\$NtServicePackUninstall$\autoconv.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 610304 c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 187904 c:\windows\$NtServicePackUninstall$\accwiz.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2008-04-14 20:51 . 2009-11-20 15:10 1695232 c:\windows\ServicePackFiles\ServicePackCache\i386\msmsgs.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 2025472 c:\windows\ServicePackFiles\i386\ntkrpamp.exe
+ 2009-10-19 15:31 . 2009-11-20 15:10 2146816 c:\windows\ServicePackFiles\i386\ntkrnlmp.exe
+ 2009-10-19 15:32 . 2009-11-20 15:10 1222144 c:\windows\ServicePackFiles\i386\ntbackup.exe
+ 2008-04-14 20:51 . 2009-11-20 15:09 1695232 c:\windows\ServicePackFiles\i386\msmsgs.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 3558912 c:\windows\ServicePackFiles\i386\moviemk.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 1035264 c:\windows\ServicePackFiles\i386\explorer.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 1298432 c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2009-10-19 15:31 . 2009-11-20 15:09 1036288 c:\windows\ServicePackFiles\i386\conf.exe
+ 2009-11-19 21:11 . 2009-11-19 21:11 2693120 c:\windows\Installer\e2edf.msi
+ 2009-10-19 15:30 . 2009-11-20 15:08 2149888 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 2016768 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 1221632 c:\windows\$NtServicePackUninstall$\ntbackup.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 1667584 c:\windows\$NtServicePackUninstall$\msmsgs.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 3555328 c:\windows\$NtServicePackUninstall$\moviemk.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 1033728 c:\windows\$NtServicePackUninstall$\explorer.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 1298432 c:\windows\$NtServicePackUninstall$\dxdiag.exe
+ 2009-10-19 15:30 . 2009-11-20 15:08 1036288 c:\windows\$NtServicePackUninstall$\conf.exe
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-10-19 306088]
"ares"="d:\program files\Ares\Ares.exe" [2009-11-19 882176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-19 61440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-11-20 208616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\mariusz\Menu Start\Programy\Autostart\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2008-10-14 1952256]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
"d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows
"3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-11-20 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 SbPF.Launcher;SbPF.Launcher;d:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;d:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-11-20 65576]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-21 721904]
S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);c:\windows\system32\drivers\ctlsb16.sys [2009-10-22 96256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\documents and settings\mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\65s9rahg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - component: c:\documents and settings\mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\65s9rahg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 22:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-1715567821-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,21,36,f7,2f,57,96,77,33,61,ad,ea,1e,db,2a,f2,df,91,33,30,61,
de,2b,3e,5d,dc,76,f6,07,c5,b9,8c,f1,ca,bf,2f,12,9b,c1,f0,64,26,bf,15,22,15,\
"rkeysecu"=hex:5d,7c,7f,06,b2,19,11,4f,13,7d,87,43,75,df,0e,ea
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-11-21 22:49
ComboFix-quarantined-files.txt 2009-11-21 21:49
ComboFix2.txt 2009-11-19 20:08
ComboFix3.txt 2009-11-19 17:38
ComboFix4.txt 2009-11-19 17:20

Przed: 1 015 218 176 bajtów wolnych
Po: 1 024 536 576 bajtów wolnych

- - End Of File - - AD36A4EB7034AB6D1E52A6A2832F95C4
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez mateo8898 » 22 Lis 2009, 00:21

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

Wklej do notatnika:
Kod: Zaznacz wszystko
File::
c:\windows\system32\SpOrder.dll

Plik -> zapisz jako -> CFScript.txt
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Image
Rozpocznie się usuwanie i powstanie log, który dajesz na forum.
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 22 Lis 2009, 10:26

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

ComboFix 09-11-21.01 - mariusz 2009-11-22 9:15.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3583.3036 [GMT 1:00]
Uruchomiony z: c:\documents and settings\mariusz\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\mariusz\Pulpit\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Utworzono nowy punkt przywracania

FILE ::
"c:\windows\system32\SpOrder.dll"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SpOrder.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2009-10-22 do 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-21 21:23 . 2009-11-21 21:31 -------- d-----w- c:\program files\trend micro
2009-11-21 21:23 . 2009-11-21 21:23 -------- d-----w- C:\rsit
2009-11-20 19:44 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-11-20 19:44 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-11-20 18:20 . 2009-11-20 18:20 -------- d-s---w- c:\documents and settings\wiola\UserData
2009-11-20 11:31 . 2009-11-20 11:31 109072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2009-11-20 11:31 . 2009-11-20 11:31 59920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2009-11-20 11:31 . 2009-11-20 11:31 33808 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-11-20 11:31 . 2009-11-20 11:31 208616 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-11-20 11:31 . 2009-11-20 11:31 226832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-11-19 21:11 . 2009-11-20 11:31 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-19 21:11 . 2009-11-20 11:31 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-19 21:11 . 2009-11-22 08:12 294944 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-19 21:11 . 2009-11-22 08:08 1236512 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-19 21:10 . 2009-11-19 21:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-11-19 20:55 . 2009-11-19 20:55 36352 ----a-w- c:\windows\system32\drivers\disk_2.sys
2009-11-19 18:38 . 2009-11-19 18:38 -------- d-----w- c:\documents and settings\LocalService\Pulpit
2009-11-19 18:35 . 2009-11-19 18:35 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-19 18:22 . 2009-11-20 19:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2009-11-17 19:15 . 2009-11-17 19:15 -------- d-----w- c:\program files\ZoneAlarmSB
2009-11-17 19:15 . 2009-11-19 16:06 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-17 19:15 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll
2009-11-16 14:53 . 2009-11-16 14:54 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Tibia
2009-11-16 13:55 . 2009-11-16 13:55 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
2009-11-16 13:54 . 2009-11-16 13:54 -------- d-----r- c:\documents and settings\NetworkService\Ulubione
2009-11-15 21:01 . 2009-11-15 21:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier
2009-11-15 21:00 . 2009-11-19 15:54 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-15 21:00 . 2009-11-19 16:06 -------- d-----w- c:\windows\Internet Logs
2009-11-07 18:20 . 2009-11-08 13:00 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\ipla
2009-11-07 18:20 . 2009-11-07 18:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-11-07 18:20 . 2009-11-07 18:20 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2009-11-07 18:20 . 2009-11-07 18:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-11-07 18:20 . 2009-11-07 18:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-11-03 19:52 . 2009-11-03 19:52 -------- d-----w- c:\documents and settings\mariusz\Ustawienia lokalne\Dane aplikacji\Ares
2009-10-31 19:53 . 2009-10-31 20:01 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Ventrilo
2009-10-30 07:35 . 2009-10-30 07:35 -------- d-----w- c:\documents and settings\wiola\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-10-27 18:17 . 2009-10-27 18:17 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\OpenFM
2009-10-27 15:08 . 2009-10-27 15:08 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\teamspeak2
2009-10-25 18:21 . 2009-10-25 18:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-25 18:21 . 2009-10-25 18:21 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\skypePM
2009-10-25 18:17 . 2009-11-21 21:34 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Skype
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-----w- c:\program files\Common Files\Skype
2009-10-25 18:16 . 2009-10-25 18:17 -------- d-----r- c:\program files\Skype
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 08:12 . 2009-11-19 21:11 4184 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-22 08:12 . 2009-10-17 16:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-11-22 08:08 . 2009-11-19 21:11 12836 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 21:37 . 2009-10-19 15:51 736384 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-11-20 15:10 . 2009-10-17 14:00 86016 ------r- c:\windows\SoundMan.exe
2009-11-20 15:10 . 2009-10-17 14:00 1826816 ------r- c:\windows\SkyTel.exe
2009-11-20 15:09 . 2009-10-17 14:00 1191936 ------r- c:\windows\RtlUpd.exe
2009-11-20 15:09 . 2009-10-17 14:00 9715200 ------r- c:\windows\RTLCPL.exe
2009-11-20 15:09 . 2009-10-17 14:00 2165760 ------r- c:\windows\MicCal.exe
2009-11-20 15:09 . 2009-10-17 14:00 2808832 ------r- c:\windows\alcwzrd.exe
2009-11-20 15:09 . 2009-10-17 14:00 315392 ----a-w- c:\windows\HideWin.exe
2009-11-20 15:08 . 2009-10-21 15:32 40448 ----a-w- c:\documents and settings\mariusz\trial_setup.exe
2009-11-20 15:08 . 2009-10-17 15:04 40960 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\NewShortcut1_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-11-20 15:08 . 2009-10-17 15:04 40960 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\HUD.exe_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-11-20 11:31 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-11-19 21:11 . 2009-10-17 16:45 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-17 18:44 . 2009-10-21 15:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 18:44 . 2009-10-19 17:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-16 13:52 . 2009-10-20 13:30 14272 ----a-w- c:\documents and settings\wiola\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-15 14:27 . 2009-10-17 13:44 14272 ----a-w- c:\documents and settings\mariusz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-01 12:36 . 2009-10-27 11:47 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Winamp
2009-10-31 17:43 . 2009-10-19 17:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-10-25 18:54 . 2009-10-19 19:24 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\Nowe Gadu-Gadu
2009-10-25 12:09 . 2001-10-26 17:15 83880 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 12:09 . 2001-10-26 17:15 490628 ----a-w- c:\windows\system32\perfh015.dat
2009-10-21 15:17 . 2009-10-21 15:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 13:30 . 2009-10-20 13:30 -------- d-----w- c:\documents and settings\wiola\Dane aplikacji\ATI
2009-10-19 16:55 . 2009-10-19 16:55 -------- d--h--r- c:\documents and settings\mariusz\Dane aplikacji\SecuROM
2009-10-19 16:41 . 2009-10-19 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-19 16:32 . 2009-10-19 16:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-19 15:56 . 2009-10-17 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 15:51 . 2009-10-19 15:51 -------- d-----w- c:\program files\MSBuild
2009-10-19 15:49 . 2009-10-19 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-19 15:32 . 2009-10-17 13:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-19 13:56 . 2009-10-19 13:56 0 ----a-w- c:\windows\nsreg.dat
2009-10-19 13:37 . 2009-10-17 13:46 15600 ----a-w- c:\windows\gdrv.sys
2009-10-18 19:45 . 2009-10-17 13:22 -------- d-----w- c:\program files\Usługi online
2009-10-18 14:08 . 2009-10-17 14:00 -------- d-----w- c:\program files\Realtek
2009-10-18 14:07 . 2009-10-18 14:07 -------- d-----w- c:\program files\Marvell
2009-10-17 16:37 . 2009-10-17 16:37 -------- d-----w- c:\program files\Yahoo!
2009-10-17 15:04 . 2009-10-17 15:04 8854 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\UNINST_Uninstall_Gam_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2009-10-17 15:04 . 2009-10-17 15:04 1150 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}\ARPPRODUCTICON.exe
2009-10-17 15:04 . 2009-10-17 15:04 -------- d-----w- c:\program files\GIGABYTE
2009-10-17 13:59 . 2009-10-17 13:59 -------- d-----w- c:\program files\DIFX
2009-10-17 13:44 . 2009-10-17 13:44 -------- d-----w- c:\documents and settings\mariusz\Dane aplikacji\ATI
2009-10-17 13:44 . 2009-10-17 13:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI
2009-10-17 13:43 . 2009-10-17 13:43 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-17 13:42 . 2009-10-17 13:36 -------- d-----w- c:\program files\ATI Technologies
2009-10-17 13:40 . 2009-10-17 13:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-17 13:39 . 2009-10-17 13:39 9158 ----a-r- c:\documents and settings\mariusz\Dane aplikacji\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-10-17 13:39 . 2009-10-17 13:39 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-10-17 13:23 . 2009-10-17 13:23 -------- d-----w- c:\program files\microsoft frontpage
2009-10-17 13:20 . 2009-10-17 13:20 21856 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-11-21_21.47.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-17 13:26 . 2009-11-22 07:44 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2009-10-17 13:26 . 2009-11-21 09:47 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-11-22 07:44 . 2009-11-22 07:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-11-20 11:31 . 2009-11-21 09:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-10-19 306088]
"ares"="d:\program files\Ares\Ares.exe" [2009-11-19 882176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-19 61440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-11-20 208616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\mariusz\Menu Start\Programy\Autostart\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2008-10-14 1952256]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
"d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows
"3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-11-20 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 SbPF.Launcher;SbPF.Launcher;d:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;d:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-11-20 65576]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-21 721904]
S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);c:\windows\system32\drivers\ctlsb16.sys [2009-10-22 96256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\documents and settings\mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\65s9rahg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - component: c:\documents and settings\mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\65s9rahg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 09:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-1715567821-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,21,36,f7,2f,57,96,77,33,61,ad,ea,1e,db,2a,f2,df,91,33,30,61,
de,2b,3e,5d,dc,76,f6,07,c5,b9,8c,f1,ca,bf,2f,12,9b,c1,f0,64,26,bf,15,22,15,\
"rkeysecu"=hex:5d,7c,7f,06,b2,19,11,4f,13,7d,87,43,75,df,0e,ea
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-11-22 09:24
ComboFix-quarantined-files.txt 2009-11-22 08:24
ComboFix2.txt 2009-11-21 21:49
ComboFix3.txt 2009-11-19 20:08
ComboFix4.txt 2009-11-19 17:38
ComboFix5.txt 2009-11-22 08:13

Przed: 1 011 580 928 bajtów wolnych
Po: 1 003 782 144 bajtów wolnych

- - End Of File - - F53784F60ADD0205EBCC1C2EAC577381
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez mateo8898 » 22 Lis 2009, 12:11

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

W tamtym temacie już nie muszę chyba odpowiadać

Ok, nic więcej nie widzę.

Pobierz OTC uruchom i kliknij CleanUp

Przeczyść dysk oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach -> Instrukcja

Wykonaj pełne skanowanie Dr.Web CureIt - jeśli coś znajdzie wylecz/usuń i daj raport (Plik -> Zapisz Listę Raportu)

Zamknij robaczywe porty za pomocą WWDC (pozmieniaj wszystkie znaczki na zielone, NetBIOS może zostać żółty)

Zainstaluj tą łatkę -> http://www.microsoft.com/technet/securi ... 8-067.mspx
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Prosze o sprawdzenie logow [combofix]

Postprzez lolux » 22 Lis 2009, 15:03

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)

LOG Z DR WEB


ComboFix.exe\32788R22FWJFW\FIND3M.bat;C:\Documents and Settings\mariusz\Pulpit\ComboFix.exe;Prawdopodobnie BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\mariusz\Pulpit\ComboFix.exe;Prawdopodobnie BATCH.Virus;;
ComboFix.exe;C:\Documents and Settings\mariusz\Pulpit;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
NPZONESB.DLL;C:\Program Files\ZoneAlarmSB\bar\1.bin;Adware.MyWebSearch.22;Niewyleczalny.Usunięty.;
A0000006.exe\32788R22FWJFW\FIND3M.bat;C:\System Volume Information\_restore{0BBA3808-9F5F-45C0-9744-930A7776AD89}\RP3\A0000006.exe;Prawdopodobnie BATCH.Virus;;
A0000006.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{0BBA3808-9F5F-45C0-9744-930A7776AD89}\RP3\A0000006.exe;Prawdopodobnie BATCH.Virus;;
A0000006.exe;C:\System Volume Information\_restore{0BBA3808-9F5F-45C0-9744-930A7776AD89}\RP3;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
NPZoneSB.dll;D:\Program Files\Mozilla Firefox\plugins;Adware.MyWebSearch.22;Niewyleczalny.Usunięty.;


z ta latka to nie wiem co zrobic bo tam wiele jest do sciagania i niewiem co

EDIT Object reference not set to an instance of an object. tak na strone tam jest
lolux
Forumowicz
Forumowicz
 
Posty: 51
Dołączenie: 19 Lis 2009, 21:54
Góra
Następna
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Zarejestrowani użytkownicy: Brak zarejestrowanych użytkowników

Switch to mobile style
Technologię dostarcza phpBB® Forum Software © phpBB Group
Profesjonalne polskie tłumaczenie phpBB3
Korzystanie z forum oznacza akceptację polityki prywatności