Mam problem z w/w trojanem, prosiłbym o możliwie szybką pomoc.
log z OTL: http://wklej.org/id/228370/
Aktualizacje na programosy.pl:
DVDFab Platinum • Freeplane • XYplorer • Process Lasso • Mozilla Firefox • AVS Image Converter • AVS Audio Converter • SpyShelter • Tribler
-
- Ogłoszenie:
Problem z win32:patched-hn
9 posty(ów) • Strona 1 z 1
Problem z win32:patched-hn
przez stajorek 08 Gru 2009, 16:08
Mam problem z w/w trojanem, prosiłbym o możliwie szybką pomoc.
log z OTL: http://wklej.org/id/228370/
Problem z win32:patched-hn
przez wojtas 08 Gru 2009, 18:42
infekcja z pendriva + vundo więc:
Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )
Autor postu otrzymał pochwałę
Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )
Autor postu otrzymał pochwałę
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
Problem z win32:patched-hn
przez stajorek 08 Gru 2009, 19:24
Proszę bardzo, log z ComboFixa: http://wklej.org/id/229093/
Problem z win32:patched-hn
przez stajorek 08 Gru 2009, 20:26
http://www.wklej.eu/index.php?id=1237d3d76e
teraz powinno działać
teraz powinno działać
Problem z win32:patched-hn
przez wojtas 08 Gru 2009, 20:31
Otworz notatnik i wklej w nim to:
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go.
File::
c:\windows\system32\UiN8nP4RY.dll
c:\windows\system32\oBwIdqGHbJcf.dll
c:\windows\system32\oSkutQFyRV.dll
c:\windows\system32\afYj9pfi.dll
c:\windows\system32\Yx1WOKe8.dll
c:\windows\system32\ZsG6gxMc.dll
c:\windows\system32\ZtCOHiy3xqWC.dll
c:\windows\system32\EqQOxDcXb.dll
c:\windows\system32\xE6QlD2P.dll
c:\windows\system32\OQIuZ9NUtm.dll
c:\windows\system32\q2l6fA9.dll
c:\windows\system32\F3CEpUF.dll
c:\windows\system32\qufqsp43HSA.dll
c:\windows\system32\ppAhJC4V2.dll
c:\windows\system32\M9PUWXI.dll
c:\windows\system32\OqOcEC49.dll
c:\windows\system32\v1jF6HbS1aS.dll
c:\windows\system32\tQU9R3Lp2.dll
c:\windows\system32\eLUYMgs1.dll
c:\windows\system32\diUaXM39.dll
c:\windows\system32\GK6rtaY4.dll
c:\windows\system32\spbbxUrU.dll
c:\windows\system32\cRt69JbQ2kZ.dll
c:\windows\system32\l315NURhAQRBR.dll
c:\windows\system32\UKRcgvf.dll
c:\windows\system32\nus7gKGc7D1.dll
c:\windows\system32\Oc6wVvw.dll
c:\windows\system32\j5nmeaQssN3c.dll
c:\windows\system32\JautKoKaiTbDW.dll
c:\windows\system32\v6aBqmPChVs2U.dll
c:\windows\system32\PMmObNN17.dll
c:\windows\system32\qHdETKyyoRC.dll
c:\windows\system32\qdxoZMNT.dll
c:\windows\system32\DIxAuixN94H.dll
c:\windows\system32\YvePVXwLceaDy.dll
c:\windows\system32\PW5sITI.dll
c:\windows\system32\Yr2wZB8ONa8u.dll
c:\windows\system32\Bdl8MQhQs.dll
c:\windows\system32\kPdNLQFYoO.dll
c:\windows\system32\KbiC3bjpKCKt1.dll
c:\windows\system32\FFV21OE3DkD32.dll
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go.
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
Problem z win32:patched-hn
przez stajorek 08 Gru 2009, 20:51
Log:
Ponadto wysyłało jakieś pliki na serwer do analizy, nie wiem czy jest to zawarte w logu także wspominam tylko.
- Kod: Zaznacz wszystko
ComboFix 09-12-07.09 - Admin 2009-12-08 19:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.585 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091208-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\afYj9pfi.dll"
"c:\windows\system32\Bdl8MQhQs.dll"
"c:\windows\system32\cRt69JbQ2kZ.dll"
"c:\windows\system32\diUaXM39.dll"
"c:\windows\system32\DIxAuixN94H.dll"
"c:\windows\system32\eLUYMgs1.dll"
"c:\windows\system32\EqQOxDcXb.dll"
"c:\windows\system32\F3CEpUF.dll"
"c:\windows\system32\FFV21OE3DkD32.dll"
"c:\windows\system32\GK6rtaY4.dll"
"c:\windows\system32\j5nmeaQssN3c.dll"
"c:\windows\system32\JautKoKaiTbDW.dll"
"c:\windows\system32\KbiC3bjpKCKt1.dll"
"c:\windows\system32\kPdNLQFYoO.dll"
"c:\windows\system32\l315NURhAQRBR.dll"
"c:\windows\system32\M9PUWXI.dll"
"c:\windows\system32\nus7gKGc7D1.dll"
"c:\windows\system32\oBwIdqGHbJcf.dll"
"c:\windows\system32\Oc6wVvw.dll"
"c:\windows\system32\OQIuZ9NUtm.dll"
"c:\windows\system32\OqOcEC49.dll"
"c:\windows\system32\oSkutQFyRV.dll"
"c:\windows\system32\PMmObNN17.dll"
"c:\windows\system32\ppAhJC4V2.dll"
"c:\windows\system32\PW5sITI.dll"
"c:\windows\system32\q2l6fA9.dll"
"c:\windows\system32\qdxoZMNT.dll"
"c:\windows\system32\qHdETKyyoRC.dll"
"c:\windows\system32\qufqsp43HSA.dll"
"c:\windows\system32\spbbxUrU.dll"
"c:\windows\system32\tQU9R3Lp2.dll"
"c:\windows\system32\UiN8nP4RY.dll"
"c:\windows\system32\UKRcgvf.dll"
"c:\windows\system32\v1jF6HbS1aS.dll"
"c:\windows\system32\v6aBqmPChVs2U.dll"
"c:\windows\system32\xE6QlD2P.dll"
"c:\windows\system32\Yr2wZB8ONa8u.dll"
"c:\windows\system32\YvePVXwLceaDy.dll"
"c:\windows\system32\Yx1WOKe8.dll"
"c:\windows\system32\ZsG6gxMc.dll"
"c:\windows\system32\ZtCOHiy3xqWC.dll"
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\afYj9pfi.dll
c:\windows\system32\Bdl8MQhQs.dll
c:\windows\system32\cRt69JbQ2kZ.dll
c:\windows\system32\diUaXM39.dll
c:\windows\system32\DIxAuixN94H.dll
c:\windows\system32\eLUYMgs1.dll
c:\windows\system32\EqQOxDcXb.dll
c:\windows\system32\F3CEpUF.dll
c:\windows\system32\FFV21OE3DkD32.dll
c:\windows\system32\GK6rtaY4.dll
c:\windows\system32\j5nmeaQssN3c.dll
c:\windows\system32\JautKoKaiTbDW.dll
c:\windows\system32\KbiC3bjpKCKt1.dll
c:\windows\system32\kPdNLQFYoO.dll
c:\windows\system32\l315NURhAQRBR.dll
c:\windows\system32\M9PUWXI.dll
c:\windows\system32\nus7gKGc7D1.dll
c:\windows\system32\oBwIdqGHbJcf.dll
c:\windows\system32\Oc6wVvw.dll
c:\windows\system32\OQIuZ9NUtm.dll
c:\windows\system32\OqOcEC49.dll
c:\windows\system32\oSkutQFyRV.dll
c:\windows\system32\PMmObNN17.dll
c:\windows\system32\ppAhJC4V2.dll
c:\windows\system32\PW5sITI.dll
c:\windows\system32\q2l6fA9.dll
c:\windows\system32\qdxoZMNT.dll
c:\windows\system32\qHdETKyyoRC.dll
c:\windows\system32\qufqsp43HSA.dll
c:\windows\system32\spbbxUrU.dll
c:\windows\system32\tQU9R3Lp2.dll
c:\windows\system32\UiN8nP4RY.dll
c:\windows\system32\UKRcgvf.dll
c:\windows\system32\v1jF6HbS1aS.dll
c:\windows\system32\v6aBqmPChVs2U.dll
c:\windows\system32\xE6QlD2P.dll
c:\windows\system32\Yr2wZB8ONa8u.dll
c:\windows\system32\YvePVXwLceaDy.dll
c:\windows\system32\Yx1WOKe8.dll
c:\windows\system32\ZsG6gxMc.dll
c:\windows\system32\ZtCOHiy3xqWC.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-08 do 2009-12-08 )))))))))))))))))))))))))))))))
.
2009-12-08 12:56 . 2009-12-08 12:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Panda Security
2009-12-08 12:56 . 2009-12-08 12:56 -------- d-----w- c:\program files\Panda USB Vaccine
2009-12-07 23:58 . 2009-12-08 00:05 -------- d-----w- c:\program files\SkanerOnline
2009-12-02 14:34 . 2009-12-08 17:01 -------- d-----w- c:\program files\Red Orchestra
2009-12-01 21:47 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-01 21:47 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-01 21:47 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-01 21:47 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-01 21:47 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-01 21:47 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-01 21:47 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-30 11:44 . 2009-12-08 17:57 -------- d-----w- c:\program files\Steam
2009-11-27 16:34 . 2009-11-28 06:52 -------- d-----w- c:\program files\18 Wheels of Steel - Extreme Trucker
2009-11-26 22:46 . 2009-11-26 22:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-18 23:48 . 2009-11-18 23:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2009-11-18 23:32 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-18 23:32 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-18 23:32 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 18:34 . 2008-02-03 22:53 17528 -c--a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-08 17:25 . 2008-02-12 20:21 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\teamspeak2
2009-12-08 17:00 . 2009-08-22 10:51 -------- d-----w- c:\program files\Kalendarz XP
2009-12-08 16:50 . 2008-05-16 21:03 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Skype
2009-12-08 15:01 . 2008-05-16 21:04 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\skypePM
2009-12-07 21:09 . 2008-12-10 20:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 16:56 . 2008-07-22 20:14 -------- d-----w- c:\program files\CeRegEditor
2009-12-05 15:53 . 2008-02-25 17:58 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\foobar2000
2009-12-02 15:08 . 2008-02-03 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 21:48 . 2009-08-06 07:43 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Ubisoft
2009-11-26 22:40 . 2008-02-03 22:49 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Azureus
2009-11-18 23:47 . 2008-05-15 15:03 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Sports Interactive
2009-11-18 20:00 . 2008-02-06 22:54 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\GanymedeNet
2009-11-17 21:00 . 2008-03-11 06:55 -------- d-----w- c:\program files\Ganymede
2009-11-16 17:49 . 2008-02-04 14:27 139456 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-16 17:48 . 2008-02-04 14:26 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-07 17:52 . 2009-11-07 17:51 4100096 ----a-w- c:\documents and settings\Admin\Dane aplikacji\PowerChallenge\PowerSoccer\PowerSoccer.exe
2009-11-04 19:57 . 2009-10-29 19:35 -------- d-----w- c:\program files\Euro Truck Simulator
2009-10-26 18:25 . 2008-02-04 14:27 138056 -c--a-w- c:\documents and settings\Admin\Dane aplikacji\PnkBstrK.sys
2009-10-26 18:25 . 2008-02-04 14:27 138056 -c--a-w- c:\documents and settings\Admin\Dane aplikacji\PnkBstrK.sys
2009-10-26 18:24 . 2009-10-26 18:24 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-10-25 07:44 . 2001-10-26 16:15 74450 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 07:44 . 2001-10-26 16:15 448348 ----a-w- c:\windows\system32\perfh015.dat
2009-10-24 13:43 . 2009-10-24 13:43 -------- d-----w- c:\program files\City Interactive
2009-10-21 18:11 . 2008-05-12 12:51 -------- d-----w- c:\program files\Gadu-Gadu
2009-10-17 15:14 . 2008-02-09 13:04 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\gtk-2.0
2009-10-04 15:51 . 2009-10-04 15:51 656088 ----a-w- c:\documents and settings\Admin\Dane aplikacji\PowerChallenge\loader8.dll
2009-09-21 16:30 . 2009-09-21 16:30 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-09-21 16:30 . 2009-09-21 16:30 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-09-14 15:58 . 2009-10-02 18:04 1291640 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\5btt651z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-09-14 15:58 . 2009-10-02 18:04 729088 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\5btt651z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-09-11 14:36 . 2004-08-03 23:44 133632 ----a-w- c:\windows\system32\msv1_0.dll
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2001-08-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
[-] 2008-04-14 . 2AECA45D4AEAACBDCB77AD11184E4601 . 24960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\kbdclass.sys
[-] 2008-04-14 . 2AECA45D4AEAACBDCB77AD11184E4601 . 24960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\kbdclass.sys
[-] 2004-08-03 . CC13DB862F929AE33F64C3BEDC01CD31 . 24960 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2001-08-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-14 . B98ED6D85339A66A73F32FB569EB6C01 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\browser.dll
[-] 2008-04-14 . B98ED6D85339A66A73F32FB569EB6C01 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\browser.dll
[-] 2004-08-03 . 210830D2497FEF78694076179AF8C795 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-03 . 210830D2497FEF78694076179AF8C795 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
[-] 2008-04-14 . 88296F7943F30A1EE3AF735440B92268 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\lsass.exe
[-] 2008-04-14 . 88296F7943F30A1EE3AF735440B92268 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\lsass.exe
[-] 2004-08-03 . F485FEFC8CC4FD29243D800BE5D275D1 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-03 . F485FEFC8CC4FD29243D800BE5D275D1 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 . 4FE97D0B1B182DF2A9BDD4C02155EF5E . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\netman.dll
[-] 2008-04-14 . 4FE97D0B1B182DF2A9BDD4C02155EF5E . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\netman.dll
[-] 2005-08-22 . D7714C689005359E16AAFBC15F31AA3F . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . D7714C689005359E16AAFBC15F31AA3F . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
[-] 2005-08-22 . 92296EBC8CE6714A3DC3D791E6246580 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-03 . 3E7B6583269BC118720D0020B03CC71E . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\qmgr.dll
[-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\qmgr.dll
[-] 2004-08-03 . A6BFD910074B02C8794FC65F39CC6B28 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-03 . A6BFD910074B02C8794FC65F39CC6B28 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
[-] 2009-02-09 . C9E5AC78D9A00B1DE8CE2AD1BDDE7E42 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP3QFE\rpcss.dll
[-] 2009-02-09 . A37311D9D628C1042A2836731787F0F3 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP3GDR\rpcss.dll
[-] 2009-02-09 . B5D78596EFFBEB82F3B86D9A002538E1 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP2GDR\rpcss.dll
[-] 2009-02-09 . 3256C32654CC35DFCFEF42B0C5E4AB89 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP2QFE\rpcss.dll
[-] 2008-04-14 . 02396DAB9DD407B06539981F477F3FEC . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\rpcss.dll
[-] 2008-04-14 . 02396DAB9DD407B06539981F477F3FEC . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\rpcss.dll
[-] 2005-07-26 . C547826A81F7F30A347418B0DE11556B . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . C547826A81F7F30A347418B0DE11556B . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2005-07-26 . 7A1EDB7A7A904600948879DF711782DA . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 52679C1DCCD92ED5EAFA368501AFB77C . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . 51EFFB9897C56FDC9EF6E14E581A776A . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-03 . 346E5B19FC986FE7185A0C2C43593722 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2009-02-09 . 02A467E27AF55F7064C5B251E587315F . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP3GDR\services.exe
[-] 2009-02-09 . 8816E60BF654353E8E0D35ED98875445 . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP3QFE\services.exe
[-] 2009-02-09 . ED4E5391100287B9EABF8F2CF4B42235 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP2GDR\services.exe
[-] 2009-02-09 . 245A46964D7F534E1D20563ACF215E80 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\759d1ea8b2dedf36036c168a2c973aa4\SP2QFE\services.exe
[-] 2008-04-14 . 3E3AE424E27C4CEFE4CAB368C7B570EA . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\services.exe
[-] 2008-04-14 . 3E3AE424E27C4CEFE4CAB368C7B570EA . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\services.exe
[-] 2004-08-03 . 3DA8D964D2CC12EF8E8C342471A37917 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-08-03 . 3DA8D964D2CC12EF8E8C342471A37917 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\spoolsv.exe
[-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2004-08-03 . BEBE8A85954FF460374FD5A0CD21E19B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\winlogon.exe
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\winlogon.exe
[-] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\comctl32.dll
[-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\comctl32.dll
[-] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 . 19CDC3435A7C6DA3117F4E0B2C79AC5F . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . 19CDC3435A7C6DA3117F4E0B2C79AC5F . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 . 6B105FE95F2E9F0B6346044BA59D41C9 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\cryptsvc.dll
[-] 2008-04-14 . 6B105FE95F2E9F0B6346044BA59D41C9 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\cryptsvc.dll
[-] 2004-08-03 . 91723CD7C96C5854149F9CAE820A90DD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-03 . 91723CD7C96C5854149F9CAE820A90DD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2008-07-07 20:33 . 878FA7B8FFBCFFDAEB05F0484A99562D . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:33 . 878FA7B8FFBCFFDAEB05F0484A99562D . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:25 . 5BB3E442E43C7BB0F38203F23C920D3C . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:19 . 266EE073842AFF70B1A1460EE0CBBD49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 17:20 . BE1B1412A3D488C50B8F67F792196108 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\es.dll
[-] 2008-04-14 17:20 . BE1B1412A3D488C50B8F67F792196108 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\es.dll
[-] 2005-07-26 04:42 . D1793EB40311E95361693DA792F4CB5B . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:36 . 47CA2FBC71A0B94DE5B80688A7B8F403 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-03 23:43 . DC54CC79E1FAEFA480A8117C9BF105E1 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2008-04-14 . 2E9A03268E609917B83921EE16FD9CFB . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\imm32.dll
[-] 2008-04-14 . 2E9A03268E609917B83921EE16FD9CFB . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\imm32.dll
[-] 2004-08-03 . BDB679C04273B19BF46BD0D591FDEEC3 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-03 . BDB679C04273B19BF46BD0D591FDEEC3 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
[-] 2009-03-21 . C57B35FBBB25E8314E022F8D13BE5A57 . 1014784 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\8ad96f0768b1b334d3cbbb50b39a518f\sp2gdr\kernel32.dll
[-] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\8ad96f0768b1b334d3cbbb50b39a518f\sp3gdr\kernel32.dll
[-] 2009-03-21 . 6CFFFD4A53F08D1BE0222D859BF93B29 . 1020416 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\8ad96f0768b1b334d3cbbb50b39a518f\sp3qfe\kernel32.dll
[-] 2009-03-21 . 6B29B8F00F7CDE46C69BDED5253B96B9 . 1017856 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\8ad96f0768b1b334d3cbbb50b39a518f\sp2qfe\kernel32.dll
[-] 2008-04-14 . FCE4ECC34A36EDACF03DBE8DE5E28910 . 1018368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\kernel32.dll
[-] 2008-04-14 . FCE4ECC34A36EDACF03DBE8DE5E28910 . 1018368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\kernel32.dll
[-] 2007-04-16 . D8ACC0B8C46FC756E3F64C14EAF9CE8F . 1014784 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . C0AAFEE37EE787D9609D9FE00FA427F8 . 1013248 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
[-] 2007-04-16 . C0AAFEE37EE787D9609D9FE00FA427F8 . 1013248 . . [5.1.2600.3119] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-03 . 578BB2F44597CB53451DED99013573F3 . 1012224 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 . EA8DF0AF49E2616F55BF327549E44368 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\linkinfo.dll
[-] 2008-04-14 . EA8DF0AF49E2616F55BF327549E44368 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\linkinfo.dll
[-] 2005-09-01 . B489FAA0105744BEB96594E2974DCF69 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 3E46DA8AE679B87D309EBBD3E12283D0 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 3E46DA8AE679B87D309EBBD3E12283D0 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
[-] 2004-08-03 . 7068F13DEFF03488E1A1E27E4BC004E8 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2008-04-14 . A9C89DBAD5EFF7A06B58302778674507 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\lpk.dll
[-] 2008-04-14 . A9C89DBAD5EFF7A06B58302778674507 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\lpk.dll
[-] 2004-08-03 . 261DB4366ECB4220EA960F0CA78CABAC . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-03 . 261DB4366ECB4220EA960F0CA78CABAC . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
[-] 2008-04-14 . 411864012AC39F2B57319AEF64D336DF . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\msvcrt.dll
[-] 2008-04-14 . 411864012AC39F2B57319AEF64D336DF . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\msvcrt.dll
[-] 2008-04-14 . 11F8B9042B6F4320B6D4E528664AD693 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 11F8B9042B6F4320B6D4E528664AD693 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-03 . 9AFE931CBC9244A5EB0B9E9D5FA74F44 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-03 . 9AFE931CBC9244A5EB0B9E9D5FA74F44 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-06-20 . 300BCC512DE4038F1494230941DB2C2A . 246784 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . BF80D884E1C60DED1C7CEA3EC6F9DC28 . 246784 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . D4ABFCD86AF9533EF94F291A1BB3E9A2 . 246784 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . D4ABFCD86AF9533EF94F291A1BB3E9A2 . 246784 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . F1590C9B2294DB9ACE3B081ABD596174 . 246784 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . 612E31FCAC1040EDD78ECAC81C9F859F . 246784 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\mswsock.dll
[-] 2008-04-14 . 612E31FCAC1040EDD78ECAC81C9F859F . 246784 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\mswsock.dll
[-] 2004-08-03 . 83387067B25E000E64B178A62E5DCD24 . 246784 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2009-02-06 . B771DCBE0449C9F0F290092DEC48E698 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . B771DCBE0449C9F0F290092DEC48E698 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 9858AD0A3FCD83C3B100EDD5852DE540 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\netlogon.dll
[-] 2008-04-14 . 9858AD0A3FCD83C3B100EDD5852DE540 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\netlogon.dll
[-] 2004-08-03 . 8BE1BEBB1447EFFAF5F2135DC098431E . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-03 . 8BE1BEBB1447EFFAF5F2135DC098431E . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 . 414C17A2958AEDAC700BBAAFBF999F94 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\powrprof.dll
[-] 2008-04-14 . 414C17A2958AEDAC700BBAAFBF999F94 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\powrprof.dll
[-] 2004-08-03 . B20BB2A65349EF132FA7F2EB51A29E5C . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-03 . B20BB2A65349EF132FA7F2EB51A29E5C . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 . 3F74B6B4E2721272A117D25990141F73 . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\scecli.dll
[-] 2008-04-14 . 3F74B6B4E2721272A117D25990141F73 . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\scecli.dll
[-] 2004-08-03 . 3609496AE18FF399920C494270C526F9 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-03 . 3609496AE18FF399920C494270C526F9 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
[-] 2008-04-14 . 71C6AB6EB8CF1190BAC7075F82BD8F05 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfc.dll
[-] 2008-04-14 . 71C6AB6EB8CF1190BAC7075F82BD8F05 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\sfc.dll
[-] 2004-08-03 . 3F342B984E9E1ABD58347DA859CD44C6 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-03 . 3F342B984E9E1ABD58347DA859CD44C6 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
[-] 2008-04-14 . 8607D35D92528E2DF386F19A960D23CE . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\svchost.exe
[-] 2008-04-14 . 8607D35D92528E2DF386F19A960D23CE . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\svchost.exe
[-] 2004-08-03 . BA98327E90022DBD6EE76490E0622E2E . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-03 . BA98327E90022DBD6EE76490E0622E2E . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-14 . 2340E6977548038C88E39A9ECBB3FADC . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\tapisrv.dll
[-] 2008-04-14 . 2340E6977548038C88E39A9ECBB3FADC . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\tapisrv.dll
[-] 2005-07-08 . 8B050486E57C23624CFD374488FE4A16 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . DA38C22EB4A3F9A15B9B9B885F4F5251 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . DA38C22EB4A3F9A15B9B9B885F4F5251 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
[-] 2004-08-03 . 0A695B77564D8E9333E846B526F95AB2 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\user32.dll
[-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\user32.dll
[-] 2007-03-08 . 11ABDECC02EFC1D2B6A6A0FA46C26594 . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . A37A4637F84F8DD771274EAF8D17FA65 . 579072 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . A37A4637F84F8DD771274EAF8D17FA65 . 579072 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . 6A93565BE9B8422EB7538C66AC732D76 . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . B7EEB1A1AF740306049241DDF61F21FF . 578560 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2008-04-14 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\userinit.exe
[-] 2008-04-14 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\userinit.exe
[-] 2004-08-03 . BD768099B4C44AA631728CB74EB54396 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-03 . BD768099B4C44AA631728CB74EB54396 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 . C0AA2AB856680C44739B41E01F5BD4E9 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ws2_32.dll
[-] 2008-04-14 . C0AA2AB856680C44739B41E01F5BD4E9 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ws2_32.dll
[-] 2004-08-03 . AB82237486B727DD7DAB36A76F38A3A2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-03 . AB82237486B727DD7DAB36A76F38A3A2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
[-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\explorer.exe
[-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\explorer.exe
[-] 2007-06-13 . 029A562E81BBEE088C61D418BF408F44 . 1034752 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 029A562E81BBEE088C61D418BF408F44 . 1034752 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . 8DB0650B211425B9CDB7D1C4A8F6B482 . 1034752 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\srsvc.dll
[-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\srsvc.dll
[-] 2004-08-03 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
[-] 2008-04-14 . CC07DA5A1CB214ADDFA50B2FA6935F18 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\wscntfy.exe
[-] 2008-04-14 . CC07DA5A1CB214ADDFA50B2FA6935F18 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\wscntfy.exe
[-] 2004-08-03 . 1905812AB06A70FF21907FAA10C927D6 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 1905812AB06A70FF21907FAA10C927D6 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
[-] 2008-04-14 . 24ED6935771359A5AEF1FE8BF0C56F39 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\xmlprov.dll
[-] 2008-04-14 . 24ED6935771359A5AEF1FE8BF0C56F39 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\xmlprov.dll
[-] 2004-08-03 . E3C9EF5BCC9EB171BD81051CD19BDED7 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-03 . E3C9EF5BCC9EB171BD81051CD19BDED7 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
[-] 2008-04-14 . 35FCCFD093582FA9098762E6F84EE119 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\eventlog.dll
[-] 2008-04-14 . 35FCCFD093582FA9098762E6F84EE119 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\eventlog.dll
[-] 2004-08-03 . 05684DE2DA55A04C8AAAB5911AFE7643 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-03 . 05684DE2DA55A04C8AAAB5911AFE7643 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
[-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll
[-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\sfcfiles.dll
[-] 2004-08-03 . F044A12CFFB8E58BC044A2605283A636 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 . F044A12CFFB8E58BC044A2605283A636 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
[-] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ctfmon.exe
[-] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ctfmon.exe
[-] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 . 8AD90ED829B8404D962545ED3EFB1129 . 135680 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\shsvcs.dll
[-] 2008-04-14 . 8AD90ED829B8404D962545ED3EFB1129 . 135680 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\shsvcs.dll
[-] 2006-12-19 . E659DE1D3E1DE67461EC5CC88EB460B2 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . E659DE1D3E1DE67461EC5CC88EB460B2 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . E7B420570F775C692C3D7D350F1474A6 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-03 . 7C8E934687C496EDC69FDBBD2C277E63 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2008-04-14 . B472B59EF98469C91651B751D3442CB8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\regsvc.dll
[-] 2008-04-14 . B472B59EF98469C91651B751D3442CB8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\regsvc.dll
[-] 2004-08-03 . A19BFED61736127DB5B8B815AFB35190 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-03 . A19BFED61736127DB5B8B815AFB35190 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
[-] 2008-04-14 . DD73C11A5C4D14945846384B90A61A4B . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\schedsvc.dll
[-] 2008-04-14 . DD73C11A5C4D14945846384B90A61A4B . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\schedsvc.dll
[-] 2004-08-03 . E5F1C9EAD4C6617ACD40CA90882CC7D4 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-03 . E5F1C9EAD4C6617ACD40CA90882CC7D4 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
[-] 2008-04-14 . 2C0B1224AA36B4CA1753302BAA855882 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ssdpsrv.dll
[-] 2008-04-14 . 2C0B1224AA36B4CA1753302BAA855882 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ssdpsrv.dll
[-] 2004-08-03 . BB754C4BE0B18F0FAF01A7EBDE7025C4 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 . BB754C4BE0B18F0FAF01A7EBDE7025C4 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
[-] 2008-04-14 . 52E0505408EDD4AB5CCC7F83B67B4299 . 296448 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\termsrv.dll
[-] 2008-04-14 . 52E0505408EDD4AB5CCC7F83B67B4299 . 296448 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\termsrv.dll
[-] 2004-08-03 . 2C28157229925280916B3041CCC5FE4B . 296448 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-03 . 2C28157229925280916B3041CCC5FE4B . 296448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll
[-] 2008-04-14 . 1561430DA2F2AB81CC0CE71AF95A778D . 172032 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\appmgmts.dll
[-] 2008-04-14 . 1561430DA2F2AB81CC0CE71AF95A778D . 172032 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\appmgmts.dll
[-] 2004-08-03 . 8D60B308D061DA209CC271D9B480468C . 172032 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-03 . 8D60B308D061DA209CC271D9B480468C . 172032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
[-] 2001-10-26 . 66A42B7DB194E24B973BBCCE840A0F3F . 12032 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2001-10-26 . 66A42B7DB194E24B973BBCCE840A0F3F . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\mfc40u.dll
[-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\mfc40u.dll
[-] 2006-11-01 19:19 . 785BA57DAEA4DAF2F3C9B359FEDA0EBF . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:19 . 785BA57DAEA4DAF2F3C9B359FEDA0EBF . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2001-10-26 17:29 . CFA664EFA06EEE2B02721C1384F51123 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 . 36F3AB18B1BE303DA51DE90A67DE3942 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\msgsvc.dll
[-] 2008-04-14 . 36F3AB18B1BE303DA51DE90A67DE3942 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\msgsvc.dll
[-] 2004-08-03 . 1D0EBF9EDAE8A61CBF56ED1FF8489FAC . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-03 . 1D0EBF9EDAE8A61CBF56ED1FF8489FAC . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-03 23:44 . FA83DF4EE3B86E5CE53A5EA425F3F472 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2008-04-14 17:20 . 3FB5399DBB7001A80D58EDAD64C98225 . 435712 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ntmssvc.dll
[-] 2008-04-14 17:20 . 3FB5399DBB7001A80D58EDAD64C98225 . 435712 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ntmssvc.dll
[-] 2004-08-03 23:44 . C8CE1566B0537C3F5F7AE1CA458A6697 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 23:44 . C8CE1566B0537C3F5F7AE1CA458A6697 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
[-] 2008-04-14 . E96A6BAEE0B2A14A38B45830D6E30697 . 186880 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\upnphost.dll
[-] 2008-04-14 . E96A6BAEE0B2A14A38B45830D6E30697 . 186880 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\upnphost.dll
[-] 2007-02-05 . AE6C55ECAFCBF67EC19ACA24EC397F11 . 185856 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 8383E639D93083A91B2804AC482E4CCF . 185856 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 8383E639D93083A91B2804AC482E4CCF . 185856 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-03 . 387D2A06C8E7CCCEA8E9A350C8FE6781 . 185856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-30 22058792]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\red orchestra\steam.exe" [2009-12-02 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2009-8-22 882176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\GRY\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"j:\\Kopia Company of Heroes\\RelicCOH.exe"=
"d:\\GRY\\ET\\ET.exe"=
"d:\\GRY\\toca race driver 2\\RD2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"j:\\emergency 4\\Em4.exe"=
"c:\\Program Files\\THQ\\Company of Heroes - Balance Playtest\\RelicCOH.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"j:\combat arms eu\CombatArms.exe"= j:\combat arms eu\CombatArms.exe:*Enabled:CombatArms.exe
"j:\combat arms eu\Engine.exe"= j:\combat arms eu\Engine.exe:*Enabled:Engine.exe
"j:\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"j:\\Fm2010\\fm.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Red Orchestra\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\RUSE.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2009-08-19 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-22 20560]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-07-15 4096]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-04-14 717296]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2007-01-05 123264]
S3 DCamUSBIntel;USB Video Camera;c:\windows\system32\Drivers\TP6800.sys --> c:\windows\system32\Drivers\TP6800.sys [?]
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\5btt651z.default\
FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\5btt651z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\Admin\Dane aplikacji\PowerChallenge\nppowerloader.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDEMON.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSOCCER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 19:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
"ImagePath"="\??\d:\gry\Lineage ]
[\system\npkcrypt.sys"
"ImagePath"="\??\d:\gry\Lineage ]
[\system\npkcusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npkcrypt]
"ImagePath"="\??\d:\gry\Lineage ]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npkcusb]
"ImagePath"="\??\d:\gry\Lineage ]
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1606980848-1844237615-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,c4,0c,6b,75,ca,e5,a0,9a,56,6e,e4,3c,33,32,05,c7,e6,f7,d5,ba,f9,9d,
56,e7,86,10,56,f2,c5,8e,c6,c7,5c,f7,c8,fc,27,81,07,71,bc,84,82,4b,e5,d5,9f,\
"??"=hex:ac,30,d1,d3,ca,de,e6,75,81,26,0a,53,46,f2,8f,49
[HKEY_USERS\S-1-5-21-1606980848-1844237615-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:65,fe,ce,b3,b9,f9,3d,50,a9,47,68,7d,4a,2e,70,7d,b7,76,53,e5,d0,
4f,a8,a8,ef,8c,33,92,94,65,b5,9d,5a,e0,00,5e,85,04,cd,34,e0,c4,1f,ec,d6,e4,\
"rkeysecu"=hex:3f,8b,6f,20,e1,50,60,c1,dc,04,91,89,b3,34,26,9b
.
Czas ukończenia: 2009-12-08 19:44
ComboFix-quarantined-files.txt 2009-12-08 18:44
ComboFix2.txt 2009-12-08 17:21
Przed: 6 257 389 568 bajtów wolnych
Po: 6 244 421 632 bajtów wolnych
- - End Of File - - 5EB59FA65750330E9F18E58BEC8B9673
Ponadto wysyłało jakieś pliki na serwer do analizy, nie wiem czy jest to zawarte w logu także wspominam tylko.
Problem z win32:patched-hn
przez wojtas 08 Gru 2009, 21:19
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) i daj raport ze skanu
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) i daj raport ze skanu
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
Problem z win32:patched-hn
przez stajorek 08 Gru 2009, 23:55
Zrobiłem jak poleciłeś i wydaje się być dobrze. Anti-Malware wykrył kilka infekcji, wszystkie usunął, ale zapodział mi się gdzieś raport i za chiny nie mogę go znaleść. Jeśli jest on potrzebny to prosiłbym o wskazanie gdzie on może się chować, jeśli nie to dziękuje serdecznie za pomoc i temat do zamknięcia.
9 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 8 gości