ComboFix 11-11-08.02 - Marta 09-11-2011 0:16.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1564 [GMT 1:00] Uruchomiony z: c:\documents and settings\Marta\Pulpit\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\Marta\Ustawienia lokalne\Dane aplikacji\cc808513\U c:\documents and settings\Marta\Ustawienia lokalne\Dane aplikacji\cc808513\U\80000000.@ c:\documents and settings\Marta\Ustawienia lokalne\Dane aplikacji\cc808513\U\800000cb.@ c:\documents and settings\Marta\Ustawienia lokalne\Dane aplikacji\cc808513\U\800000cf.@ c:\documents and settings\Marta\Ustawienia lokalne\Dane aplikacji\cc808513\X c:\windows\$NtUninstallKB46700$\3430974739\@ c:\windows\$NtUninstallKB46700$\3430974739\L\egjdenag c:\windows\$NtUninstallKB46700$\3430974739\loader.tlb c:\windows\$NtUninstallKB46700$\3430974739\U\@00000001 c:\windows\$NtUninstallKB46700$\3430974739\U\@000000c0 c:\windows\$NtUninstallKB46700$\3430974739\U\@000000cb c:\windows\$NtUninstallKB46700$\3430974739\U\@000000cf c:\windows\$NtUninstallKB46700$\3430974739\U\@80000000 c:\windows\$NtUninstallKB46700$\3430974739\U\@800000c0 c:\windows\$NtUninstallKB46700$\3430974739\U\@800000cb c:\windows\$NtUninstallKB46700$\3430974739\U\@800000cf c:\windows\$NtUninstallKB46700$\446567189 c:\windows\IsUn0415.exe c:\windows\msmqinst.log c:\windows\system32\ c:\windows\system32\CddbCdda.dll c:\windows\unin0415.exe c:\windows\$NtUninstallKB46700$ . . . . nie udało się usunąć . Zainfekowana kopia c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147024.exe . c:\windows\system32\acs.exe . . . jest zainfekowany!! c:\windows\system32\acs.exe . . . was deleted!! You should re-install the program it pertains to . Zainfekowana kopia c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\program files\ThinkPad\ConnectUtilities\ . Zainfekowana kopia c:\windows\system32\ibmpmsvc.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147021.exe . Zainfekowana kopia c:\program files\Java\jre6\bin\jqs.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147025.exe . c:\windows\system32\LEXBCES.EXE . . . jest zainfekowany!! c:\windows\system32\LEXBCES.EXE . . . was deleted!! You should re-install the program it pertains to . Zainfekowana kopia c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147026.exe . Zainfekowana kopia c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147028.exe . Zainfekowana kopia c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147024.exe Zainfekowana kopia c:\windows\system32\ibmpmsvc.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147021.exe Zainfekowana kopia c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{49032264-A7AC-4145-9844-C6F87F95B89A}\RP977\A0147028.exe . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-09 do 2011-11-09 ))))))))))))))))))))))))))))))) . . 2011-11-09 02:58 . 2005-11-10 23:33 73782 ----a-w- c:\windows\system32\ibmpmsvc.exe 2011-11-07 09:29 . 2011-11-09 02:37 -------- d-sh--w- c:\documents and settings\Marta\Ustawienia lokalne\Dane aplikacji\cc808513 2011-11-01 21:17 . 2011-11-01 21:17 -------- d-----w- c:\program files\Microsoft Silverlight 2011-10-11 09:45 . 2011-10-11 09:45 -------- d-----w- C:\mbooki_2011 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-17 00:18 . 2008-06-08 14:01 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2011-11-08 10:04 . 2008-06-08 13:40 40960 ----a-w- c:\windows\system32\TpKmpSvc.exe 2011-11-08 09:46 . 2008-07-26 12:13 174592 ----a-w- c:\windows\system32\LEXPPS.EXE 2011-09-26 09:41 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 1979-12-31 22:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 1979-12-31 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-09 09:12 . 1979-12-31 22:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 14:10 . 1979-12-31 22:00 1859200 ------w- c:\windows\system32\win32k.sys 2011-08-17 21:25 . 1979-12-31 22:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-08-17 21:25 . 1979-12-31 22:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-08-17 21:25 . 1979-12-31 22:00 78336 ------w- c:\windows\system32\ieencode.dll 2011-08-17 21:25 . 1979-12-31 22:00 17408 ----a-w- c:\windows\system32\corpol.dll 2011-08-17 13:49 . 1979-12-31 22:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-17 12:22 . 1979-12-31 22:00 389120 ------w- c:\windows\system32\html.iec 2011-08-12 11:51 . 2008-06-08 13:36 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2011-10-13 10:20 . 2011-06-11 09:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys . [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys . [-] 2008-04-14 . 2AECA45D4AEAACBDCB77AD11184E4601 . 24960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys [-] 2008-04-14 . 2AECA45D4AEAACBDCB77AD11184E4601 . 24960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . 2AECA45D4AEAACBDCB77AD11184E4601 . 24960 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-03 . CC13DB862F929AE33F64C3BEDC01CD31 . 24960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys . [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys . [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys . [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys . [-] 2008-04-14 . B98ED6D85339A66A73F32FB569EB6C01 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll [-] 2008-04-14 . B98ED6D85339A66A73F32FB569EB6C01 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . B98ED6D85339A66A73F32FB569EB6C01 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2004-08-04 . 210830D2497FEF78694076179AF8C795 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll . [-] 2008-04-14 . 88296F7943F30A1EE3AF735440B92268 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe [-] 2008-04-14 . 88296F7943F30A1EE3AF735440B92268 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . 88296F7943F30A1EE3AF735440B92268 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . F485FEFC8CC4FD29243D800BE5D275D1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe . [-] 2008-04-14 . 4FE97D0B1B182DF2A9BDD4C02155EF5E . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll [-] 2008-04-14 . 4FE97D0B1B182DF2A9BDD4C02155EF5E . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . 4FE97D0B1B182DF2A9BDD4C02155EF5E . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2005-08-22 . D7714C689005359E16AAFBC15F31AA3F . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 92296EBC8CE6714A3DC3D791E6246580 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-04 . 3E7B6583269BC118720D0020B03CC71E . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll . [-] 2008-04-14 17:20 . 8A7426E69FFA30EE4DC76CA3E3999121 . 822272 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll [-] 2008-04-14 17:20 . 8A7426E69FFA30EE4DC76CA3E3999121 . 822272 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll [-] 2004-08-04 12:00 . 8797D059EEBD5101CC6257EE2D6B900A . 822272 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll . [-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . A6BFD910074B02C8794FC65F39CC6B28 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll . [-] 2009-02-09 . C9E5AC78D9A00B1DE8CE2AD1BDDE7E42 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . A37311D9D628C1042A2836731787F0F3 . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll [-] 2009-02-09 . A37311D9D628C1042A2836731787F0F3 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . A37311D9D628C1042A2836731787F0F3 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2008-04-14 . 02396DAB9DD407B06539981F477F3FEC . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . 02396DAB9DD407B06539981F477F3FEC . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . C547826A81F7F30A347418B0DE11556B . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . 7A1EDB7A7A904600948879DF711782DA . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll . [-] 2009-02-09 . 02A467E27AF55F7064C5B251E587315F . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe [-] 2009-02-09 . 02A467E27AF55F7064C5B251E587315F . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . 02A467E27AF55F7064C5B251E587315F . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . 8816E60BF654353E8E0D35ED98875445 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . 3E3AE424E27C4CEFE4CAB368C7B570EA . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . 3E3AE424E27C4CEFE4CAB368C7B570EA . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 . 3DA8D964D2CC12EF8E8C342471A37917 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe [-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe . [-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe [-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2005-04-01 . EF0B20F1A502FE4C0CA03143DF35C910 . 505344 . . [5.1.2600.2645] . . c:\windows\$NtServicePackUninstall$\winlogon.exe . [-] 2010-08-23 . 8B9ED4A686777261B9AFADD2A6D981A0 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 8B9ED4A686777261B9AFADD2A6D981A0 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . C29639BA7410BCEF8898CBCB07A59CB1 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll [-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll [-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [-] 2006-08-25 . 19CDC3435A7C6DA3117F4E0B2C79AC5F . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2006-08-25 . 6944354E1163DE1E6BB63F9E59B36E61 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [-] 2004-08-04 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2004-08-04 . 492C2DB83085130A993EE3E12D0FD0E1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll . [-] 2008-04-14 . 6B105FE95F2E9F0B6346044BA59D41C9 . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll [-] 2008-04-14 . 6B105FE95F2E9F0B6346044BA59D41C9 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 6B105FE95F2E9F0B6346044BA59D41C9 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 91723CD7C96C5854149F9CAE820A90DD . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll . [-] 2008-07-07 20:33 . 878FA7B8FFBCFFDAEB05F0484A99562D . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll [-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:29 . 6AFF804839C85859E0247164FBE5F5BB . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:25 . 5BB3E442E43C7BB0F38203F23C920D3C . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:19 . 266EE073842AFF70B1A1460EE0CBBD49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 17:20 . BE1B1412A3D488C50B8F67F792196108 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 17:20 . BE1B1412A3D488C50B8F67F792196108 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:42 . D1793EB40311E95361693DA792F4CB5B . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:36 . 47CA2FBC71A0B94DE5B80688A7B8F403 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll . [-] 2008-04-14 . 2E9A03268E609917B83921EE16FD9CFB . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll [-] 2008-04-14 . 2E9A03268E609917B83921EE16FD9CFB . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 2E9A03268E609917B83921EE16FD9CFB . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . BDB679C04273B19BF46BD0D591FDEEC3 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll . [-] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll [-] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . 77C951B64413E80EEC0359426DCA938B . 1018368 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 6CFFFD4A53F08D1BE0222D859BF93B29 . 1020416 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . FCE4ECC34A36EDACF03DBE8DE5E28910 . 1018368 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . FCE4ECC34A36EDACF03DBE8DE5E28910 . 1018368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . D8ACC0B8C46FC756E3F64C14EAF9CE8F . 1014784 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . C0AAFEE37EE787D9609D9FE00FA427F8 . 1013248 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2004-08-04 . 578BB2F44597CB53451DED99013573F3 . 1012224 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll . [-] 2008-04-14 . EA8DF0AF49E2616F55BF327549E44368 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll [-] 2008-04-14 . EA8DF0AF49E2616F55BF327549E44368 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . EA8DF0AF49E2616F55BF327549E44368 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2005-09-01 . B489FAA0105744BEB96594E2974DCF69 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . 3E46DA8AE679B87D309EBBD3E12283D0 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll . [-] 2008-04-14 . A9C89DBAD5EFF7A06B58302778674507 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll [-] 2008-04-14 . A9C89DBAD5EFF7A06B58302778674507 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . A9C89DBAD5EFF7A06B58302778674507 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . 261DB4366ECB4220EA960F0CA78CABAC . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll . [-] 2008-04-14 . 411864012AC39F2B57319AEF64D336DF . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll [-] 2008-04-14 . 411864012AC39F2B57319AEF64D336DF . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . 411864012AC39F2B57319AEF64D336DF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2008-04-14 . 11F8B9042B6F4320B6D4E528664AD693 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll [-] 2004-08-04 . 9AFE931CBC9244A5EB0B9E9D5FA74F44 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2004-08-04 . 9C6F09D2B217A0BF739AF557C84CD3BD . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll . [-] 2008-04-14 . 9858AD0A3FCD83C3B100EDD5852DE540 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll [-] 2008-04-14 . 9858AD0A3FCD83C3B100EDD5852DE540 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 9858AD0A3FCD83C3B100EDD5852DE540 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . 8BE1BEBB1447EFFAF5F2135DC098431E . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll . [-] 2008-04-14 . 414C17A2958AEDAC700BBAAFBF999F94 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll [-] 2008-04-14 . 414C17A2958AEDAC700BBAAFBF999F94 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . 414C17A2958AEDAC700BBAAFBF999F94 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . B20BB2A65349EF132FA7F2EB51A29E5C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll . [-] 2008-04-14 . 3F74B6B4E2721272A117D25990141F73 . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll [-] 2008-04-14 . 3F74B6B4E2721272A117D25990141F73 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . 3F74B6B4E2721272A117D25990141F73 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . 3609496AE18FF399920C494270C526F9 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll . [-] 2008-04-14 . 71C6AB6EB8CF1190BAC7075F82BD8F05 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll [-] 2008-04-14 . 71C6AB6EB8CF1190BAC7075F82BD8F05 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 71C6AB6EB8CF1190BAC7075F82BD8F05 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . 3F342B984E9E1ABD58347DA859CD44C6 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll . [-] 2008-04-14 . 8607D35D92528E2DF386F19A960D23CE . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe [-] 2008-04-14 . 8607D35D92528E2DF386F19A960D23CE . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . 8607D35D92528E2DF386F19A960D23CE . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . BA98327E90022DBD6EE76490E0622E2E . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe . [-] 2008-04-14 . 2340E6977548038C88E39A9ECBB3FADC . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll [-] 2008-04-14 . 2340E6977548038C88E39A9ECBB3FADC . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . 2340E6977548038C88E39A9ECBB3FADC . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2005-07-08 . 8B050486E57C23624CFD374488FE4A16 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . DA38C22EB4A3F9A15B9B9B885F4F5251 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll . [-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll [-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . 11ABDECC02EFC1D2B6A6A0FA46C26594 . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . A37A4637F84F8DD771274EAF8D17FA65 . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2005-03-02 . 6A93565BE9B8422EB7538C66AC732D76 . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . B7EEB1A1AF740306049241DDF61F21FF . 578560 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll . [-] 2008-04-14 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe [-] 2008-04-14 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . BD768099B4C44AA631728CB74EB54396 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe . [-] 2008-04-14 . C0AA2AB856680C44739B41E01F5BD4E9 . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll [-] 2008-04-14 . C0AA2AB856680C44739B41E01F5BD4E9 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . C0AA2AB856680C44739B41E01F5BD4E9 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . AB82237486B727DD7DAB36A76F38A3A2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll . [-] 2008-04-14 . F43B5623C5CA5BF6D9678FCF19642422 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll [-] 2008-04-14 . F43B5623C5CA5BF6D9678FCF19642422 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . F43B5623C5CA5BF6D9678FCF19642422 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2004-08-04 . D30F55D0980533DD1C5AC640E05C49E6 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll . [-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe [-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . 029A562E81BBEE088C61D418BF408F44 . 1034752 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 8DB0650B211425B9CDB7D1C4A8F6B482 . 1034752 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-04 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe . [-] 2008-04-14 . FD317A23C3EB2A856E74279FBE04B9C2 . 149504 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-14 . FD317A23C3EB2A856E74279FBE04B9C2 . 149504 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe [-] 2004-08-04 . C1FD2A565973DE555A36B335644402EB . 149504 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe . [-] 2010-07-16 . C10BDDDBA990C49BD195A60715DD6BEF . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll [-] 2010-07-16 . C10BDDDBA990C49BD195A60715DD6BEF . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll [-] 2010-07-16 . BBA690E74E139B3E0357164A1F065C24 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll [-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll [-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ole32.dll [-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll [-] 2005-07-26 . F139CF18D51D09325F6BFBBBC2893F19 . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll [-] 2005-07-25 . BCD128E716934F42D1818EE70652BB98 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll . [-] 2010-04-16 . 514F80DF6DCF9BBA1D67CA16BC667787 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . 514F80DF6DCF9BBA1D67CA16BC667787 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . 9B5F828F0D6A7AEA167F7D85CF693BD0 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [-] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [-] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2004-08-04 . 8E607A6F159621A8737DF29F46EDA1EF . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll . [-] 2008-04-14 . CD928E84EF8FAB1BFB5791E28F7D4E0B . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll [-] 2008-04-14 . CD928E84EF8FAB1BFB5791E28F7D4E0B . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll [-] 2004-08-03 . 84400F3E86B4FFCF7442002029D63786 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll . [-] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [-] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . [-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll . [-] 2008-04-14 . CC07DA5A1CB214ADDFA50B2FA6935F18 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe [-] 2008-04-14 . CC07DA5A1CB214ADDFA50B2FA6935F18 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . CC07DA5A1CB214ADDFA50B2FA6935F18 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2004-08-04 . 1905812AB06A70FF21907FAA10C927D6 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe . [-] 2008-04-14 . 24ED6935771359A5AEF1FE8BF0C56F39 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll [-] 2008-04-14 . 24ED6935771359A5AEF1FE8BF0C56F39 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 24ED6935771359A5AEF1FE8BF0C56F39 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-04 . E3C9EF5BCC9EB171BD81051CD19BDED7 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll . [-] 2008-04-14 . 35FCCFD093582FA9098762E6F84EE119 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll [-] 2008-04-14 . 35FCCFD093582FA9098762E6F84EE119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . 35FCCFD093582FA9098762E6F84EE119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2004-08-04 . 05684DE2DA55A04C8AAAB5911AFE7643 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll . [-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll [-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-04 . F044A12CFFB8E58BC044A2605283A636 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll . [-] 2008-04-14 . B472B59EF98469C91651B751D3442CB8 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll [-] 2008-04-14 . B472B59EF98469C91651B751D3442CB8 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . B472B59EF98469C91651B751D3442CB8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . A19BFED61736127DB5B8B815AFB35190 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll . [-] 2008-04-14 . DD73C11A5C4D14945846384B90A61A4B . 193536 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll [-] 2008-04-14 . DD73C11A5C4D14945846384B90A61A4B . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . DD73C11A5C4D14945846384B90A61A4B . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . E5F1C9EAD4C6617ACD40CA90882CC7D4 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll . [-] 2008-04-14 . 2C0B1224AA36B4CA1753302BAA855882 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll [-] 2008-04-14 . 2C0B1224AA36B4CA1753302BAA855882 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 2C0B1224AA36B4CA1753302BAA855882 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . BB754C4BE0B18F0FAF01A7EBDE7025C4 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll . [-] 2008-04-14 . 52E0505408EDD4AB5CCC7F83B67B4299 . 296448 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll [-] 2008-04-14 . 52E0505408EDD4AB5CCC7F83B67B4299 . 296448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . 52E0505408EDD4AB5CCC7F83B67B4299 . 296448 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . 2C28157229925280916B3041CCC5FE4B . 296448 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll . [-] 2008-04-14 . 2DEE3DC6EB17D7BB774CE05695BA26D6 . 346112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll [-] 2008-04-14 . 2DEE3DC6EB17D7BB774CE05695BA26D6 . 346112 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll [-] 2004-08-04 . E2012CF69E88C83118472DE4945A27E5 . 346624 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll . [-] 2008-04-14 . 1561430DA2F2AB81CC0CE71AF95A778D . 172032 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll [-] 2008-04-14 . 1561430DA2F2AB81CC0CE71AF95A778D . 172032 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2008-04-14 . 1561430DA2F2AB81CC0CE71AF95A778D . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2004-08-04 . 8D60B308D061DA209CC271D9B480468C . 172032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll . [-] 2004-08-04 . 66A42B7DB194E24B973BBCCE840A0F3F . 12032 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys [-] 2004-08-04 . 66A42B7DB194E24B973BBCCE840A0F3F . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys . [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys . [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys . [-] 2010-09-18 07:18 . 576D37910F472BB5E62EF14D4B274599 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:53 . E7A93F4C5154D34F61328D34DE02CD61 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 06:53 . E7A93F4C5154D34F61328D34DE02CD61 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll [-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll [-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll [-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2006-11-01 19:19 . 785BA57DAEA4DAF2F3C9B359FEDA0EBF . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll [-] 2004-08-04 12:00 . CFA664EFA06EEE2B02721C1384F51123 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll . [-] 2008-04-14 . 36F3AB18B1BE303DA51DE90A67DE3942 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll [-] 2008-04-14 . 36F3AB18B1BE303DA51DE90A67DE3942 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . 36F3AB18B1BE303DA51DE90A67DE3942 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . 1D0EBF9EDAE8A61CBF56ED1FF8489FAC . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll . [-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\ERDNT\cache\MsPMSNSv.dll [-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll [-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-08-04 12:00 . FA83DF4EE3B86E5CE53A5EA425F3F472 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . [-] 2008-04-14 17:20 . 3FB5399DBB7001A80D58EDAD64C98225 . 435712 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll [-] 2008-04-14 17:20 . 3FB5399DBB7001A80D58EDAD64C98225 . 435712 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 17:20 . 3FB5399DBB7001A80D58EDAD64C98225 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 12:00 . C8CE1566B0537C3F5F7AE1CA458A6697 . 435712 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll . [-] 2008-04-14 . E96A6BAEE0B2A14A38B45830D6E30697 . 186880 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll [-] 2008-04-14 . E96A6BAEE0B2A14A38B45830D6E30697 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . E96A6BAEE0B2A14A38B45830D6E30697 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . AE6C55ECAFCBF67EC19ACA24EC397F11 . 185856 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 8383E639D93083A91B2804AC482E4CCF . 185856 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-04 . 387D2A06C8E7CCCEA8E9A350C8FE6781 . 185856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll . [-] 2008-04-14 . 4F2DA211B394AF150F00254F346857CD . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll [-] 2008-04-14 . 4F2DA211B394AF150F00254F346857CD . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll [-] 2008-04-14 . 4F2DA211B394AF150F00254F346857CD . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2004-08-04 . 9E46388FE1308B54F843959FBE2764F9 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll . [-] 2008-04-14 . 8881A14051D739A8422C521A83D614DA . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll [-] 2008-04-14 . 8881A14051D739A8422C521A83D614DA . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll [-] 2008-04-14 . 8881A14051D739A8422C521A83D614DA . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2004-08-04 . D87BF452D4BE09490D98EFB05D00FD9D . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll . [-] 2008-04-14 . 277389C269541D4B474BA72CA98A39E4 . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll [-] 2008-04-14 . 277389C269541D4B474BA72CA98A39E4 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll [-] 2008-04-14 . 277389C269541D4B474BA72CA98A39E4 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2004-08-04 . 1F542A014A9DDB28719630D1D9F1DB94 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll . [-] 2008-04-14 17:20 . 24B2954CAA69D904C1F39A3AC1421044 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll [-] 2008-04-14 17:20 . 24B2954CAA69D904C1F39A3AC1421044 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll [-] 2008-04-14 17:20 . 24B2954CAA69D904C1F39A3AC1421044 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2004-08-04 12:00 . 46A2A555FAB1BD80FEBCF40670843942 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll . [-] 2008-04-14 . 2095C42F0026BA1D0F6A4DC07CAEE871 . 41472 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll [-] 2008-04-14 . 2095C42F0026BA1D0F6A4DC07CAEE871 . 41472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll [-] 2008-04-14 . 2095C42F0026BA1D0F6A4DC07CAEE871 . 41472 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2004-08-04 . ACD23BB505C892D56175CC686B5C1509 . 41472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll . [-] 2008-04-14 . 5B9FC235221DC3F48DA7318CB0BD4888 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll [-] 2008-04-14 . 5B9FC235221DC3F48DA7318CB0BD4888 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2004-08-04 . 5005BF45DF1D444E7639408AFAF8EED5 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll . [-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll . [-] 2008-04-14 . A672CA3981352F8E9C30FEA056E80A62 . 176128 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll [-] 2008-04-14 . A672CA3981352F8E9C30FEA056E80A62 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll [-] 2004-08-04 . 000A0D516A2E20441E77AEA44E46B19B . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll . [-] 2008-04-14 . 41508EA375C97DC2B56E5F1AFC067187 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll [-] 2008-04-14 . 41508EA375C97DC2B56E5F1AFC067187 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2006-12-19 . BA7900C70FE0E2468CBF39242F588D1B . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll [-] 2006-12-19 . CB07CD1F566A4898A4846E29B17E1A6D . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll [-] 2004-08-04 . C6718154A50FE6C55E382CDBDEDCE7A7 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll . [-] 2008-04-14 . 30A2A72C04597972CF325F2A28410B63 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll [-] 2008-04-14 . 30A2A72C04597972CF325F2A28410B63 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll [-] 2004-08-04 . AB5FC830C5FBAC5DE4C18725D4F4BD7A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll . [-] 2008-04-14 . D6804AD9DBDF13DF147A371EB881020F . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll [-] 2008-04-14 . D6804AD9DBDF13DF147A371EB881020F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll [-] 2006-06-26 . 8C404B302D19B510DEEC3ABB7CA8D5F0 . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll [-] 2006-06-26 . 408B05D8104FB3C19403450FDA953C7C . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll [-] 2004-08-04 . 408C0FBB97B8B32E7CAF6C129EF18820 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 376912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrackPointSrv"="tp4serv.exe" [2005-07-13 94208] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256] "TP4EX"="tp4ex.exe" [2005-10-16 65536] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-22 106496] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "cssauthe"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 1988144] "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-22 151552] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-22 208896] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "UIExec"="c:\program files\blueconnect\UIExec.exe" [2009-04-07 132608] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-21 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-05 21:45 28672 ------w- c:\windows\system32\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-11-30 18:16 24576 ------w- c:\windows\system32\tphklock.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDomainTDHelper] 2008-06-12 15:25 94208 ----a-w- c:\windows\system32\TDHelp32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Mythware\\e-Learning Class V6.0\\InstHelpApp.exe"= "c:\\Program Files\\Mythware\\e-Learning Class V6.0\\SCMTransfer.exe"= "c:\\Program Files\\Mythware\\e-Learning Class V6.0\\TDChalk.exe"= "c:\\Program Files\\Mythware\\e-Learning Class V6.0\\TDOvrSet.exe"= "c:\\Program Files\\Mythware\\e-Learning Class V6.0\\TeacherMain.exe"= "c:\\Program Files\\WinSCP\\WinSCP.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"= "c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Windows Media Player\\setup_wm.exe"= "c:\\Program Files\\TortoiseSVN\\bin\\TortoiseProc.exe"= "c:\\Program Files\\FLV Player\\FLVPlayer.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= . R0 CDD_HOST;CDD_HOST;c:\windows\system32\drivers\CDD_HOST.sys [05-02-2010 20:46 19968] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19-01-2009 11:34 691696] R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28-04-2011 12:57 129992] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [31-12-1979 23:00 14336] R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 12:11 46142] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [01-08-2011 12:23 143752] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28-04-2011 12:57 97096] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28-04-2011 12:57 111688] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28-04-2011 12:57 112456] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [21-12-2005 15:45 3968] R2 UI Assistant Service;UI Assistant Service;c:\program files\blueconnect\AssistantServices.exe [14-01-2011 09:43 241664] R3 TDKeybd;TDKeybd;c:\windows\system32\drivers\TDKeybd.sys [29-09-2009 16:09 7680] R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [31-12-1979 23:00 13840] S2 NanoServiceMain;Panda Cloud Antivirus Service;"c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" --> c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [?] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [14-01-2011 09:44 7680] S3 msftesql$NAVO2002;SQL Server FullText Search (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [26-08-2005 15:00 92880] S3 MSOLAP$NAVO2002;SQL Server Analysis Services (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [03-03-2007 22:12 14560624] S3 MSSQL$NAVO2002;SQL Server (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [03-03-2007 22:12 28771240] S3 NAVOEnterprise2002;NAVO Enterprise 2002 Service;c:\program files\NAVO Enterprise 2002\System\navoservice.exe [29-07-2008 10:38 77824] S3 phil2vid;Kamera Philips USB VGA;c:\windows\system32\drivers\philcam2.sys [27-10-2008 18:52 173696] S3 SQLAgent$NAVO2002;SQL Server Agent (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [14-10-2005 02:51 318680] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 13:37 517096] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23-09-2005 06:01 2799808] . --- Inne Usługi/Sterowniki w Pamięci --- . *Deregistered* - BMLoad . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' . 2011-11-09 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-06-08 23:13] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.13.1 FF - ProfilePath - c:\documents and settings\Marta\Dane aplikacji\Mozilla\Firefox\Profiles\ukm1r614.default\ FF - prefs.js: browser.startup.homepage - about:blank . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0415.EXE AddRemove-SuperMemo 4 Kids - My First English Words - c:\windows\IsUn0415.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-09 06:59 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$NAVO2002] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:NAVO2002" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\tphklock.dll . - - - - - - - > 'explorer.exe'(3972) c:\windows\system32\WININET.dll c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\TpKmpSVC.exe c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe c:\windows\system32\wdfmgr.exe c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\tp4serv.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Czas ukończenia: 2011-11-09 07:06:04 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-11-09 06:06 ComboFix2.txt 2011-04-28 01:24 ComboFix3.txt 2010-08-05 07:05 ComboFix4.txt 2010-06-19 09:39 ComboFix5.txt 2011-11-08 22:58 . Przed: 68" "324" "532" "224 bajtów wolnych Po: 68" "730" "134" "528 bajtów wolnych . - - End Of File - - 0CB442A468ABC553F79192C8DD54986E