Созданные ответы форума
-
Сообщения
-
работает все нормально, только почему-то бабло в инете быстро исчезло, вроде флеш дезинфектор не тяжелая программа
Здравствуйте Валерий! вот лог файл после «второй» работы Комбофикса — после перетаскивания FScript ComboFix 08-11-28.03 — 1 2008-11-29 15:33:24.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.169 [GMT 3:00]
Running from: c:documents and settings1Рабочий стол2для удалComboFix.exe
Command switches used :: c:documents and settings1Рабочий столCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:activexdebugger32.exe
c:windowsactivexdebugger32.exe
c:windowssystem32activexdebugger32.exe
c:windowssystem32lbdlib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:activexdebugger32.exe
c:documents and settings1Local SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settings1Local SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settings1Local SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settings1Local SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settings1Local SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settings1Local SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settings1Local SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settings1Local SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settings1Local SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settings1Local SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settings1Local SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settings1Local SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settings1Local SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settings1Local SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settings1Local SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settings1Local SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settings1Local SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settings1Local SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:windowssystem32lbdlib.dll
G:AutoRun.inf.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.2008-11-29 15:05 . 2008-11-29 15:05 42 —a
c:windowsSuper Music.pls
2008-11-28 18:15 . 2008-11-28 18:24d
c:windowssystem32CatRoot_bak
2008-11-27 21:43 . 2008-11-27 21:43d
c:program filesMSXML 4.0
2008-11-27 20:30 . 2008-06-14 20:59 272,512
c:windowssystem32driversbthport.sys
2008-11-27 20:30 . 2008-06-14 20:59 272,512
c— c:windowssystem32dllcachebthport.sys
2008-11-27 20:23 . 2008-08-14 16:47 2,182,144
c— c:windowssystem32dllcachentoskrnl.exe
2008-11-27 20:23 . 2008-08-14 16:47 2,059,520
c— c:windowssystem32dllcachentkrnlpa.exe
2008-11-26 23:52 . 2008-11-27 22:04d—h
c:windows$hf_mig$
2008-11-23 12:00 . 2008-11-23 12:00d
c:program filesTrend Micro
2008-11-16 20:58 . 2008-11-16 20:58d—-c— C:MPS
2008-11-16 20:36 . 2008-11-16 20:36 20 —a
c:windowsmafosav.INI
2008-11-16 17:07 . 2008-11-16 17:09 3,576 —a
c:windowssystem32tmp.reg
2008-11-16 17:06 . 2007-09-05 23:22 289,144 —a
c:windowssystem32VCCLSID.exe
2008-11-16 17:06 . 2006-04-27 16:49 288,417 —a
c:windowssystem32SrchSTS.exe
2008-11-16 17:06 . 2008-10-01 14:51 87,552 —a
c:windowssystem32VACFix.exe
2008-11-16 17:06 . 2008-10-10 07:58 82,944 —a
c:windowssystem32o4Patch.exe
2008-11-16 17:06 . 2008-05-18 20:40 82,944 —a
c:windowssystem32IEDFix.exe
2008-11-16 17:06 . 2008-10-10 07:58 82,944 —a
c:windowssystem32IEDFix.C.exe
2008-11-16 17:06 . 2008-08-18 11:19 82,432 —a
c:windowssystem32404Fix.exe
2008-11-16 17:06 . 2003-06-05 20:13 53,248 —a
c:windowssystem32Process.exe
2008-11-16 17:06 . 2004-07-31 17:50 51,200 —a
c:windowssystem32dumphive.exe
2008-11-16 17:06 . 2007-10-03 23:36 25,600 —a
c:windowssystem32WS2Fix.exe
2008-11-12 09:14 . 2008-11-12 09:14d
c:documents and settings1Application DataCommFort.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 16:38 96,256 —-a-w c:windowssystem32driverssptd5165.sys
2008-11-23 10:11
d
w c:program filesQIP
2008-11-16 14:12
d
w c:program filesGoogle
2008-11-12 06:14
d
w c:program filesCommFort
2008-10-24 11:10 453,632 —-a-w c:windowssystem32driversmrxsmb.sys
2008-10-16 11:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32wups.dll
2008-09-30 13:43 1,286,152 —-a-w c:windowssystem32msxml4.dll
2008-09-27 13:46 98,304 —-a-w c:windowssystem32CmdLineExt.dll
2008-09-15 15:40 1,846,144 —-a-w c:windowssystem32win32k.sys
2008-09-04 16:45 1,106,944 —-a-w c:windowssystem32msxml3.dll
2007-05-20 17:54 23,920 —-a-w c:documents and settings1Application DataGDIPFONTCACHEV1.DAT
2007-04-09 18:06 88 —sh—r c:windowssystem3273FC4AA668.sys
2008-02-11 18:13 6,738 —sha-w c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((( snapshot@2008-11-23_12.40.29,54 )))))))))))))))))))))))))))))))))))))))))
.
— 2007-06-16 10:28:39 1,257,472 —-a-w c:windowsassemblyGACSystem.Web1.0.5000.0__b03f5f7f11d50a3aSystem.Web.dll
+ 2008-11-28 16:38:32 1,265,664 —-a-w c:windowsassemblyGACSystem.Web1.0.5000.0__b03f5f7f11d50a3aSystem.Web.dll
— 2007-06-16 10:28:41 1,224,704 —-a-w c:windowsassemblyGACSystem1.0.5000.0__b77a5c561934e089System.dll
+ 2008-11-28 16:38:33 1,232,896 —-a-w c:windowsassemblyGACSystem1.0.5000.0__b77a5c561934e089System.dll
+ 2008-11-28 16:47:45 118,784 —-a-w c:windowsassemblyNativeImages1_v1.1.4322CustomMarshalers1.0.5000.0__b03f5f7f11d50a3a_36c33a25CustomMarshalers.dll
+ 2008-11-28 16:38:42 61,440 —-a-w c:windowsassemblyNativeImages1_v1.1.4322CustomMarshalers1.0.5000.0__b03f5f7f11d50a3a_e01a712bCustomMarshalers.dll
+ 2008-11-28 16:47:33 3,391,488 —-a-w c:windowsassemblyNativeImages1_v1.1.4322mscorlib1.0.5000.0__b77a5c561934e089_bc737fd6mscorlib.dll
+ 2008-11-28 16:48:03 8,908,800 —-a-w c:windowsassemblyNativeImages1_v1.1.4322mscorlib1.0.5000.0__b77a5c561934e089_fa556450mscorlib.dll
+ 2008-11-28 16:47:58 3,395,584 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Design1.0.5000.0__b03f5f7f11d50a3a_36a25055System.Design.dll
+ 2008-11-28 16:47:26 1,470,464 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Design1.0.5000.0__b03f5f7f11d50a3a_d1cfdd73System.Design.dll
+ 2008-11-28 16:47:46 192,512 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Drawing.Design1.0.5000.0__b03f5f7f11d50a3a_731a06adSystem.Drawing.Design.dll
+ 2008-11-28 16:46:39 90,112 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Drawing.Design1.0.5000.0__b03f5f7f11d50a3a_9c2eee84System.Drawing.Design.dll
+ 2008-11-28 16:47:59 2,244,608 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Drawing1.0.5000.0__b03f5f7f11d50a3a_73122f79System.Drawing.dll
+ 2008-11-28 16:47:29 835,584 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Drawing1.0.5000.0__b03f5f7f11d50a3a_829d5cf4System.Drawing.dll
+ 2008-11-28 16:46:51 3,018,752 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Windows.Forms1.0.5000.0__b77a5c561934e089_b59167b2System.Windows.Forms.dll
+ 2008-11-28 16:47:51 7,884,800 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Windows.Forms1.0.5000.0__b77a5c561934e089_ca5d2d37System.Windows.Forms.dll
+ 2008-11-28 16:47:55 5,513,216 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Xml1.0.5000.0__b77a5c561934e089_0b159bfdSystem.Xml.dll
+ 2008-11-28 16:47:16 2,088,960 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System.Xml1.0.5000.0__b77a5c561934e089_7c81e895System.Xml.dll
+ 2008-11-28 16:38:41 1,966,080 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System1.0.5000.0__b77a5c561934e089_2d3b36ccSystem.dll
+ 2008-11-28 16:47:44 4,788,224 —-a-w c:windowsassemblyNativeImages1_v1.1.4322System1.0.5000.0__b77a5c561934e089_7b54f1d7System.dll
+ 2008-06-14 17:59:58 272,512
w c:windowsDriver Cachei386bthport.sys
+ 2008-10-24 11:10:42 453,632
w c:windowsDriver Cachei386mrxsmb.sys
+ 2008-08-14 13:47:00 2,138,112
w c:windowsDriver Cachei386ntkrnlmp.exe
+ 2008-08-14 13:47:11 2,059,520
w c:windowsDriver Cachei386ntkrnlpa.exe
+ 2008-08-14 13:47:00 2,017,792
w c:windowsDriver Cachei386ntkrpamp.exe
+ 2008-08-14 13:47:11 2,182,144
w c:windowsDriver Cachei386ntoskrnl.exe
+ 2008-11-27 18:43:39 32,768 —-a-r c:windowsInstaller{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}icon.exe
— 2004-07-14 21:49:16 258,048 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322aspnet_isapi.dll
+ 2007-04-13 18:30:52 258,048 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322aspnet_isapi.dll
— 2004-07-14 21:49:22 32,768 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322aspnet_wp.exe
+ 2007-04-13 18:30:52 32,768 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322aspnet_wp.exe
— 2004-07-14 20:32:22 81,920 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322CORPerfMonExt.dll
+ 2007-04-13 17:57:52 81,920 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322CORPerfMonExt.dll
— 2003-02-21 00:09:14 86,016 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorie.dll
+ 2007-04-13 17:57:58 86,016 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorie.dll
— 2004-07-14 20:25:06 315,392 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorjit.dll
+ 2007-04-13 17:56:30 315,392 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorjit.dll
— 2004-07-14 20:33:04 102,400 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorld.dll
+ 2007-04-13 17:58:00 102,400 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorld.dll
— 2004-07-15 10:29:02 2,138,112 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorlib.dll
+ 2007-04-13 17:50:46 2,142,208 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorlib.dll
— 2003-02-21 00:09:18 77,824 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorsn.dll
+ 2007-04-13 17:58:02 77,824 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorsn.dll
— 2004-07-14 20:26:52 2,510,848 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorsvr.dll
+ 2007-04-13 17:57:00 2,523,136 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorsvr.dll
— 2004-07-14 20:28:34 2,502,656 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorwks.dll
+ 2007-04-13 17:57:28 2,514,944 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322mscorwks.dll
— 2004-08-10 12:20:00 106,496 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322netfxupdate.exe
+ 2007-01-15 13:11:26 73,728 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322netfxupdate.exe
+ 2004-07-14 21:49:16 258,048 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_aspnet_isapi.dll
+ 2004-07-14 20:32:22 81,920 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_CORPerfMonExt.dll
+ 2004-07-14 20:24:30 282,624 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_fusion.dll
+ 2004-07-14 20:25:06 315,392 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_mscorjit.dll
+ 2004-07-15 10:29:02 2,138,112 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_mscorsn.dll
+ 2004-07-14 20:26:52 2,510,848 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_mscorsvr.dll
+ 2004-07-14 20:28:34 2,502,656 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_msvcr71.dll
+ 2004-07-14 20:34:50 94,208 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322SHADOW2208_PerfCounter.dll
— 2004-07-15 10:31:16 1,224,704 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322System.dll
+ 2007-04-13 18:35:38 1,232,896 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322System.dll
— 2004-07-15 10:29:00 1,257,472 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322System.Web.dll
+ 2007-04-13 18:35:46 1,265,664 —-a-w c:windowsMicrosoft.NETFrameworkv1.1.4322System.Web.dll
— 2004-08-17 12:04:12 1,017,344 —-a-w c:windowssystem32browseui.dll
+ 2008-08-20 05:37:29 1,023,488 —-a-w c:windowssystem32browseui.dll
— 2004-08-17 12:04:12 151,040 —-a-w c:windowssystem32cdfview.dll
+ 2008-08-20 05:37:21 151,552 —-a-w c:windowssystem32cdfview.dll
— 2004-08-17 12:04:12 1,054,720 —-a-w c:windowssystem32danim.dll
+ 2008-08-20 05:37:23 1,055,232 —-a-w c:windowssystem32danim.dll
— 2004-08-03 19:14:16 138,496 -c—a-w c:windowssystem32dllcacheafd.sys
+ 2008-08-14 09:51:43 138,368 -c—a-w c:windowssystem32dllcacheafd.sys
— 2004-08-17 12:04:12 1,017,344 -c—a-w c:windowssystem32dllcachebrowseui.dll
+ 2008-08-20 05:37:29 1,023,488 -c—a-w c:windowssystem32dllcachebrowseui.dll
— 2004-08-17 12:04:12 151,040 -c—a-w c:windowssystem32dllcachecdfview.dll
+ 2008-08-20 05:37:21 151,552 -c—a-w c:windowssystem32dllcachecdfview.dll
— 2004-08-17 12:04:12 66,560 -c—a-w c:windowssystem32dllcachecdm.dll
+ 2008-10-16 11:09:44 92,696 -c—a-w c:windowssystem32dllcachecdm.dll
— 2004-08-17 12:04:12 1,054,720 -c—a-w c:windowssystem32dllcachedanim.dll
+ 2008-08-20 05:37:23 1,055,232 -c—a-w c:windowssystem32dllcachedanim.dll
— 2004-08-17 12:04:14 357,888 -c—a-w c:windowssystem32dllcachedxtmsft.dll
+ 2008-08-20 05:37:23 357,888 -c—a-w c:windowssystem32dllcachedxtmsft.dll
— 2004-08-17 12:04:14 201,728 -c—a-w c:windowssystem32dllcachedxtrans.dll
+ 2008-08-20 05:37:24 205,312 -c—a-w c:windowssystem32dllcachedxtrans.dll
— 2004-08-17 12:04:16 243,200 -c—a-w c:windowssystem32dllcachees.dll
+ 2008-07-07 20:32:21 253,952 -c—a-w c:windowssystem32dllcachees.dll
— 2004-08-17 12:04:16 55,808 -c—a-w c:windowssystem32dllcacheextmgr.dll
+ 2008-08-20 05:37:24 55,808 -c—a-w c:windowssystem32dllcacheextmgr.dll
— 2004-08-17 12:04:50 18,432 -c—a-w c:windowssystem32dllcacheiedw.exe
+ 2008-08-19 09:30:39 18,432 -c—a-w c:windowssystem32dllcacheiedw.exe
— 2004-08-17 12:04:16 249,344 -c—a-w c:windowssystem32dllcacheiepeers.dll
+ 2008-08-20 05:37:24 251,392 -c—a-w c:windowssystem32dllcacheiepeers.dll
— 2004-08-17 12:04:18 678,400 -c—a-w c:windowssystem32dllcacheinetcomm.dll
+ 2008-04-11 18:51:35 683,520 -c—a-w c:windowssystem32dllcacheinetcomm.dll
— 2004-08-17 12:04:20 96,256 -c—a-w c:windowssystem32dllcacheinseng.dll
+ 2008-08-20 05:37:24 96,256 -c—a-w c:windowssystem32dllcacheinseng.dll
— 2004-08-17 12:04:20 450,560 -c—a-w c:windowssystem32dllcachejscript.dll
+ 2007-12-18 14:43:09 450,560 -c—a-w c:windowssystem32dllcachejscript.dll
— 2004-08-17 12:04:20 15,872 -c—a-w c:windowssystem32dllcachejsproxy.dll
+ 2008-08-20 05:37:28 16,384 -c—a-w c:windowssystem32dllcachejsproxy.dll
— 2004-08-03 19:15:18 451,456 -c—a-w c:windowssystem32dllcachemrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c—a-w c:windowssystem32dllcachemrxsmb.sys
— 2004-08-17 12:04:22 331,776 -c—a-w c:windowssystem32dllcachemsadce.dll
+ 2008-05-01 14:33:02 331,776 -c—a-w c:windowssystem32dllcachemsadce.dll
— 2004-08-17 12:04:22 73,728 -c—a-w c:windowssystem32dllcachemscms.dll
+ 2008-06-24 16:24:22 74,240 -c—a-w c:windowssystem32dllcachemscms.dll
— 2004-08-17 12:04:22 3,003,392 -c—a-w c:windowssystem32dllcachemshtml.dll
+ 2008-08-20 05:37:31 3,081,216 -c—a-w c:windowssystem32dllcachemshtml.dll
— 2004-08-17 12:04:22 448,512 -c—a-w c:windowssystem32dllcachemshtmled.dll
+ 2008-08-20 05:37:28 449,024 -c—a-w c:windowssystem32dllcachemshtmled.dll
— 2004-08-17 12:04:24 146,432 -c—a-w c:windowssystem32dllcachemsrating.dll
+ 2008-08-20 05:37:24 146,432 -c—a-w c:windowssystem32dllcachemsrating.dll
— 2004-08-17 12:04:24 530,432 -c—a-w c:windowssystem32dllcachemstime.dll
+ 2008-08-20 05:37:25 532,480 -c—a-w c:windowssystem32dllcachemstime.dll
— 2004-08-17 12:04:26 1,236,480 -c—a-w c:windowssystem32dllcachemsxml3.dll
+ 2008-09-04 16:45:59 1,106,944 -c—a-w c:windowssystem32dllcachemsxml3.dll
— 2004-08-17 12:04:28 332,288 -c—a-w c:windowssystem32dllcachenetapi32.dll
+ 2008-10-15 17:00:42 332,800 -c—a-w c:windowssystem32dllcachenetapi32.dll
— 2004-08-17 11:57:52 2,150,400 -c—a-w c:windowssystem32dllcachentkrnlmp.exe
+ 2008-08-14 13:47:00 2,138,112 -c—a-w c:windowssystem32dllcachentkrnlmp.exe
— 2004-08-17 12:16:30 2,017,280 -c—a-w c:windowssystem32dllcachentkrpamp.exe
+ 2008-08-14 13:47:00 2,017,792 -c—a-w c:windowssystem32dllcachentkrpamp.exe
— 2004-08-17 12:04:28 39,424 -c—a-w c:windowssystem32dllcachepngfilt.dll
+ 2008-08-20 05:37:25 39,424 -c—a-w c:windowssystem32dllcachepngfilt.dll
— 2004-08-17 12:04:28 1,289,216 -c—a-w c:windowssystem32dllcachequartz.dll
+ 2008-05-07 05:16:18 1,289,216 -c—a-w c:windowssystem32dllcachequartz.dll
— 2001-10-20 12:00:00 200,064 -c—a-w c:windowssystem32dllcachermcast.sys
+ 2008-05-08 12:28:49 202,752 -c—a-w c:windowssystem32dllcachermcast.sys
— 2004-08-17 12:04:30 1,483,264 -c—a-w c:windowssystem32dllcacheshdocvw.dll
+ 2008-08-20 05:37:27 1,494,528 -c—a-w c:windowssystem32dllcacheshdocvw.dll
— 2004-08-17 12:04:30 473,600 -c—a-w c:windowssystem32dllcacheshlwapi.dll
+ 2008-08-20 05:37:29 474,112 -c—a-w c:windowssystem32dllcacheshlwapi.dll
— 2004-08-03 19:14:46 336,256 -c—a-w c:windowssystem32dllcachesrv.sys
+ 2008-08-28 10:04:17 333,056 -c—a-w c:windowssystem32dllcachesrv.sys
— 2004-08-17 12:04:34 600,576 -c—a-w c:windowssystem32dllcacheurlmon.dll
+ 2008-08-20 05:37:29 615,424 -c—a-w c:windowssystem32dllcacheurlmon.dll
— 2004-08-17 12:04:34 417,792 -c—a-w c:windowssystem32dllcachevbscript.dll
+ 2007-12-18 14:43:09 417,792 -c—a-w c:windowssystem32dllcachevbscript.dll
— 2004-08-17 11:54:48 1,836,032 -c—a-w c:windowssystem32dllcachewin32k.sys
+ 2008-09-15 15:40:59 1,846,144 -c—a-w c:windowssystem32dllcachewin32k.sys
— 2004-08-17 12:04:36 656,896 -c—a-w c:windowssystem32dllcachewininet.dll
+ 2008-08-20 05:37:27 659,968 -c—a-w c:windowssystem32dllcachewininet.dll
— 2004-08-17 12:04:36 431,104 -c—a-w c:windowssystem32dllcachewuapi.dll
+ 2008-10-16 11:12:20 561,688 -c—a-w c:windowssystem32dllcachewuapi.dll
— 2004-08-17 12:05:12 111,616 -c—a-w c:windowssystem32dllcachewuauclt.exe
+ 2008-10-16 11:09:44 51,224 -c—a-w c:windowssystem32dllcachewuauclt.exe
— 2004-08-17 12:04:38 1,134,592 -c—a-w c:windowssystem32dllcachewuaueng.dll
+ 2008-10-16 11:13:40 1,809,944 -c—a-w c:windowssystem32dllcachewuaueng.dll
— 2004-08-17 12:04:38 113,152 -c—a-w c:windowssystem32dllcachewucltui.dll
+ 2008-10-16 11:12:22 323,608 -c—a-w c:windowssystem32dllcachewucltui.dll
— 2004-08-17 12:04:38 36,864 -c—a-w c:windowssystem32dllcachewups.dll
+ 2008-10-16 11:08:58 34,328 -c—a-w c:windowssystem32dllcachewups.dll
— 2004-08-17 12:04:38 120,320 -c—a-w c:windowssystem32dllcachewuweb.dll
+ 2008-10-16 11:13:40 202,776 -c—a-w c:windowssystem32dllcachewuweb.dll
— 2004-08-03 19:14:16 138,496 —-a-w c:windowssystem32driversafd.sys
+ 2008-08-14 09:51:43 138,368 —-a-w c:windowssystem32driversafd.sys
— 2001-10-20 12:00:00 200,064 —-a-w c:windowssystem32driversRMCast.sys
+ 2008-05-08 12:28:49 202,752 —-a-w c:windowssystem32driversrmcast.sys
— 2004-08-03 19:14:46 336,256 —-a-w c:windowssystem32driverssrv.sys
+ 2008-08-28 10:04:17 333,056 —-a-w c:windowssystem32driverssrv.sys
— 2004-08-17 12:04:14 357,888 —-a-w c:windowssystem32dxtmsft.dll
+ 2008-08-20 05:37:23 357,888 —-a-w c:windowssystem32dxtmsft.dll
— 2004-08-17 12:04:14 201,728 —-a-w c:windowssystem32dxtrans.dll
+ 2008-08-20 05:37:24 205,312 —-a-w c:windowssystem32dxtrans.dll
— 2004-08-17 12:04:16 243,200 —-a-w c:windowssystem32es.dll
+ 2008-07-07 20:32:21 253,952 —-a-w c:windowssystem32es.dll
— 2004-08-17 12:04:16 55,808 —-a-w c:windowssystem32extmgr.dll
+ 2008-08-20 05:37:24 55,808 —-a-w c:windowssystem32extmgr.dll
— 2008-08-28 15:34:33 213,224 —-a-w c:windowssystem32FNTCACHE.DAT
+ 2008-11-28 12:22:12 213,224 —-a-w c:windowssystem32FNTCACHE.DAT
+ 2004-08-17 12:04:20 62,976 —-a-w c:windowssystem32fpcsfryr.dll
— 2004-08-17 12:04:16 249,344 —-a-w c:windowssystem32iepeers.dll
+ 2008-08-20 05:37:24 251,392 —-a-w c:windowssystem32iepeers.dll
— 2004-08-17 12:04:18 678,400 —-a-w c:windowssystem32inetcomm.dll
+ 2008-04-11 18:51:35 683,520 —-a-w c:windowssystem32inetcomm.dll
— 2004-08-17 12:04:20 96,256 —-a-w c:windowssystem32inseng.dll
+ 2008-08-20 05:37:24 96,256 —-a-w c:windowssystem32inseng.dll
— 2004-08-17 12:04:20 450,560 —-a-w c:windowssystem32jscript.dll
+ 2007-12-18 14:43:09 450,560 —-a-w c:windowssystem32jscript.dll
— 2004-08-17 12:04:20 15,872 —-a-w c:windowssystem32jsproxy.dll
+ 2008-08-20 05:37:28 16,384 —-a-w c:windowssystem32jsproxy.dll
+ 2006-01-21 13:01:22 25,088 —-a-w c:windowssystem32MacromedFlashgenuinst.exe
+ 2006-01-03 23:14:12 20,480 —-a-w c:windowssystem32MacromedFlashUninstFl.exe
— 2004-08-17 12:04:22 73,728 —-a-w c:windowssystem32mscms.dll
+ 2008-06-24 16:24:22 74,240 —-a-w c:windowssystem32mscms.dll
— 2004-07-14 20:24:50 155,648 —-a-w c:windowssystem32mscoree.dll
+ 2006-12-22 09:28:14 271,360 —-a-w c:windowssystem32mscoree.dll
— 2004-08-17 12:04:22 3,003,392 —-a-w c:windowssystem32mshtml.dll
+ 2008-08-20 05:37:31 3,081,216 —-a-w c:windowssystem32mshtml.dll
— 2004-08-17 12:04:22 448,512 —-a-w c:windowssystem32mshtmled.dll
+ 2008-08-20 05:37:28 449,024 —-a-w c:windowssystem32mshtmled.dll
— 2004-08-17 12:04:24 146,432 —-a-w c:windowssystem32msrating.dll
+ 2008-08-20 05:37:24 146,432 —-a-w c:windowssystem32msrating.dll
— 2004-08-17 12:04:24 530,432 —-a-w c:windowssystem32mstime.dll
+ 2008-08-20 05:37:25 532,480 —-a-w c:windowssystem32mstime.dll
+ 2006-12-22 10:02:36 6,144 —-a-w c:windowssystem32mui0409mscorees.dll
— 2004-08-17 12:04:28 332,288 —-a-w c:windowssystem32netapi32.dll
+ 2008-10-15 17:00:42 332,800 —-a-w c:windowssystem32netapi32.dll
— 2004-08-17 12:16:30 2,017,280 —-a-w c:windowssystem32ntkrnlpa.exe
+ 2008-08-14 13:47:00 2,017,792 —-a-w c:windowssystem32ntkrnlpa.exe
— 2004-08-17 11:57:52 2,150,400 —-a-w c:windowssystem32ntoskrnl.exe
+ 2008-08-14 13:47:00 2,138,112 —-a-w c:windowssystem32ntoskrnl.exe
— 2004-08-17 12:04:28 39,424 —-a-w c:windowssystem32pngfilt.dll
+ 2008-08-20 05:37:25 39,424 —-a-w c:windowssystem32pngfilt.dll
— 2004-08-17 12:04:28 1,289,216 —-a-w c:windowssystem32quartz.dll
+ 2008-05-07 05:16:18 1,289,216 —-a-w c:windowssystem32quartz.dll
— 2004-08-17 12:04:30 1,483,264 —-a-w c:windowssystem32shdocvw.dll
+ 2008-08-20 05:37:27 1,494,528 —-a-w c:windowssystem32shdocvw.dll
— 2004-08-17 12:04:30 473,600 —-a-w c:windowssystem32shlwapi.dll
+ 2008-08-20 05:37:29 474,112 —-a-w c:windowssystem32shlwapi.dll
+ 2008-10-16 11:08:58 34,328 —-a-w c:windowssystem32SoftwareDistributionSetupServiceStartupwups.dll7.2.6001.788wups.dll
— 2005-03-21 11:00:10 14,048 —-a-w c:windowssystem32spmsg.dll
+ 2007-11-30 11:21:39 17,784
w c:windowssystem32spmsg.dll
— 2004-11-18 07:42:52 22,752 —-a-w c:windowssystem32spupdsvc.exe
+ 2005-02-25 03:36:23 22,752 —-a-w c:windowssystem32spupdsvc.exe
+ 2008-07-14 11:09:18 62,976
w c:windowssystem32tzchange.exe
— 2004-08-17 12:04:34 600,576 —-a-w c:windowssystem32urlmon.dll
+ 2008-08-20 05:37:29 615,424 —-a-w c:windowssystem32urlmon.dll
— 2004-08-17 12:04:34 417,792 —-a-w c:windowssystem32vbscript.dll
+ 2007-12-18 14:43:09 417,792 —-a-w c:windowssystem32vbscript.dll
— 2004-08-17 12:04:36 656,896 —-a-w c:windowssystem32wininet.dll
+ 2008-08-20 05:37:27 659,968 —-a-w c:windowssystem32wininet.dll
+ 2008-08-19 09:51:56 360,448
w c:windowssystem32xpsp3res.dll
+ 2008-09-30 13:42:08 1,286,152 —-a-w c:windowsWinSxSx86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cfmsxml4.dll
+ 2008-09-30 13:45:12 91,656 —-a-w c:windowsWinSxSx86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bcebmsxml4r.dll
+ 2008-04-15 17:59:11 1,724,416 —-a-w c:windowsWinSxSx86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88GdiPlus.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«QDictionary»=»d:игорьАнглийский переводчикqd-enrusQDictionary.exe» [2006-02-22 306688]
«NBJ»=»c:program filesAheadNero BackItUpNBJ.exe» [2005-04-14 1957888]
«CommFort client»=»c:program filesCommFortCommFort.exe» [2008-09-08 3509760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-08-11 7630848]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-08-11 86016]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2005-10-26 159744]
«Adobe Photo Downloader»=»c:program filesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe» [2005-06-06 57344]
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceisuspm.exe» [2005-08-11 249856]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«KAVPersonal50″=»c:program filesKaspersky LabKaspersky Anti-Virus Personal Prokav.exe» [2006-03-20 94311]
«RTHDCPL»=»RTHDCPL.EXE» [2006-07-21 c:windowsRTHDCPL.exe]
«SkyTel»=»SkyTel.EXE» [2006-05-16 c:windowsSkyTel.exe]
«nwiz»=»nwiz.exe» [2006-08-11 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settings1ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-03-16 113664]
Start HASP-Emu.lnk — c:program filesSableWINNTstartnt.bat [2007-09-06 18]
UniChat.lnk — c:program filesUniChatunichat.exe [2005-06-26 2489344]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2007-08-14 1183744]
PHOTOfunSTUDIO -viewer-.lnk — c:program filesPanasonicPHOTOfunSTUDIO -viewer-PhAutoRun.exe [2008-08-28 40960][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«c:\Games\TRIADA\Need For Speed Underground\speed.exe»=
«c:\Program Files\FlylinkDC++\FlylinkDC.exe»=
«c:\Program Files\UniChat\unichat.exe»=
«c:\Program Files\CommFort\CommFort.exe»=
«c:\Program Files\QIP\qip.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«2518:TCP»= 2518:TCP:WWWR1 Klmc;Klmc;c:windowssystem32driversklmc.sys [2006-03-20 10931]
R2 NVKEYNT;NVKEYNT;??c:windowssystem32DRIVERSNVKEYNT.SYS [2007-05-04 68704]
R2 venemu;venemu;c:windowssystem32driversvenemu.sys [2007-05-04 18944]
S2 hseryqayo;hseryqayo;c:windowssystem32svchost.exe -k netsvcs [2004-08-17 14336]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);c:windowssystem32DRIVERSk310bus.sys [2007-07-28 60800]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;c:windowssystem32DRIVERSk310mdfl.sys [2007-07-28 9264]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;c:windowssystem32DRIVERSk310mdm.sys [2007-07-28 96352]
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSk310mgmt.sys [2007-07-28 87824]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;c:windowssystem32DRIVERSk310obex.sys [2007-07-28 85696]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:windowssystem32DRIVERSSE2Ebus.sys [2007-03-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:windowssystem32DRIVERSSE2Emdfl.sys [2007-03-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:windowssystem32DRIVERSSE2Emdm.sys [2007-03-01 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSSE2Emgmt.sys [2007-03-01 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:windowssystem32DRIVERSse2End5.sys [2007-03-01 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:windowssystem32DRIVERSSE2Eobex.sys [2007-03-01 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:windowssystem32DRIVERSse2Eunic.sys [2007-03-01 90800]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
hseryqayo
.
Contents of the ‘Scheduled Tasks’ folder2008-08-28 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-06-03 12:42]
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 15:34:54
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-11-29 15:35:29
ComboFix-quarantined-files.txt 2008-11-29 12:35:27
ComboFix2.txt 2008-11-23 09:49:52
ComboFix3.txt 2008-11-23 09:40:52Pre-Run: 1 064 648 704 байт свободно
Post-Run: 1,064,394,752 байт свободно398 — E O F — 2008-11-28 16:38:37
