Созданные ответы форума
-
Сообщения
-
лог после сомбо_фих…
ComboFix 08-12-05.01 — barbiling 2008-12-06 18:40:59.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1489 [GMT 3:00]
Running from: c:downloadsПрограммыComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowslsass.exe
c:windowssystem32AutoRun.inf
c:windowssystem32csrcs.exe
c:windowssystem32msblcd32.dll.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.2008-12-06 13:37 . 2008-12-06 13:37
d
c:program filesTrend Micro
2008-12-06 12:54 . 2008-12-06 18:29 817,184 —ahs—- c:windowssystem32driversfidbox.dat
2008-12-06 12:54 . 2008-12-06 18:29 12,740 —ahs—- c:windowssystem32driversfidbox.idx
2008-12-06 12:47 . 2008-12-06 12:47 0 -rahs—- C:khr
2008-12-06 05:56 . 2008-12-06 05:56d
c:documents and settingsLocalServiceApplication DataAhead
2008-12-06 04:31 . 2008-12-06 13:10 420,610 —a
c:windowssystem32cftm.exe
2008-12-06 02:14 . 2008-12-06 02:14d
c:program filesK-Lite Codec Pack
2008-12-06 02:09 . 2008-12-06 02:11 15,689,006 —a
c:program filesklcodec434f.exe
2008-12-06 01:55 . 2003-03-19 06:14 499,712 —a
c:windowssystem32msvcp71.dll
2008-12-06 01:44 . 2008-12-06 18:26d
c:program filesDrWeb
2008-12-06 01:44 . 2008-12-06 01:44 77,824 —a—-t- c:windowssystem32DRWEBSP.DLL
2008-12-06 01:42 . 2008-12-06 01:42 939,414 —a
C:drupdate6-kmizar.exe
2008-12-06 01:33 . 2008-12-06 01:47d
c:documents and settingsbarbilingDoctorWeb
2008-12-05 22:52 . 2008-12-05 22:52d
c:program filesGoogle
2008-12-05 22:52 . 2008-12-06 18:31d
c:documents and settingsbarbilingApplication DataSkype
2008-12-05 22:50 . 2008-12-05 22:50d
c:program filesSkype
2008-12-05 22:50 . 2008-12-05 22:50d
c:program filesCommon FilesSkype
2008-12-05 22:50 . 2008-12-05 22:50d
c:documents and settingsAll UsersApplication DataSkype
2008-12-05 22:38 . 2008-12-05 22:38d
c:documents and settingsAll UsersApplication DatanView_Profiles
2008-12-05 19:03 . 2008-12-06 01:54d
c:program filesJockerSoft
2008-12-05 19:03 . 2008-12-06 18:39d
c:program filesCrawler
2008-12-05 18:22 . 2008-12-06 03:37d
c:program filesuTorrent
2008-12-05 18:22 . 2008-12-06 08:09d
c:documents and settingsbarbilingApplication DatauTorrent
2008-12-04 22:38 . 2008-12-04 22:38d
c:program filesAF Uninstalls
2008-12-04 22:38 . 2008-12-04 22:38 1,081,616 —a
c:windowssystem32mscomctl.ocx
2008-12-04 22:38 . 2008-12-04 22:38 662,288 —a
c:windowssystem32MSCOMCT2.OCX
2008-12-04 22:38 . 2008-12-04 22:38 212,240 —a
c:windowssystem32RICHTX32.OCX
2008-12-04 22:38 . 2008-12-04 22:38 152,848 —a
c:windowssystem32COMDLG32.OCX
2008-12-04 22:38 . 2008-12-04 22:38 124,688 —a
c:windowssystem32MSWINSCK.OCX
2008-12-04 22:38 . 2008-12-04 22:38 67,376 —a
c:windowssystem32SYSINFO.OCX
2008-12-04 18:37 . 2008-12-06 07:11d
C:Downloads
2008-12-04 18:37 . 2008-12-04 18:56d
c:documents and settingsbarbilingApplication DataDownload Master
2008-12-04 18:36 . 2008-12-04 18:36d
c:program filesDownload Master
2008-12-04 18:36 . 2008-12-04 18:36 5,044,349 —a
c:program filesdmaster.exe
2008-12-04 15:40 . 2008-12-04 15:40 4,517,616 —a
c:program filesIpTvPlayer_0.28.exe
2008-12-03 23:32 . 2008-12-03 23:32d
c:documents and settingsbarbilingApplication DataMedia Player Classic
2008-12-03 23:23 . 2008-12-03 23:23d
c:documents and settingsbarbilingApplication DataAhead
2008-12-03 22:18 . 2008-12-03 22:18d
c:documents and settingsbarbilingApplication DataInstallShield
2008-12-03 22:01 . 2008-12-03 21:53d—h
c:documents and settingsbarbilingШаблоны
2008-12-03 22:01 . 2008-12-06 18:29d
c:documents and settingsbarbilingРабочий стол
2008-12-03 22:01 . 2008-12-06 03:37dr
c:documents and settingsbarbilingМои документы
2008-12-03 22:01 . 2008-12-05 18:22dr
c:documents and settingsbarbilingГлавное меню
2008-12-03 22:01 . 2008-12-06 13:33dr
c:documents and settingsbarbilingИзбранное.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 22:44
d—h—w c:program filesInstallShield Installation Information
2008-12-05 19:38
d
w c:program filesc litle
2008-12-04 19:38 284,160 —-a-w c:windowssystem32pdh.dll
2008-12-03 20:35
d
w c:program filesZD Soft
2008-12-03 20:35
d
w c:program fileszapis video s igr
2008-12-03 20:32
d
w c:program filesflash player
2008-12-03 20:30
d
w c:program filesWinamp
2008-12-03 20:28 266,240 —-a-w c:windowssystem32dfxg11.dll
2008-12-03 20:28
d
w c:program fileswinamp_soft
2008-12-03 20:28
d
w c:program filesDfx
2008-12-03 20:23
d
w c:program filesNero
2008-12-03 20:23
d
w c:program filesCommon FilesAhead
2008-12-03 20:23
d
w c:documents and settingsAll UsersApplication DataNero
2008-12-03 20:20
d
w c:program filesnero 7.7.5.1_rus
2008-12-03 20:16
d
w c:program filesWinRAR-3.71
2008-12-03 19:20
d
w c:program filesAMD
2008-12-03 19:16
d
w c:program filesRealtek
2008-12-03 19:13 315,392 —-a-w c:windowsHideWin.exe
2008-12-03 19:07
d
w c:program filesCommon FilesInstallShield
2008-12-03 18:57
d
w c:program filesmicrosoft frontpage
2008-11-24 14:32 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-10-28 22:35 684,032 —-a-w c:windowssystem32divx.dll
2008-09-25 08:03 81,920 —-a-w c:windowssystem32dpl100.dll
2008-09-19 21:57 3,596,288 —-a-w c:windowssystem32qt-dx331.dll
2006-06-22 10:44 2,078,344 —-a-w c:program filesNPSWF32.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2007-01-15 147456]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-11-18 3297280]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2007-08-17 23120680]
«swg»=»c:program filesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe» [2008-12-05 171448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-05-11 8429568]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-05-11 81920]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«WinampAgent»=»c:program filesWinampWinampa.exe» [2001-10-02 10752]
«SpIDerMail»=»c:program filesDrWebspiderml.exe» [2008-06-10 501080]
«DrWebScheduler»=»c:program filesDrWebDRWEBSCD.EXE» [2008-05-05 283888]
«SpIDerNT»=»c:progra~1DrWebspiderui.exe» [2008-10-23 197896]
«nwiz»=»nwiz.exe» [2007-05-11 c:windowssystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2007-04-12 c:windowsRTHDCPL.exe][HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=PP2 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe [2008-12-06 197896]
R2 SPIDER;SpIDer Guard File System Monitor;??c:progra~1DrWebspider.sys [2008-12-06 268040]
S3 utg4njgz;AVZ Kernel Driver;??c:windowssystem32Driversutg4njgz.sys []*Newly Created Service* — PROCEXP90
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 18:41:33
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(768)
c:windowssystem32DRWEBSP.DLL
.
Completion time: 2008-12-06 18:41:52
ComboFix-quarantined-files.txt 2008-12-06 15:41:44Pre-Run: 36 977 487 872 байт свободно
Post-Run: 37,726,081,024 байт свободно135
