Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

Зараза вирус WIN 32 Malware-gen [РЕШЕН]

С.П.В
в Премахване на зловреден софтуер

Featured Replies

Здравейте !! OS Windous XP sp2 , антивирус NOD 32 !! Лиценза на антивирусната изтече , не го поднових , моя грешка !! При десен бутон на My computer , properties започна да се появява следното съобщение ; The application or DLL C:\WINDOUS\system32\netid.dllis not a valid Windous image.Please check this againstyour installation diskette. Усъмних се за вирус , деинсталирах NOD 32 и инсталирах PRO на AVAST !! Сканирах и излезе следното : Име на файл C:\extensions\....\dllhelper.dll Състояние Win 32:Malware-gen . Сложих го под карантина !! За това се обръщам към вас ,за компетентно мнение и помощ !! Това са резултатите от DDS .

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by h at 0:00:22 on 2012-01-29

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.bg/

uSearch Page = yandex.ru

uDefault_Page_URL = yandex.ru

uDefault_Search_URL = yandex.ru

uSearch Bar = yandex.ru

mDefault_Page_URL = yandex.ru

mDefault_Search_URL = yandex.ru

mSearch Page = yandex.ru

mSearch Bar = yandex.ru

uSearchAssistant = yandex.ru

mSearchAssistant = yandex.ru

uURLSearchHooks: Searcher Class: {c44d2ea2-fcce-4ce8-8710-5ed0d33f7677} - c:\program files\lwgame rubar toolbar\rubar.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: GretechBHO Class: {f0181c6e-9218-4792-9f3c-e8df52b2f1ac} - c:\program files\gretech\gompicker\GomPickerBHO.dll

TB: Lwgame RuBar: {23dd83b5-bddc-49ce-b77b-514819c6d551} - c:\program files\lwgame rubar toolbar\rubar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\h\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [PerfectSpeed.exe] c:\program files\raxco\perfectspeed20\PerfectSpeed.exe /tray /startrun

mRun: [btTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\docume~1\h\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\program files\datecs\flextype 2k\FType2K.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

IE: &Експортиране към Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm

IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: digicom.bg\tv

Trusted Zone: ubb.bg\ebb

DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} - hxxp://tv.digicom.bg/vlc-0.9.9-win32.exe

DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://ebb.ubb.bg/CAPICOM/capicom.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E23FE9C6-778E-49D4-B537-38FCDE4887D8} - hxxp://tv.digicom.bg/dtvax.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C7721192-8C18-43CC-AB36-5D078A510168} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-01-28 16:38:26 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-28 16:36:30 41184 ----a-w- c:\windows\avastSS.scr

2012-01-28 16:35:34 -------- d-----w- c:\program files\AVAST Software

2012-01-28 16:35:34 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-01-28 14:09:32 -------- d-----w- C:\VundoFix Backups

2012-01-27 12:03:40 -------- dc----w- c:\documents and settings\h\local settings\application data\bluesoleil

2012-01-27 11:58:34 -------- d-----w- c:\program files\IVT Corporation

2012-01-25 14:34:17 -------- dc----w- c:\documents and settings\h\application data\Mirillis

2012-01-25 14:34:17 -------- d-----w- c:\documents and settings\all users\application data\Mirillis

2012-01-25 14:34:16 -------- dc----w- c:\documents and settings\h\local settings\application data\Mirillis

2012-01-25 14:23:23 -------- dc----w- c:\documents and settings\h\local settings\application data\Thinstall

2012-01-25 14:23:23 -------- dc----w- c:\documents and settings\h\application data\Thinstall

2012-01-25 12:41:01 -------- dc----w- c:\documents and settings\h\local settings\application data\Daum

2012-01-25 12:40:09 -------- d-----w- c:\program files\DAUM

2012-01-25 11:17:12 -------- dc----w- c:\documents and settings\h\application data\rubar

2012-01-25 11:16:12 -------- d-----w- C:\extensions

2012-01-25 11:16:11 -------- dc----w- c:\documents and settings\h\application data\Lwgame RuBar

2012-01-25 11:16:02 -------- d-----w- c:\program files\Lwgame RuBar Toolbar

2012-01-25 11:14:59 443752 ----a-w- c:\windows\system32\d3dx10_33.dll

2012-01-24 10:34:04 -------- d-----w- c:\windows\XSxS

2012-01-24 10:34:04 -------- d-----w- c:\program files\Xenocode

2012-01-22 14:57:59 -------- dc----w- c:\documents and settings\h\Doctor Web

2012-01-22 14:33:39 -------- d-----w- c:\program files\common files\Doctor Web

2012-01-22 14:29:48 -------- d-----w- c:\program files\DrWeb

2012-01-22 14:29:48 -------- d-----w- c:\documents and settings\all users\application data\Doctor Web

2012-01-21 11:28:45 -------- dc----w- c:\documents and settings\h\local settings\application data\Babylon

2012-01-21 11:28:43 -------- dc----w- c:\documents and settings\h\application data\Babylon

2012-01-21 11:28:43 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-01-21 11:28:17 -------- d-----w- c:\documents and settings\all users\application data\Premium

2012-01-21 11:28:13 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2012-01-10 08:30:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-01 11:44:37 -------- d-----w- c:\program files\GNU

.

==================== Find3M ====================

.

2012-01-25 11:13:53 1194947 ----a-w- c:\program files\common files\unins000.exe

.

============= FINISH: 0:01:18.03 ===============

  • Цитирай

    Здравейте,да проверим съдържанието на тази папка C:\extensions..За целта:

    • Моля, изтеглете SystemLook и запазете програмата на десктопа.
    • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
    • Копирайте съдържанието на следния код в текстовото поле на програмата
    :dir
C:\extensions
    • Кликнете на бутона Look, за да започне сканирането.
    • Когато сканирането завърши ще Ви се отвори Notepad с резултата от сканирането. Моля, публикувайте лог файла в следващия си коментар.
  • Цитирай
    • Автор

    Не се получава !! Изтеглям програмата , отваря се прозореца за стартиране , стартирам и се отваря празен прозорец с два бутона LOOK и EXIT. При look се появява съобщение за грешка : Sistem Look-error Script required ! Извинявам се за недоглеждането , грешката е моя ! SystemLook 30.07.11 by jpshortstuff Log created at 13:06 on 29/01/2012 by h Administrator - Elevation successful ========== dir ========== C:\extensions - Parameters: "(none)" ---Files--- None found. ---Folders--- {9fcd1361-7a19-45af-840d-88ed70eaaa11} d------ [11:16 25/01/2012] -= EOF =-

  • Цитирай

    Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs
    • Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.
    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.
    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.
    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.
    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.
    Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.
  • Цитирай
    • Автор

    ComboFix 12-01-29.02 - h 01/29/2012 22:15:01.1.1 - x86 Running from: c:\documents and settings\h\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\h\Application Data\PriceGong c:\documents and settings\h\Application Data\PriceGong\Data\1.xml c:\documents and settings\h\Application Data\PriceGong\Data\a.xml c:\documents and settings\h\Application Data\PriceGong\Data\b.xml c:\documents and settings\h\Application Data\PriceGong\Data\c.xml c:\documents and settings\h\Application Data\PriceGong\Data\d.xml c:\documents and settings\h\Application Data\PriceGong\Data\e.xml c:\documents and settings\h\Application Data\PriceGong\Data\f.xml c:\documents and settings\h\Application Data\PriceGong\Data\g.xml c:\documents and settings\h\Application Data\PriceGong\Data\h.xml c:\documents and settings\h\Application Data\PriceGong\Data\i.xml c:\documents and settings\h\Application Data\PriceGong\Data\J.xml c:\documents and settings\h\Application Data\PriceGong\Data\k.xml c:\documents and settings\h\Application Data\PriceGong\Data\l.xml c:\documents and settings\h\Application Data\PriceGong\Data\m.xml c:\documents and settings\h\Application Data\PriceGong\Data\n.xml c:\documents and settings\h\Application Data\PriceGong\Data\o.xml c:\documents and settings\h\Application Data\PriceGong\Data\p.xml c:\documents and settings\h\Application Data\PriceGong\Data\q.xml c:\documents and settings\h\Application Data\PriceGong\Data\r.xml c:\documents and settings\h\Application Data\PriceGong\Data\s.xml c:\documents and settings\h\Application Data\PriceGong\Data\t.xml c:\documents and settings\h\Application Data\PriceGong\Data\u.xml c:\documents and settings\h\Application Data\PriceGong\Data\v.xml c:\documents and settings\h\Application Data\PriceGong\Data\w.xml c:\documents and settings\h\Application Data\PriceGong\Data\x.xml c:\documents and settings\h\Application Data\PriceGong\Data\y.xml c:\documents and settings\h\Application Data\PriceGong\Data\z.xml c:\windows\XSxS . c:\windows\system32\netdde.exe . . . is infected!! . c:\windows\system32\drivers\usbehci.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 ))))))))))))))))))))))))))))))) . . 2012-01-28 16:38 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-28 16:38 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-28 16:38 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-28 16:38 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-28 16:38 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-28 16:38 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-01-28 16:38 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-01-28 16:38 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-01-28 16:36 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-01-28 16:36 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\program files\AVAST Software 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-01-28 14:09 . 2012-01-28 14:09 -------- d-----w- C:\VundoFix Backups 2012-01-27 12:03 . 2012-01-27 12:03 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\bluesoleil 2012-01-27 11:58 . 2012-01-27 11:58 -------- d-----w- c:\program files\IVT Corporation 2012-01-26 16:40 . 2012-01-26 16:40 -------- d-----w- c:\program files\Microsoft Silverlight 2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Rubar-Toolbar 2012-01-25 14:34 . 2012-01-25 14:34 -------- dc----w- c:\documents and settings\h\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 15:13 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Mirillis 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Thinstall 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Application Data\Thinstall 2012-01-25 12:41 . 2012-01-25 12:41 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Daum 2012-01-25 12:40 . 2012-01-25 12:40 -------- d-----w- c:\program files\DAUM 2012-01-25 11:17 . 2012-01-25 11:17 -------- dc----w- c:\documents and settings\h\Application Data\rubar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- C:\extensions 2012-01-25 11:16 . 2012-01-25 11:16 -------- dc----w- c:\documents and settings\h\Application Data\Lwgame RuBar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- c:\program files\Lwgame RuBar Toolbar 2012-01-25 11:14 . 2010-05-26 08:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-01-24 10:34 . 2012-01-24 10:34 -------- d-----w- c:\program files\Xenocode 2012-01-22 14:57 . 2012-01-22 14:58 -------- dc----w- c:\documents and settings\h\Doctor Web 2012-01-22 14:33 . 2012-01-22 14:33 -------- d-----w- c:\program files\Common Files\Doctor Web 2012-01-22 14:29 . 2012-01-23 17:35 -------- d-----w- c:\program files\DrWeb 2012-01-22 14:29 . 2012-01-22 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web 2012-01-21 11:29 . 2012-01-21 11:29 -------- d-----w- c:\program files\Windows Sidebar 2012-01-21 11:29 . 2012-01-21 11:30 474 ----a-w- C:\user.js 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2012-01-21 11:28 . 2012-01-21 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2012-01-10 08:30 . 2012-01-10 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-01 11:44 . 2012-01-01 11:44 -------- d-----w- c:\program files\GNU . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677}"= "c:\program files\Lwgame RuBar Toolbar\rubar.dll" [2010-10-28 1077760] . [HKEY_CLASSES_ROOT\clsid\{c44d2ea2-fcce-4ce8-8710-5ed0d33f7677}] [HKEY_CLASSES_ROOT\iebar.Searcher.1] [HKEY_CLASSES_ROOT\TypeLib\{C41FAEC8-6123-4F4D-8B1F-426AF5F9A59A}] [HKEY_CLASSES_ROOT\iebar.Searcher] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{23DD83B5-BDDC-49CE-B77B-514819C6D551}"= "c:\program files\Lwgame RuBar Toolbar\rubar.dll" [2010-10-28 1077760] . [HKEY_CLASSES_ROOT\clsid\{23dd83b5-bddc-49ce-b77b-514819c6d551}] [HKEY_CLASSES_ROOT\iebar.PluginCore.1] [HKEY_CLASSES_ROOT\TypeLib\{C41FAEC8-6123-4F4D-8B1F-426AF5F9A59A}] [HKEY_CLASSES_ROOT\iebar.PluginCore] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 28160] "PerfectSpeed.exe"="c:\program files\Raxco\PerfectSpeed20\PerfectSpeed.exe" [2010-01-21 7365896] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\documents and settings\h\Start Menu\Programs\Startup\ Изрязване на екран и стартиране на OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2010-7-14 95232] SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-2-26 532480] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-07-14 13:05 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-12 10:48 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IP-TV Player\\IpTvPlayer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= . R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x] R2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467] S2 Rubar Update Service;Rubar Update Service;c:\program files\Lwgame RuBar Toolbar\RubarUpdateService.exe [2010-10-28 169984] S2 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [2010-01-21 779528] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248] S3 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [2010-01-21 947464] . . Contents of the 'Scheduled Tasks' folder . 2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003Core.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003UA.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-01-29 c:\windows\Tasks\User_Feed_Synchronization-{207FF4D3-462C-4DC7-824C-E8842C7305A8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.bg/ uDefault_Search_URL = yandex.ru mSearch Bar = yandex.ru uSearchAssistant = yandex.ru IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm Trusted Zone: digicom.bg\tv Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} - hxxp://tv.digicom.bg/vlc-0.9.9-win32.exe DPF: {E23FE9C6-778E-49D4-B537-38FCDE4887D8} - hxxp://tv.digicom.bg/dtvax.cab . . ------- File Associations ------- . . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-29 22:29 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-01-29 22:35:22 ComboFix-quarantined-files.txt 2012-01-29 20:35 . Pre-Run: 9,442,336,768 bytes free Post-Run: 11,949,633,536 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 6167E29D1CD87E02E0509117D2170509

  • Цитирай

    Деинсталирайте остатъците от DrWeb с помоща на този инструмент :Drweb Removal Tool

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
 
Folder::
C:\extensions
C:\VundoFix Backups

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

  • Цитирай
    • Автор

    ComboFix 12-01-29.02 - h 01/30/2012 22:50:26.2.1 - x86 Running from: c:\documents and settings\h\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\h\Desktop\CFScript.txt.docx * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\netdde.exe . . . is infected!! . c:\windows\system32\drivers\usbehci.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 ))))))))))))))))))))))))))))))) . . 2012-01-30 20:37 . 2012-01-30 20:37 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS 2012-01-30 09:16 . 2012-01-30 10:42 -------- d-----w- c:\windows\system32\CatRoot_bak 2012-01-30 06:53 . 2012-01-30 09:01 -------- d--h--w- c:\windows\$hf_mig$ 2012-01-28 16:38 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-28 16:38 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-28 16:38 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-28 16:38 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-28 16:38 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-28 16:38 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-01-28 16:38 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-01-28 16:38 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-01-28 16:36 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-01-28 16:36 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\program files\AVAST Software 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-01-28 14:09 . 2012-01-28 14:09 -------- d-----w- C:\VundoFix Backups 2012-01-27 12:03 . 2012-01-27 12:03 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\bluesoleil 2012-01-27 11:58 . 2012-01-27 11:58 -------- d-----w- c:\program files\IVT Corporation 2012-01-26 16:40 . 2012-01-26 16:40 -------- d-----w- c:\program files\Microsoft Silverlight 2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Rubar-Toolbar 2012-01-25 14:34 . 2012-01-25 14:34 -------- dc----w- c:\documents and settings\h\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 15:13 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Mirillis 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Thinstall 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Application Data\Thinstall 2012-01-25 12:41 . 2012-01-25 12:41 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Daum 2012-01-25 12:40 . 2012-01-25 12:40 -------- d-----w- c:\program files\DAUM 2012-01-25 11:17 . 2012-01-25 11:17 -------- dc----w- c:\documents and settings\h\Application Data\rubar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- C:\extensions 2012-01-25 11:16 . 2012-01-25 11:16 -------- dc----w- c:\documents and settings\h\Application Data\Lwgame RuBar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- c:\program files\Lwgame RuBar Toolbar 2012-01-25 11:14 . 2010-05-26 08:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-01-24 10:34 . 2012-01-24 10:34 -------- d-----w- c:\program files\Xenocode 2012-01-22 14:57 . 2012-01-22 14:58 -------- dc----w- c:\documents and settings\h\Doctor Web 2012-01-22 14:33 . 2012-01-30 20:01 -------- d-----w- c:\program files\Common Files\Doctor Web 2012-01-22 14:29 . 2012-01-23 17:35 -------- d-----w- c:\program files\DrWeb 2012-01-21 11:29 . 2012-01-21 11:29 -------- d-----w- c:\program files\Windows Sidebar 2012-01-21 11:29 . 2012-01-21 11:30 474 ----a-w- C:\user.js 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2012-01-21 11:28 . 2012-01-21 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2012-01-10 08:30 . 2012-01-10 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-01 11:44 . 2012-01-01 11:44 -------- d-----w- c:\program files\GNU . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-01-29_20.29.58 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-30 20:06 . 2012-01-30 20:06 16384 c:\windows\Temp\Perflib_Perfdata_c34.dat + 2009-08-06 17:24 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll + 2010-07-14 08:58 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll + 2010-07-14 08:58 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe + 2012-01-30 06:32 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-04 12:00 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll + 2004-08-04 12:00 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe + 2010-07-14 08:58 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-07-14 08:58 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-04 12:00 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll + 2004-08-04 12:00 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe + 2004-08-04 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-04 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll + 2010-07-14 08:58 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll + 2010-07-14 08:58 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll + 2010-07-14 08:58 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 884736 c:\windows\system32\msimsg.dll + 2004-08-04 12:00 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll + 2004-08-04 12:00 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll + 2010-07-14 08:58 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-07-14 08:58 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-07-14 08:58 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2004-08-04 12:00 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll - 2004-08-04 12:00 . 2004-08-04 12:00 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-04 12:00 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll + 2010-07-14 08:58 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll + 2004-08-04 12:00 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll + 2010-07-14 08:58 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2004-08-04 12:00 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677}"= "c:\program files\Lwgame RuBar Toolbar\rubar.dll" [2010-10-28 1077760] . [HKEY_CLASSES_ROOT\clsid\{c44d2ea2-fcce-4ce8-8710-5ed0d33f7677}] [HKEY_CLASSES_ROOT\iebar.Searcher.1] [HKEY_CLASSES_ROOT\TypeLib\{C41FAEC8-6123-4F4D-8B1F-426AF5F9A59A}] [HKEY_CLASSES_ROOT\iebar.Searcher] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{23DD83B5-BDDC-49CE-B77B-514819C6D551}"= "c:\program files\Lwgame RuBar Toolbar\rubar.dll" [2010-10-28 1077760] . [HKEY_CLASSES_ROOT\clsid\{23dd83b5-bddc-49ce-b77b-514819c6d551}] [HKEY_CLASSES_ROOT\iebar.PluginCore.1] [HKEY_CLASSES_ROOT\TypeLib\{C41FAEC8-6123-4F4D-8B1F-426AF5F9A59A}] [HKEY_CLASSES_ROOT\iebar.PluginCore] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 28160] "PerfectSpeed.exe"="c:\program files\Raxco\PerfectSpeed20\PerfectSpeed.exe" [2010-01-21 7365896] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\documents and settings\h\Start Menu\Programs\Startup\ Изрязване на екран и стартиране на OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2010-7-14 95232] SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-2-26 532480] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-07-14 13:05 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-12 10:48 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IP-TV Player\\IpTvPlayer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= . R2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467] S2 Rubar Update Service;Rubar Update Service;c:\program files\Lwgame RuBar Toolbar\RubarUpdateService.exe [2010-10-28 169984] S2 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [2010-01-21 779528] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248] S3 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [2010-01-21 947464] . . Contents of the 'Scheduled Tasks' folder . 2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003Core.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003UA.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-01-30 c:\windows\Tasks\User_Feed_Synchronization-{207FF4D3-462C-4DC7-824C-E8842C7305A8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.bg/ uDefault_Search_URL = yandex.ru mSearch Bar = yandex.ru uSearchAssistant = yandex.ru IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm Trusted Zone: digicom.bg\tv Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} - hxxp://tv.digicom.bg/vlc-0.9.9-win32.exe DPF: {E23FE9C6-778E-49D4-B537-38FCDE4887D8} - hxxp://tv.digicom.bg/dtvax.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-30 23:13 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2384) c:\program files\SetPoint\lgscroll.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-01-30 23:18:38 ComboFix-quarantined-files.txt 2012-01-30 21:18 ComboFix2.txt 2012-01-29 20:35 . Pre-Run: 10,700,656,640 bytes free Post-Run: 10,700,029,952 bytes free . - - End Of File - - B4B43FF4AB4F21073F3EDB16A96920F0

  • Цитирай

    Е, ама скрипта не е сработил..причината е че сте го подготвили на Word а не в notepad...!

    CFScript.txt.docx

    Нали съм ви дал в инструкцията: Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

  • Цитирай
    • Автор

    Мисля , че този път се получи както трябва !! ComboFix 12-01-29.02 - h 01/31/2012 19:47:18.3.1 - x86 Running from: c:\documents and settings\h\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\h\Desktop\CFScript.txt.txt * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\netdde.exe . . . is infected!! . c:\windows\system32\drivers\usbehci.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 ))))))))))))))))))))))))))))))) . . 2012-01-31 10:37 . 2012-01-31 10:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-01-31 01:27 . 2012-01-31 01:27 -------- d-----w- c:\windows\system32\KB905474 2012-01-31 01:07 . 2012-01-31 01:07 -------- d-----w- c:\windows\ServicePackFiles 2012-01-31 01:05 . 2012-01-31 01:28 -------- d-----w- c:\windows\ie8updates 2012-01-30 09:16 . 2012-01-30 10:42 -------- d-----w- c:\windows\system32\CatRoot_bak 2012-01-30 08:54 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-01-30 08:54 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-01-30 08:54 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-01-30 08:54 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-01-30 08:54 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-01-30 08:54 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-01-30 08:54 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-01-30 08:48 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-01-30 08:48 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2012-01-30 08:46 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2012-01-30 08:46 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2012-01-30 08:46 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2012-01-30 08:46 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2012-01-30 08:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2012-01-30 06:53 . 2012-01-31 01:41 -------- d--h--w- c:\windows\$hf_mig$ 2012-01-28 16:38 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-28 16:38 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-28 16:38 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-28 16:38 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-28 16:38 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-28 16:38 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-01-28 16:38 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-01-28 16:38 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-01-28 16:36 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-01-28 16:36 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\program files\AVAST Software 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-01-28 14:09 . 2012-01-28 14:09 -------- d-----w- C:\VundoFix Backups 2012-01-27 12:03 . 2012-01-27 12:03 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\bluesoleil 2012-01-27 11:58 . 2012-01-27 11:58 -------- d-----w- c:\program files\IVT Corporation 2012-01-26 16:40 . 2012-01-26 16:40 -------- d-----w- c:\program files\Microsoft Silverlight 2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Rubar-Toolbar 2012-01-25 14:34 . 2012-01-25 14:34 -------- dc----w- c:\documents and settings\h\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 15:13 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Mirillis 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Thinstall 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Application Data\Thinstall 2012-01-25 12:41 . 2012-01-25 12:41 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Daum 2012-01-25 12:40 . 2012-01-25 12:40 -------- d-----w- c:\program files\DAUM 2012-01-25 11:17 . 2012-01-25 11:17 -------- dc----w- c:\documents and settings\h\Application Data\rubar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- C:\extensions 2012-01-25 11:16 . 2012-01-25 11:16 -------- dc----w- c:\documents and settings\h\Application Data\Lwgame RuBar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- c:\program files\Lwgame RuBar Toolbar 2012-01-25 11:14 . 2010-05-26 08:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-01-24 10:34 . 2012-01-24 10:34 -------- d-----w- c:\program files\Xenocode 2012-01-22 14:57 . 2012-01-22 14:58 -------- dc----w- c:\documents and settings\h\Doctor Web 2012-01-22 14:33 . 2012-01-30 20:01 -------- d-----w- c:\program files\Common Files\Doctor Web 2012-01-22 14:29 . 2012-01-23 17:35 -------- d-----w- c:\program files\DrWeb 2012-01-21 11:29 . 2012-01-21 11:29 -------- d-----w- c:\program files\Windows Sidebar 2012-01-21 11:29 . 2012-01-21 11:30 474 ----a-w- C:\user.js 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2012-01-21 11:28 . 2012-01-21 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2012-01-10 08:30 . 2012-01-10 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-01-29_20.29.58 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-31 01:51 . 2012-01-31 01:51 16384 c:\windows\Temp\Perflib_Perfdata_90c.dat + 2012-01-31 18:03 . 2012-01-31 18:03 16384 c:\windows\Temp\Perflib_Perfdata_828.dat + 2009-08-06 17:24 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll + 2010-07-14 08:58 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll + 2010-07-14 08:58 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe + 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll + 2012-01-30 08:43 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe + 2004-08-04 12:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe + 2004-08-04 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe + 2012-01-30 06:32 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll + 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe + 2004-08-04 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll - 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\raschap.dll + 2004-08-04 12:00 . 2012-01-31 01:54 40836 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2011-11-15 11:51 40836 c:\windows\system32\perfc009.dat + 2010-07-14 08:53 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll - 2004-08-04 12:00 . 2004-08-04 12:00 66560 c:\windows\system32\mtxclu.dll + 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll + 2004-08-04 00:56 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll + 2004-08-04 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 11264 c:\windows\system32\msrle32.dll + 2004-08-04 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll + 2004-08-04 12:00 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll + 2004-08-04 12:00 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe - 2009-03-08 02:31 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll + 2009-03-08 02:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll + 2010-07-14 08:53 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll - 2010-07-14 08:53 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll + 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll + 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll - 2004-08-04 12:00 . 2004-08-04 12:00 48640 c:\windows\system32\mqupgrd.dll + 2004-08-04 12:00 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll - 2004-08-04 12:00 . 2004-08-04 12:00 95744 c:\windows\system32\mqsec.dll + 2004-08-04 12:00 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll + 2004-08-04 12:00 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll - 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\mqise.dll - 2004-08-04 12:00 . 2004-08-04 12:00 47104 c:\windows\system32\mqdscli.dll + 2004-08-04 12:00 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll + 2004-08-04 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe - 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\mqbkup.exe + 2004-08-04 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll - 2004-08-04 12:00 . 2009-03-08 02:33 25600 c:\windows\system32\jsproxy.dll + 2004-08-04 00:56 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll + 2004-08-04 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll + 2004-08-04 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys + 2004-08-04 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys + 2010-07-14 08:58 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-07-14 08:58 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll + 2004-08-04 12:00 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe + 2004-08-04 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe + 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll + 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe - 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\dllcache\raschap.dll + 2004-08-04 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll + 2010-07-14 08:53 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll - 2004-08-04 12:00 . 2004-08-04 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll + 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll + 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll + 2004-08-04 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll + 2004-08-04 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 11264 c:\windows\system32\dllcache\msrle32.dll + 2004-08-04 12:00 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll + 2004-08-04 12:00 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe - 2010-07-14 08:53 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll + 2010-07-14 08:53 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll + 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll + 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll - 2004-08-04 12:00 . 2004-08-04 12:00 48640 c:\windows\system32\dllcache\mqupgrd.dll + 2004-08-04 12:00 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll + 2004-08-04 12:00 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll - 2004-08-04 12:00 . 2004-08-04 12:00 95744 c:\windows\system32\dllcache\mqsec.dll + 2004-08-04 12:00 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll - 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\dllcache\mqise.dll - 2004-08-04 12:00 . 2004-08-04 12:00 47104 c:\windows\system32\dllcache\mqdscli.dll + 2004-08-04 12:00 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll + 2004-08-04 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe - 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\dllcache\mqbkup.exe + 2004-08-04 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys + 2004-08-04 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys + 2004-08-04 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll - 2004-08-04 12:00 . 2009-03-08 02:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll + 2004-08-04 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll + 2004-08-04 12:00 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll + 2010-07-14 08:53 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll + 2004-08-04 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-04 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll + 2004-08-04 12:00 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\dllcache\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-04 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll + 2004-08-04 12:00 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll + 2010-07-14 08:53 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll + 2004-08-04 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll + 2004-08-04 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll + 2004-08-04 12:00 . 2009-11-27 16:37 84992 c:\windows\system32\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\atl.dll + 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll + 2004-08-04 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll + 2012-01-31 01:16 . 2009-03-08 02:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll + 2012-01-31 01:15 . 2009-03-08 02:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll + 2012-01-31 01:15 . 2009-03-08 02:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll + 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll + 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll + 2001-08-17 22:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll - 2004-08-04 12:00 . 2004-08-04 12:00 4608 c:\windows\system32\mqsvc.exe + 2004-08-04 12:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe + 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll + 2004-08-04 12:00 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe - 2004-08-04 12:00 . 2004-08-04 12:00 4608 c:\windows\system32\dllcache\mqsvc.exe + 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll + 2012-01-30 08:35 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll + 2010-07-14 08:58 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll + 2010-07-14 08:58 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll + 2010-07-14 08:58 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll + 2004-08-04 12:00 . 2009-04-01 21:02 604160 c:\windows\system32\wmspdmod.dll - 2006-10-18 19:47 . 2006-10-18 19:47 295936 c:\windows\system32\wmpeffects.dll + 2006-10-18 19:47 . 2008-06-24 16:12 295936 c:\windows\system32\wmpeffects.dll + 2004-08-04 12:00 . 2009-07-13 21:43 286208 c:\windows\system32\wmpdxm.dll + 2004-08-04 12:00 . 2008-06-18 03:03 938496 c:\windows\system32\WMNetmgr.dll + 2004-08-04 12:00 . 2007-10-27 15:40 222720 c:\windows\system32\wmasf.dll - 2004-08-04 12:00 . 2004-08-04 12:00 132096 c:\windows\system32\wkssvc.dll + 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll + 2004-08-04 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll + 2004-08-04 12:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll - 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\winhttp.dll + 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll + 2010-07-14 08:53 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe + 2010-07-14 08:53 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2010-07-14 08:53 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll + 2004-08-04 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll - 2004-08-04 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll + 2004-08-04 12:00 . 2009-10-15 20:51 119808 c:\windows\system32\t2embed.dll + 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll + 2004-08-04 12:00 . 2009-12-08 08:59 474112 c:\windows\system32\shlwapi.dll - 2004-08-04 12:00 . 2009-01-07 16:20 474112 c:\windows\system32\shlwapi.dll + 2004-08-04 12:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll + 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe + 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll + 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll + 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll + 2004-08-04 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll - 2004-08-04 12:00 . 2004-08-04 12:00 112128 c:\windows\system32\rastls.dll - 2004-08-04 12:00 . 2011-11-15 11:51 314508 c:\windows\system32\perfh009.dat + 2004-08-04 12:00 . 2012-01-31 01:54 314508 c:\windows\system32\perfh009.dat - 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\pdh.dll + 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll + 2004-08-04 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll + 2004-08-04 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll - 2004-08-04 12:00 . 2004-08-04 12:00 266752 c:\windows\system32\oakley.dll + 2004-08-04 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll + 2004-08-04 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\mswsock.dll + 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll + 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll + 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\msv1_0.dll + 2010-07-14 08:53 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll - 2004-08-04 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2006-12-04 14:21 414720 c:\windows\system32\msscp.dll + 2010-07-14 08:53 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe - 2010-07-14 08:53 . 2004-08-04 12:00 343040 c:\windows\system32\mspaint.exe + 2004-08-04 12:00 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll - 2004-08-04 12:00 . 2004-08-04 12:00 884736 c:\windows\system32\msimsg.dll + 2004-08-04 12:00 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll + 2009-03-08 02:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll + 2010-07-14 08:53 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll + 2010-07-14 08:53 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll + 2010-07-14 08:53 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll - 2004-08-04 12:00 . 2004-08-04 12:00 471552 c:\windows\system32\mqutil.dll + 2004-08-04 12:00 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll - 2004-08-04 12:00 . 2004-08-04 12:00 186880 c:\windows\system32\mqtrig.dll + 2004-08-04 12:00 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll - 2004-08-04 12:00 . 2004-08-04 12:00 117248 c:\windows\system32\mqtgsvc.exe + 2004-08-04 12:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe + 2004-08-04 12:00 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll + 2004-08-04 12:00 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll - 2004-08-04 12:00 . 2004-08-04 12:00 123392 c:\windows\system32\mqrtdep.dll + 2004-08-04 12:00 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll - 2004-08-04 12:00 . 2004-08-04 12:00 177152 c:\windows\system32\mqrt.dll + 2004-08-04 12:00 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll + 2004-08-04 12:00 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll - 2004-08-04 12:00 . 2004-08-04 12:00 225280 c:\windows\system32\mqoa.dll - 2004-08-04 12:00 . 2004-08-04 12:00 138240 c:\windows\system32\mqad.dll + 2004-08-04 12:00 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll + 2004-08-04 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll - 2004-08-04 12:00 . 2006-10-18 18:03 100864 c:\windows\system32\logagent.exe + 2004-08-04 12:00 . 2008-06-17 23:09 100864 c:\windows\system32\logagent.exe + 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll + 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll + 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll + 2012-01-31 01:27 . 2009-03-10 20:18 453512 c:\windows\system32\KB905474\wgasetup.exe - 2004-08-04 12:00 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll + 2004-08-04 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll + 2010-07-14 08:57 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll + 2004-08-04 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll + 2004-08-04 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll - 2004-08-04 12:00 . 2009-03-08 02:32 173056 c:\windows\system32\ie4uinit.exe + 2004-08-04 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe + 2004-08-04 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll + 2010-07-14 11:44 . 2012-01-31 01:48 268600 c:\windows\system32\FNTCACHE.DAT - 2010-07-14 11:44 . 2011-11-15 14:17 268600 c:\windows\system32\FNTCACHE.DAT + 2004-08-04 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll + 2004-08-04 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys + 2004-08-04 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys + 2004-08-04 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys + 2004-08-04 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys + 2004-08-04 12:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys + 2004-08-04 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys + 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll + 2010-07-14 08:58 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-07-14 08:58 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-07-14 08:58 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-07-14 08:53 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe + 2004-08-04 12:00 . 2009-04-01 21:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-04 12:00 . 2009-07-13 21:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2004-08-04 12:00 . 2008-06-18 03:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll + 2010-07-14 08:53 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe + 2010-07-14 08:53 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll + 2004-08-04 12:00 . 2007-10-27 15:40 222720 c:\windows\system32\dllcache\wmasf.dll + 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-04 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll + 2004-08-04 12:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll + 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\dllcache\winhttp.dll + 2004-08-04 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll - 2004-08-04 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll + 2004-08-04 12:00 . 2007-06-26 20:10 317440 c:\windows\system32\dllcache\unregmp2.exe - 2010-07-14 08:56 . 2004-08-04 12:00 153088 c:\windows\system32\dllcache\triedit.dll + 2010-07-14 08:56 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll + 2004-08-04 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys + 2004-08-04 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys + 2004-08-04 12:00 . 2009-10-15 20:51 119808 c:\windows\system32\dllcache\t2embed.dll + 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll + 2004-08-04 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys - 2004-08-04 12:00 . 2009-01-07 16:20 474112 c:\windows\system32\dllcache\shlwapi.dll + 2004-08-04 12:00 . 2009-12-08 08:59 474112 c:\windows\system32\dllcache\shlwapi.dll + 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe + 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll + 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll + 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll + 2004-08-04 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys - 2004-08-04 12:00 . 2004-08-04 12:00 112128 c:\windows\system32\dllcache\rastls.dll + 2004-08-04 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll + 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll - 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\dllcache\pdh.dll + 2004-08-04 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll - 2004-08-04 12:00 . 2004-08-04 12:00 266752 c:\windows\system32\dllcache\oakley.dll + 2004-08-04 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll + 2004-08-04 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll + 2004-08-04 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\dllcache\mswsock.dll + 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll + 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll + 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll + 2010-07-14 08:53 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll + 2004-08-04 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll - 2004-08-04 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll + 2004-08-04 12:00 . 2006-12-04 14:21 414720 c:\windows\system32\dllcache\msscp.dll - 2010-07-14 08:53 . 2004-08-04 12:00 343040 c:\windows\system32\dllcache\mspaint.exe + 2010-07-14 08:53 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe + 2004-08-04 12:00 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll + 2004-08-04 12:00 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll - 2004-08-04 12:00 . 2004-08-04 12:00 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-04 12:00 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll + 2010-07-14 08:53 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2010-07-14 08:53 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll + 2010-07-14 08:53 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll + 2010-07-14 08:56 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll - 2010-07-14 08:56 . 2004-08-04 12:00 331776 c:\windows\system32\dllcache\msadce.dll + 2004-08-04 12:00 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys - 2004-08-04 12:00 . 2004-08-04 12:00 471552 c:\windows\system32\dllcache\mqutil.dll + 2004-08-04 12:00 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll - 2004-08-04 12:00 . 2004-08-04 12:00 186880 c:\windows\system32\dllcache\mqtrig.dll + 2004-08-04 12:00 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll + 2004-08-04 12:00 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe - 2004-08-04 12:00 . 2004-08-04 12:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe + 2004-08-04 12:00 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll - 2004-08-04 12:00 . 2004-08-04 12:00 123392 c:\windows\system32\dllcache\mqrtdep.dll + 2004-08-04 12:00 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll + 2004-08-04 12:00 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll - 2004-08-04 12:00 . 2004-08-04 12:00 177152 c:\windows\system32\dllcache\mqrt.dll + 2004-08-04 12:00 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll - 2004-08-04 12:00 . 2004-08-04 12:00 225280 c:\windows\system32\dllcache\mqoa.dll + 2004-08-04 12:00 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll - 2004-08-04 12:00 . 2004-08-04 12:00 138240 c:\windows\system32\dllcache\mqad.dll + 2004-08-04 12:00 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll + 2004-08-04 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll - 2004-08-04 12:00 . 2006-10-18 18:03 100864 c:\windows\system32\dllcache\logagent.exe + 2004-08-04 12:00 . 2008-06-17 23:09 100864 c:\windows\system32\dllcache\logagent.exe + 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll + 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll + 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll - 2004-08-04 12:00 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll + 2004-08-04 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2010-07-14 08:57 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll + 2004-08-04 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll + 2004-08-04 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2004-08-04 12:00 . 2009-03-08 02:32 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2004-08-04 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe - 2010-07-14 08:57 . 2004-08-04 12:00 743936 c:\windows\system32\dllcache\helpsvc.exe + 2010-07-14 08:57 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe + 2004-08-04 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll + 2010-07-14 08:53 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll + 2004-08-04 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll + 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll + 2004-08-04 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll - 2004-08-04 12:00 . 2004-08-04 12:00 285696 c:\windows\system32\dllcache\atmfd.dll + 2004-08-04 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys - 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\dllcache\advapi32.dll + 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll + 2004-08-04 12:00 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll + 2004-08-04 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 285696 c:\windows\system32\atmfd.dll + 2004-08-04 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll - 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\advapi32.dll + 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll + 2004-08-04 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll - 2010-07-14 08:57 . 2004-08-04 12:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe + 2010-07-14 08:57 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe + 2004-08-04 12:00 . 2007-06-26 20:10 317440 c:\windows\inf\unregmp2.exe + 2012-01-31 01:15 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll + 2012-01-31 01:16 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll + 2012-01-31 01:16 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe + 2012-01-31 01:15 . 2009-03-08 02:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll + 2012-01-31 01:15 . 2009-03-08 02:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll + 2012-01-31 01:15 . 2009-03-08 02:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll + 2012-01-31 01:16 . 2009-03-08 02:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll + 2012-01-31 01:15 . 2009-03-08 02:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll + 2012-01-31 01:16 . 2009-03-08 02:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll + 2012-01-31 01:15 . 2009-03-08 12:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll + 2012-01-31 01:15 . 2009-03-08 02:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe + 2012-01-31 01:11 . 2009-03-08 02:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll + 2012-01-31 01:11 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll + 2012-01-31 01:11 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe + 2012-01-31 01:28 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll + 2012-01-31 01:28 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe + 2012-01-31 01:28 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll + 2012-01-31 01:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2012-01-31 01:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2012-01-31 01:05 . 2009-03-08 02:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2012-01-30 08:47 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys + 2012-01-30 08:48 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys + 2004-08-04 12:00 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll + 2012-01-30 08:57 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2010-07-14 08:58 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll + 2004-08-04 12:00 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll + 2004-08-04 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys + 2004-08-04 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll + 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\query.dll + 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll + 2004-08-04 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll + 2004-08-04 12:00 . 2010-02-16 13:19 2181376 c:\windows\system32\ntoskrnl.exe + 2004-08-03 22:59 . 2010-02-16 12:39 2058368 c:\windows\system32\ntkrnlpa.exe + 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll + 2004-08-04 12:00 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll + 2004-08-04 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll + 2012-01-31 01:27 . 2009-03-10 20:26 1403264 c:\windows\system32\KB905474\wganotifypackageinner.exe + 2009-03-08 02:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll + 2010-07-14 08:58 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2004-08-04 12:00 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll + 2004-08-04 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys + 2004-08-04 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll + 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\dllcache\query.dll + 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll + 2004-08-04 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll + 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll + 2010-07-14 08:57 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll + 2004-08-04 12:00 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll + 2004-08-04 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll - 2010-07-14 08:57 . 2004-08-04 12:00 3555328 c:\windows\system32\dllcache\moviemk.exe + 2010-07-14 08:57 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe + 2012-01-31 01:15 . 2009-03-08 02:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll + 2012-01-31 01:15 . 2009-03-08 02:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll + 2012-01-31 01:15 . 2009-03-08 02:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll + 2012-01-30 08:46 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2012-01-30 08:46 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2012-01-30 08:46 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2012-01-30 08:46 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2004-08-04 12:00 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll + 2009-03-08 02:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll + 2004-08-04 12:00 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll + 2012-01-31 01:15 . 2009-03-08 02:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677}"= "c:\program files\Lwgame RuBar Toolbar\rubar.dll" [2010-10-28 1077760] . [HKEY_CLASSES_ROOT\clsid\{c44d2ea2-fcce-4ce8-8710-5ed0d33f7677}] [HKEY_CLASSES_ROOT\iebar.Searcher.1] [HKEY_CLASSES_ROOT\TypeLib\{C41FAEC8-6123-4F4D-8B1F-426AF5F9A59A}] [HKEY_CLASSES_ROOT\iebar.Searcher] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{23DD83B5-BDDC-49CE-B77B-514819C6D551}"= "c:\program files\Lwgame RuBar Toolbar\rubar.dll" [2010-10-28 1077760] . [HKEY_CLASSES_ROOT\clsid\{23dd83b5-bddc-49ce-b77b-514819c6d551}] [HKEY_CLASSES_ROOT\iebar.PluginCore.1] [HKEY_CLASSES_ROOT\TypeLib\{C41FAEC8-6123-4F4D-8B1F-426AF5F9A59A}] [HKEY_CLASSES_ROOT\iebar.PluginCore] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 28160] "PerfectSpeed.exe"="c:\program files\Raxco\PerfectSpeed20\PerfectSpeed.exe" [2010-01-21 7365896] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\documents and settings\h\Start Menu\Programs\Startup\ Изрязване на екран и стартиране на OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2010-7-14 95232] SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-2-26 532480] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-07-14 13:05 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-12 10:48 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IP-TV Player\\IpTvPlayer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= . R2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467] S2 Rubar Update Service;Rubar Update Service;c:\program files\Lwgame RuBar Toolbar\RubarUpdateService.exe [2010-10-28 169984] S2 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [2010-01-21 779528] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248] S3 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [2010-01-21 947464] . . Contents of the 'Scheduled Tasks' folder . 2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003Core.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003UA.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{207FF4D3-462C-4DC7-824C-E8842C7305A8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . 2012-01-31 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2012-01-31 20:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.bg/ uDefault_Search_URL = yandex.ru mSearch Bar = yandex.ru uSearchAssistant = yandex.ru IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm Trusted Zone: digicom.bg\tv Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} - hxxp://tv.digicom.bg/vlc-0.9.9-win32.exe DPF: {E23FE9C6-778E-49D4-B537-38FCDE4887D8} - hxxp://tv.digicom.bg/dtvax.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 20:03 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1868) c:\windows\system32\WININET.dll c:\windows\system32\newdll.dll c:\program files\SetPoint\lgscroll.dll c:\windows\system32\msi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\BsMobileSDK.dll c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE . ************************************************************************** . Completion time: 2012-01-31 20:13:07 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-31 18:12 ComboFix2.txt 2012-01-30 21:18 ComboFix3.txt 2012-01-29 20:35 . Pre-Run: 9,842,106,368 bytes free Post-Run: 9,880,985,600 bytes free . - - End Of File - - FAC2FFAEC8206022411E64C1FA80377C

  • Цитирай

    Не не се получило..оставете...за сега..!

    Нещо много важно трябва да направим..:Изтеглете Service Pack 3 и запомнете на вашия десктоп.Затворете всички приложения и стартирайте файла с двоен клик..След като процедурата завърши рестартирайте компютъра си.Пишете когато сте готови..!

    Когато сте готов изтрийте вашото копие на Комбофикс и изтеглете свежо от тук или тук и го запазете на десктопа си.

    Направете сканиране по инструкцията от пост 4..!

  • Цитирай
    • Автор

    Изтеглих и стартирах Service Pack 3 ,появи се следното съобщение : C:\Documents and Settings\h\Desktop\WindousXP-kKB936929-SP3-x86-ENU.exe is not a valid Win32 application.

  • Цитирай

    32-битовата или 64-битовата версия на Windows се изпълнява на компютъра?

    Как се отстраняват неизправности при неуспешно инсталиране на Windows XP Service Pack 3

    или изтегли този алтернативен линк : Windows XP Service Pack 3 и го инсталирай отново.

  • Цитирай
    • Автор

    Сканирах с Комбофикс , лога е много голям , не ми позволява да го побликувам тук целия !!Излиза ми съобщение да се върна и да го съкратя !!Може ли да го разделя на две части.. ????!

  • Цитирай
    • Автор

    ComboFix 12-02-03.02 - h 02/03/2012 19:39:22.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.255.9 [GMT 2:00] Running from: c:\documents and settings\h\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 ))))))))))))))))))))))))))))))) . . 2012-02-02 19:53 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-02-02 19:48 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-02-02 19:48 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-02-02 19:37 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-02-02 19:36 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-02-02 19:34 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-02-02 19:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-02-01 19:36 . 2008-04-14 03:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll 2012-02-01 19:33 . 2006-12-28 22:31 19569 ----a-w- c:\windows\002845_.tmp 2012-01-31 10:37 . 2012-01-31 10:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-01-31 01:27 . 2012-01-31 01:27 -------- d-----w- c:\windows\system32\KB905474 2012-01-31 01:07 . 2012-02-01 19:38 -------- d-----w- c:\windows\ServicePackFiles 2012-01-31 01:05 . 2012-02-03 01:10 -------- d-----w- c:\windows\ie8updates 2012-01-30 08:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2012-01-30 08:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-01-30 08:56 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-01-30 08:56 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-01-30 08:54 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-01-30 08:54 . 2011-11-04 19:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-01-30 08:54 . 2011-11-04 19:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-01-30 08:54 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-01-30 08:54 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-01-30 08:54 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-01-30 08:54 . 2011-11-04 19:20 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-01-30 08:54 . 2011-11-04 19:20 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-01-30 08:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-01-30 08:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2012-01-30 08:47 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys 2012-01-30 08:47 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-01-30 08:46 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2012-01-30 08:46 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2012-01-30 08:46 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2012-01-30 08:46 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2012-01-30 08:46 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2012-01-30 08:46 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2012-01-30 08:46 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2012-01-30 08:46 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll 2012-01-30 08:46 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2012-01-30 08:46 . 2011-10-25 13:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2012-01-30 08:46 . 2011-10-25 13:33 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2012-01-30 08:46 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2012-01-30 08:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2012-01-30 08:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2012-01-30 08:35 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2012-01-30 08:35 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2012-01-30 06:53 . 2012-02-03 01:21 -------- d--h--w- c:\windows\$hf_mig$ 2012-01-28 16:38 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-28 16:38 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-28 16:38 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-28 16:38 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-28 16:38 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-28 16:38 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-01-28 16:38 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-01-28 16:38 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-01-28 16:36 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-01-28 16:36 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\program files\AVAST Software 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-01-28 14:09 . 2012-01-28 14:09 -------- d-----w- C:\VundoFix Backups 2012-01-27 12:03 . 2012-01-27 12:03 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\bluesoleil 2012-01-27 11:58 . 2012-01-27 11:58 -------- d-----w- c:\program files\IVT Corporation 2012-01-26 16:40 . 2012-01-26 16:40 -------- d-----w- c:\program files\Microsoft Silverlight 2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Rubar-Toolbar 2012-01-25 14:34 . 2012-01-25 14:34 -------- dc----w- c:\documents and settings\h\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 15:13 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Mirillis 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Thinstall 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Application Data\Thinstall 2012-01-25 12:41 . 2012-01-25 12:41 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Daum 2012-01-25 12:40 . 2012-01-25 12:40 -------- d-----w- c:\program files\DAUM 2012-01-25 11:17 . 2012-01-25 11:17 -------- dc----w- c:\documents and settings\h\Application Data\rubar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- C:\extensions 2012-01-25 11:16 . 2012-01-25 11:16 -------- dc----w- c:\documents and settings\h\Application Data\Lwgame RuBar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- c:\program files\Lwgame RuBar Toolbar 2012-01-25 11:14 . 2010-05-26 08:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-01-24 10:34 . 2012-01-24 10:34 -------- d-----w- c:\program files\Xenocode 2012-01-22 14:57 . 2012-01-22 14:58 -------- dc----w- c:\documents and settings\h\Doctor Web 2012-01-22 14:33 . 2012-01-30 20:01 -------- d-----w- c:\program files\Common Files\Doctor Web 2012-01-22 14:29 . 2012-01-23 17:35 -------- d-----w- c:\program files\DrWeb 2012-01-21 11:29 . 2012-01-21 11:29 -------- d-----w- c:\program files\Windows Sidebar 2012-01-21 11:29 . 2012-01-21 11:30 474 ----a-w- C:\user.js 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2012-01-21 11:28 . 2012-01-21 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2012-01-10 08:30 . 2012-01-10 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-01-31_18.05.48 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 03:42 . 2008-04-14 03:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll + 2008-04-14 03:42 . 2008-04-14 03:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll - 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\twain_32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 50688 c:\windows\twain_32.dll + 2012-02-03 17:18 . 2012-02-03 17:18 16384 c:\windows\Temp\Perflib_Perfdata_afc.dat - 2010-07-14 08:53 . 2004-08-04 12:00 11776 c:\windows\system32\xolehlp.dll + 2010-07-14 08:53 . 2008-04-14 03:42 11776 c:\windows\system32\xolehlp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\xmlprovi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 50176 c:\windows\system32\xmlprovi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 30720 c:\windows\system32\xcopy.exe + 2004-08-04 12:00 . 2008-04-14 03:42 30720 c:\windows\system32\xcopy.exe - 2004-08-04 12:00 . 2004-08-04 12:00 91648 c:\windows\system32\xactsrv.dll + 2004-08-04 12:00 . 2008-04-14 03:42 91648 c:\windows\system32\xactsrv.dll + 2004-08-04 00:56 . 2008-04-14 03:42 52736 c:\windows\system32\wzcsapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 18432 c:\windows\system32\wtsapi32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 18432 c:\windows\system32\wtsapi32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\system32\wstdecod.dll + 2004-08-04 12:00 . 2008-04-14 03:42 50688 c:\windows\system32\wstdecod.dll - 2004-08-04 12:00 . 2004-08-04 12:00 22528 c:\windows\system32\wsock32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 22528 c:\windows\system32\wsock32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 41984 c:\windows\system32\wsnmp32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 19456 c:\windows\system32\wshtcpip.dll + 2004-08-04 12:00 . 2008-04-14 03:42 11264 c:\windows\system32\wshrm.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14336 c:\windows\system32\wship6.dll - 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\wship6.dll + 2004-08-04 12:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll + 2004-08-04 12:00 . 2008-04-14 03:42 36864 c:\windows\system32\wshcon.dll + 2004-08-04 12:00 . 2008-04-14 03:42 80896 c:\windows\system32\wscsvc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\wscntfy.exe + 2004-08-04 12:00 . 2008-04-14 03:42 13824 c:\windows\system32\wscntfy.exe - 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\ws2help.dll + 2004-08-04 12:00 . 2008-04-14 03:42 19968 c:\windows\system32\ws2help.dll + 2004-08-04 12:00 . 2008-04-14 03:42 82432 c:\windows\system32\ws2_32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 11264 c:\windows\system32\wpnpinst.exe - 2004-08-04 12:00 . 2004-08-04 12:00 32256 c:\windows\system32\wpabaln.exe + 2004-08-04 12:00 . 2008-04-14 03:42 32256 c:\windows\system32\wpabaln.exe - 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpui.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20480 c:\windows\system32\wmpui.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcore.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20480 c:\windows\system32\wmpcore.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcd.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20480 c:\windows\system32\wmpcd.dll + 2004-08-04 12:00 . 2008-04-14 03:42 92672 c:\windows\system32\wlnotify.dll - 2004-08-04 12:00 . 2004-08-04 12:00 92672 c:\windows\system32\wlnotify.dll + 2012-02-01 19:42 . 2008-04-14 03:42 69120 c:\windows\system32\wlanapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 53760 c:\windows\system32\winsta.dll - 2004-08-04 12:00 . 2004-08-04 12:00 53760 c:\windows\system32\winsta.dll - 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\winshfhc.dll + 2004-08-04 12:00 . 2008-04-14 03:42 17408 c:\windows\system32\winshfhc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 99328 c:\windows\system32\winscard.dll + 2004-08-04 12:00 . 2008-04-14 03:42 99328 c:\windows\system32\winscard.dll - 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\winrnr.dll + 2004-08-04 12:00 . 2008-04-14 03:42 16896 c:\windows\system32\winrnr.dll + 2004-08-04 12:00 . 2008-04-14 03:42 32256 c:\windows\system32\winipsec.dll + 2004-08-04 12:00 . 2008-04-14 03:42 75776 c:\windows\system32\wiascr.dll - 2004-08-04 12:00 . 2004-08-04 12:00 75776 c:\windows\system32\wiascr.dll + 2004-08-04 12:00 . 2008-04-14 03:42 65024 c:\windows\system32\wextract.exe + 2004-08-04 12:00 . 2008-04-14 03:42 68096 c:\windows\system32\webclnt.dll - 2004-08-04 00:56 . 2004-08-04 12:00 23552 c:\windows\system32\wdmaud.drv + 2004-08-04 00:56 . 2008-04-14 03:42 23552 c:\windows\system32\wdmaud.drv + 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll + 2010-07-14 08:53 . 2008-04-14 03:42 95232 c:\windows\system32\wbem\wmiutils.dll - 2010-07-14 08:53 . 2004-08-04 12:00 95232 c:\windows\system32\wbem\wmiutils.dll - 2010-07-14 08:53 . 2004-08-04 12:00 41472 c:\windows\system32\wbem\wmipsess.dll + 2010-07-14 08:53 . 2008-04-14 03:42 41472 c:\windows\system32\wbem\wmipsess.dll + 2010-07-14 08:53 . 2008-04-14 03:42 62464 c:\windows\system32\wbem\wmipjobj.dll + 2010-07-14 08:53 . 2008-04-14 03:42 61952 c:\windows\system32\wbem\wmipiprt.dll + 2010-07-14 08:53 . 2008-04-14 03:42 60928 c:\windows\system32\wbem\wmicookr.dll - 2010-07-14 08:53 . 2004-08-04 12:00 60928 c:\windows\system32\wbem\wmicookr.dll + 2010-07-14 08:53 . 2008-04-14 03:42 88576 c:\windows\system32\wbem\wmiaprpl.dll - 2010-07-14 08:53 . 2004-08-04 12:00 43520 c:\windows\system32\wbem\wbemsvc.dll + 2010-07-14 08:53 . 2008-04-14 03:42 43520 c:\windows\system32\wbem\wbemsvc.dll + 2010-07-14 08:53 . 2008-04-14 03:42 18944 c:\windows\system32\wbem\wbemprox.dll - 2010-07-14 08:53 . 2004-08-04 12:00 18944 c:\windows\system32\wbem\wbemprox.dll + 2004-08-04 12:00 . 2008-04-14 03:42 43008 c:\windows\system32\wbem\wbemperf.dll - 2004-08-04 12:00 . 2004-08-04 12:00 43008 c:\windows\system32\wbem\wbemperf.dll + 2010-07-14 08:53 . 2008-04-14 03:42 71680 c:\windows\system32\wbem\wbemcons.dll - 2010-07-14 08:53 . 2004-08-04 12:00 71680 c:\windows\system32\wbem\wbemcons.dll + 2010-07-14 08:53 . 2008-04-14 03:42 86528 c:\windows\system32\wbem\stdprov.dll - 2010-07-14 08:53 . 2004-08-04 12:00 86528 c:\windows\system32\wbem\stdprov.dll + 2010-07-14 08:53 . 2008-04-14 03:42 36352 c:\windows\system32\wbem\scrcons.exe - 2010-07-14 08:53 . 2004-08-04 12:00 92672 c:\windows\system32\wbem\policman.dll + 2010-07-14 08:53 . 2008-04-14 03:42 92672 c:\windows\system32\wbem\policman.dll + 2010-07-14 08:53 . 2008-04-14 03:42 47104 c:\windows\system32\wbem\ncprov.dll - 2010-07-14 08:53 . 2004-08-04 12:00 47104 c:\windows\system32\wbem\ncprov.dll - 2010-07-14 08:53 . 2004-08-04 12:00 16384 c:\windows\system32\wbem\mofcomp.exe + 2010-07-14 08:53 . 2008-04-14 03:42 16384 c:\windows\system32\wbem\mofcomp.exe - 2010-07-14 08:53 . 2004-08-04 12:00 24576 c:\windows\system32\wbem\krnlprov.dll + 2010-07-14 08:53 . 2008-04-14 03:41 24576 c:\windows\system32\wbem\krnlprov.dll + 2004-08-04 12:00 . 2008-04-14 03:41 21504 c:\windows\system32\wbem\evntrprv.dll + 2004-08-04 12:00 . 2008-04-14 03:41 45056 c:\windows\system32\wbem\cmdevtgprov.dll + 2004-08-04 12:00 . 2008-04-13 22:15 17664 c:\windows\system32\watchdog.sys - 2004-08-04 12:00 . 2004-08-04 12:00 17664 c:\windows\system32\watchdog.sys + 2004-08-04 12:00 . 2008-04-14 03:42 15872 c:\windows\system32\w3ssl.dll - 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\w3ssl.dll + 2004-08-04 12:00 . 2008-04-14 03:42 18944 c:\windows\system32\version.dll - 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\version.dll + 2004-08-04 12:00 . 2008-04-14 03:42 26624 c:\windows\system32\verifier.dll + 2012-02-01 19:42 . 2008-04-14 03:42 28672 c:\windows\system32\verclsid.exe - 2004-08-04 12:00 . 2004-08-04 12:00 51712 c:\windows\system32\vdmredir.dll + 2004-08-04 12:00 . 2008-04-14 03:42 51712 c:\windows\system32\vdmredir.dll - 2004-08-04 12:00 . 2004-08-04 12:00 26112 c:\windows\system32\vdmdbg.dll + 2004-08-04 12:00 . 2008-04-14 03:42 26112 c:\windows\system32\vdmdbg.dll + 2004-08-04 12:00 . 2008-04-14 03:42 30749 c:\windows\system32\vbajet32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 30749 c:\windows\system32\vbajet32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 50176 c:\windows\system32\utilman.exe - 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\utilman.exe - 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\usmt\log.dll + 2004-08-04 12:00 . 2008-04-14 03:41 19968 c:\windows\system32\usmt\log.dll + 2012-02-01 19:42 . 2008-04-13 20:14 17920 c:\windows\system32\usmt\cobramsg.dll + 2004-08-04 12:00 . 2008-04-14 03:42 26112 c:\windows\system32\userinit.exe + 2010-07-14 11:47 . 2008-04-14 03:42 74240 c:\windows\system32\usbui.dll - 2010-07-14 11:47 . 2004-08-04 00:56 74240 c:\windows\system32\usbui.dll - 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\usbmon.dll + 2004-08-04 12:00 . 2008-04-14 03:42 16896 c:\windows\system32\usbmon.dll + 2004-08-04 12:00 . 2008-04-14 03:42 18432 c:\windows\system32\ups.exe - 2004-08-04 12:00 . 2004-08-04 12:00 18432 c:\windows\system32\ups.exe - 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\upnpcont.exe + 2004-08-04 12:00 . 2008-04-14 03:42 16896 c:\windows\system32\upnpcont.exe + 2004-08-04 12:00 . 2008-04-14 03:42 13824 c:\windows\system32\uniplat.dll - 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\uniplat.dll + 2004-08-04 12:00 . 2008-04-14 03:42 74240 c:\windows\system32\unimdmat.dll - 2004-08-04 12:00 . 2004-08-04 12:00 74240 c:\windows\system32\unimdmat.dll + 2004-08-04 12:00 . 2008-04-14 03:42 35840 c:\windows\system32\umandlg.dll - 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\umandlg.dll + 2004-08-04 12:00 . 2008-04-14 03:42 26624 c:\windows\system32\udhisapi.dll - 2012-01-30 08:43 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe + 2012-01-30 08:43 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe + 2004-08-04 12:00 . 2008-04-14 03:42 57856 c:\windows\system32\twext.dll + 2012-02-01 19:42 . 2008-04-14 03:42 50688 c:\windows\system32\tspkg.dll + 2012-02-01 19:42 . 2008-04-14 03:42 53248 c:\windows\system32\tsgqec.dll - 2004-08-04 12:00 . 2004-08-04 12:00 12168 c:\windows\system32\tsddd.dll + 2004-08-04 12:00 . 2008-04-14 03:43 12168 c:\windows\system32\tsddd.dll + 2010-07-14 08:53 . 2008-04-14 03:42 93696 c:\windows\system32\tscfgwmi.dll - 2010-07-14 08:53 . 2004-08-04 12:00 93696 c:\windows\system32\tscfgwmi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 90112 c:\windows\system32\trkwks.dll + 2004-08-04 12:00 . 2008-04-14 03:42 12800 c:\windows\system32\tree.com - 2004-08-04 12:00 . 2004-08-04 12:00 12288 c:\windows\system32\tracert.exe + 2004-08-04 12:00 . 2008-04-14 03:42 12288 c:\windows\system32\tracert.exe - 2004-08-04 12:00 . 2004-08-04 12:00 73216 c:\windows\system32\tlntsvr.exe + 2004-08-04 12:00 . 2008-04-14 03:42 73216 c:\windows\system32\tlntsvr.exe + 2004-08-04 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe - 2004-08-04 12:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe + 2004-08-04 12:00 . 2008-04-14 03:42 61440 c:\windows\system32\tlntadmn.exe - 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\tlntadmn.exe - 2004-08-04 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe + 2004-08-04 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe - 2004-08-04 12:00 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmonui.dll + 2004-08-04 12:00 . 2008-04-14 03:42 45568 c:\windows\system32\tcpmonui.dll + 2004-08-04 12:00 . 2008-04-14 03:42 45568 c:\windows\system32\tcpmon.dll - 2004-08-04 12:00 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmon.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14848 c:\windows\system32\tcpmib.dll - 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\tcpmib.dll + 2004-08-04 12:00 . 2008-04-14 03:42 77824 c:\windows\system32\tasklist.exe + 2004-08-04 12:00 . 2008-04-14 03:42 76288 c:\windows\system32\taskkill.exe + 2004-08-04 12:00 . 2008-04-14 03:42 71680 c:\windows\system32\systeminfo.exe + 2004-08-04 12:00 . 2008-04-14 03:42 57856 c:\windows\system32\synceng.dll - 2004-08-04 12:00 . 2004-08-04 12:00 57856 c:\windows\system32\synceng.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14336 c:\windows\system32\svchost.exe - 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\svchost.exe + 2004-08-04 12:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll - 2004-08-04 12:00 . 2004-08-04 12:00 75776 c:\windows\system32\strmfilt.dll + 2010-07-14 11:45 . 2008-04-14 03:42 74752 c:\windows\system32\storprop.dll - 2010-07-14 11:45 . 2004-08-04 00:56 74752 c:\windows\system32\storprop.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14848 c:\windows\system32\stimon.exe - 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\stimon.exe + 2004-08-04 12:00 . 2008-04-14 03:42 68096 c:\windows\system32\sti.dll + 2010-07-14 08:54 . 2008-04-14 03:42 59392 c:\windows\system32\stclient.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14336 c:\windows\system32\ssstars.scr - 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\ssstars.scr - 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\ssmyst.scr + 2004-08-04 12:00 . 2008-04-14 03:42 18944 c:\windows\system32\ssmyst.scr - 2004-08-04 12:00 . 2004-08-04 12:00 47104 c:\windows\system32\ssmypics.scr + 2004-08-04 12:00 . 2008-04-14 03:42 47104 c:\windows\system32\ssmypics.scr + 2004-08-04 12:00 . 2008-04-14 03:42 20992 c:\windows\system32\ssmarque.scr - 2004-08-04 12:00 . 2004-08-04 12:00 20992 c:\windows\system32\ssmarque.scr - 2004-08-04 12:00 . 2004-08-04 12:00 71680 c:\windows\system32\ssdpsrv.dll + 2004-08-04 12:00 . 2008-04-14 03:42 71680 c:\windows\system32\ssdpsrv.dll + 2004-08-04 12:00 . 2008-04-14 03:42 34816 c:\windows\system32\ssdpapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 34816 c:\windows\system32\ssdpapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 19968 c:\windows\system32\ssbezier.scr - 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\ssbezier.scr + 2004-08-04 12:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll + 2010-07-14 08:57 . 2008-04-14 03:42 67584 c:\windows\system32\srclient.dll - 2010-07-14 08:57 . 2004-08-04 12:00 67584 c:\windows\system32\srclient.dll + 2008-04-14 03:42 . 2008-04-14 03:42 20992 c:\windows\system32\spupdwxp.exe + 2004-08-04 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe + 2004-08-04 12:00 . 2008-04-14 03:42 75264 c:\windows\system32\spoolss.dll + 2004-08-04 12:00 . 2008-04-14 03:42 11264 c:\windows\system32\spnpinst.exe + 2004-08-04 12:00 . 2008-04-13 22:13 12800 c:\windows\system32\spiisupd.exe - 2004-08-04 12:00 . 2004-08-04 12:00 12800 c:\windows\system32\spiisupd.exe + 2004-08-04 12:00 . 2008-04-14 03:42 24576 c:\windows\system32\sort.exe - 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\snmpapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 18944 c:\windows\system32\snmpapi.dll + 2012-02-01 19:42 . 2008-04-14 03:42 10752 c:\windows\system32\smtpapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\system32\smss.exe + 2004-08-04 12:00 . 2008-04-14 03:42 50688 c:\windows\system32\smss.exe - 2004-08-04 12:00 . 2004-08-04 12:00 89600 c:\windows\system32\smlogsvc.exe + 2004-08-04 12:00 . 2008-04-14 03:42 89600 c:\windows\system32\smlogsvc.exe + 2012-02-01 19:42 . 2008-04-14 03:42 73796 c:\windows\system32\slserv.exe + 2012-02-01 19:42 . 2008-04-14 03:42 32866 c:\windows\system32\slrundll.exe + 2012-02-01 19:42 . 2008-04-14 03:42 73832 c:\windows\system32\slcoinst.dll + 2004-08-04 12:00 . 2008-04-14 03:42 98304 c:\windows\system32\slbiop.dll - 2004-08-04 12:00 . 2004-08-04 12:00 98304 c:\windows\system32\slbiop.dll + 2004-08-04 12:00 . 2008-04-14 03:42 25088 c:\windows\system32\slayerxp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\slayerxp.dll + 2004-08-04 12:00 . 2008-04-14 03:42 26112 c:\windows\system32\skeys.exe - 2004-08-04 12:00 . 2004-08-04 12:00 26112 c:\windows\system32\skeys.exe + 2004-08-04 12:00 . 2008-04-14 03:42 70144 c:\windows\system32\sigverif.exe - 2004-08-04 12:00 . 2004-08-04 12:00 70144 c:\windows\system32\sigverif.exe + 2004-08-04 12:00 . 2008-04-14 03:42 13312 c:\windows\system32\sigtab.dll - 2004-08-04 12:00 . 2004-08-04 12:00 13312 c:\windows\system32\sigtab.dll + 2004-08-04 12:00 . 2008-04-14 03:42 19456 c:\windows\system32\shutdown.exe - 2004-08-04 12:00 . 2004-08-04 12:00 19456 c:\windows\system32\shutdown.exe + 2004-08-04 12:00 . 2008-04-14 03:42 27648 c:\windows\system32\shscrap.dll - 2004-08-04 12:00 . 2004-08-04 12:00 27648 c:\windows\system32\shscrap.dll - 2004-08-04 12:00 . 2004-08-04 12:00 77824 c:\windows\system32\shrpubw.exe + 2004-08-04 12:00 . 2008-04-14 03:42 77824 c:\windows\system32\shrpubw.exe + 2004-08-04 12:00 . 2008-04-14 03:42 45056 c:\windows\system32\shmgrate.exe + 2004-08-04 12:00 . 2008-04-14 03:42 65024 c:\windows\system32\shimeng.dll - 2004-08-04 12:00 . 2004-08-04 12:00 68096 c:\windows\system32\shgina.dll + 2004-08-04 12:00 . 2008-04-14 03:42 68096 c:\windows\system32\shgina.dll - 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\shfolder.dll + 2004-08-04 12:00 . 2008-04-14 03:42 25088 c:\windows\system32\shfolder.dll + 2012-02-01 19:42 . 2008-04-14 03:42 32768 c:\windows\system32\setupn.exe + 2004-08-04 12:00 . 2008-04-14 03:42 33792 c:\windows\system32\Setup\tabletoc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 33792 c:\windows\system32\Setup\tabletoc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\Setup\ocmsn.dll + 2004-08-04 12:00 . 2008-04-14 03:42 17408 c:\windows\system32\Setup\ocmsn.dll + 2004-08-04 12:00 . 2008-04-14 03:42 15360 c:\windows\system32\Setup\ocgen.dll + 2004-08-04 12:00 . 2008-04-14 03:42 62976 c:\windows\system32\Setup\ntoc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 62976 c:\windows\system32\Setup\ntoc.dll + 2004-08-04 12:00 . 2008-04-14 03:42 77312 c:\windows\system32\Setup\netoc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\Setup\netoc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 15360 c:\windows\system32\Setup\msgrocm.dll + 2004-08-04 12:00 . 2008-04-14 03:42 15360 c:\windows\system32\Setup\msgrocm.dll + 2004-08-04 12:00 . 2008-04-14 03:42 90112 c:\windows\system32\Setup\msdtcstp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\Setup\medctroc.dll + 2004-08-04 12:00 . 2008-04-14 03:41 16896 c:\windows\system32\Setup\medctroc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 32828 c:\windows\system32\Setup\fp40ext.dll + 2004-08-04 12:00 . 2008-04-14 03:41 32828 c:\windows\system32\Setup\fp40ext.dll + 2004-08-04 12:00 . 2008-04-14 03:42 23040 c:\windows\system32\setup.exe - 2004-08-04 12:00 . 2004-08-04 12:00 23040 c:\windows\system32\setup.exe - 2004-08-04 12:00 . 2004-08-04 12:00 31232 c:\windows\system32\sethc.exe + 2004-08-04 12:00 . 2008-04-14 03:42 31232 c:\windows\system32\sethc.exe + 2010-07-14 08:53 . 2008-04-14 03:42 56320 c:\windows\system32\servdeps.dll - 2010-07-14 08:53 . 2004-08-04 12:00 56320 c:\windows\system32\servdeps.dll + 2004-08-04 12:00 . 2008-04-14 03:42 39424 c:\windows\system32\sens.dll + 2004-08-04 12:00 . 2008-04-14 03:42 54784 c:\windows\system32\sendmail.dll + 2004-08-04 12:00 . 2008-04-14 03:42 29184 c:\windows\system32\sendcmsg.dll - 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\sendcmsg.dll + 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\seclogon.dll + 2004-08-04 12:00 . 2008-04-14 03:42 18944 c:\windows\system32\seclogon.dll + 2004-08-04 12:00 . 2008-04-14 03:42 18944 c:\windows\system32\secedit.exe + 2004-08-04 12:00 . 2008-04-14 03:42 29184 c:\windows\system32\sdhcinst.dll - 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\sdhcinst.dll - 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\sdbinst.exe + 2004-08-04 12:00 . 2008-04-14 03:42 77312 c:\windows\system32\sdbinst.exe + 2004-08-04 12:00 . 2008-04-14 03:42 20480 c:\windows\system32\sclgntfy.dll - 2004-08-04 12:00 . 2004-08-04 12:00 95744 c:\windows\system32\scardsvr.exe + 2004-08-04 12:00 . 2008-04-14 03:42 95744 c:\windows\system32\scardsvr.exe - 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\scarddlg.dll + 2004-08-04 12:00 . 2008-04-14 03:42 69632 c:\windows\system32\scarddlg.dll - 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe + 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe - 2004-08-04 12:00 . 2004-08-04 12:00 13312 c:\windows\system32\savedump.exe + 2004-08-04 12:00 . 2008-04-14 03:42 13312 c:\windows\system32\savedump.exe - 2004-08-04 12:00 . 2004-08-04 12:00 64000 c:\windows\system32\samlib.dll + 2004-08-04 12:00 . 2008-04-14 03:42 64000 c:\windows\system32\samlib.dll - 2010-07-14 08:57 . 2004-08-04 12:00 45568 c:\windows\system32\safrslv.dll + 2010-07-14 08:57 . 2008-04-14 03:42 45568 c:\windows\system32\safrslv.dll + 2010-07-14 08:57 . 2008-04-14 03:42 29696 c:\windows\system32\safrdm.dll - 2010-07-14 08:57 . 2004-08-04 12:00 29696 c:\windows\system32\safrdm.dll + 2010-07-14 08:57 . 2008-04-14 03:42 43520 c:\windows\system32\safrcdlg.dll - 2010-07-14 08:57 . 2004-08-04 12:00 43520 c:\windows\system32\safrcdlg.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14336 c:\windows\system32\runonce.exe - 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\runonce.exe + 2004-08-04 12:00 . 2008-04-14 03:42 33280 c:\windows\system32\rundll32.exe - 2004-08-04 12:00 . 2004-08-04 12:00 33280 c:\windows\system32\rundll32.exe - 2004-08-04 12:00 . 2004-08-04 12:00 44032 c:\windows\system32\rtutils.dll + 2004-08-04 12:00 . 2008-04-14 03:42 44032 c:\windows\system32\rtutils.dll - 2004-08-04 12:00 . 2004-08-04 12:00 31744 c:\windows\system32\rtipxmib.dll + 2004-08-04 12:00 . 2008-04-14 03:42 31744 c:\windows\system32\rtipxmib.dll - 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\rtcshare.exe + 2004-08-04 12:00 . 2008-04-14 03:42 77312 c:\windows\system32\rtcshare.exe + 2004-08-04 12:00 . 2008-04-14 03:42 92672 c:\windows\system32\rsvpsp.dll + 2004-08-04 12:00 . 2008-04-14 03:42 18944 c:\windows\system32\rsmps.dll - 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\rsmps.dll - 2004-08-04 12:00 . 2004-08-04 12:00 39936 c:\windows\system32\rshx32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 39936 c:\windows\system32\rshx32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14848 c:\windows\system32\rsh.exe - 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\rsh.exe - 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\rexec.exe + 2004-08-04 12:00 . 2008-04-14 03:42 13824 c:\windows\system32\rexec.exe - 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\resutils.dll + 2004-08-04 12:00 . 2008-04-14 03:42 58880 c:\windows\system32\resutils.dll - 2010-07-14 08:53 . 2004-08-04 12:00 60416 c:\windows\system32\remotepg.dll + 2010-07-14 08:53 . 2008-04-14 03:42 60416 c:\windows\system32\remotepg.dll + 2012-02-01 19:33 . 2004-08-03 23:07 42368 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\AGP440.SYS + 2012-02-01 19:33 . 2004-08-04 12:00 35328 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\processr.sys - 2004-08-04 12:00 . 2004-08-04 12:00 11776 c:\windows\system32\regsvr32.exe + 2004-08-04 12:00 . 2008-04-14 03:42 11776 c:\windows\system32\regsvr32.exe + 2004-08-04 12:00 . 2008-04-14 03:42 59904 c:\windows\system32\regsvc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 59904 c:\windows\system32\regsvc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 49664 c:\windows\system32\regapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 49664 c:\windows\system32\regapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 50176 c:\windows\system32\reg.exe - 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\reg.exe + 2010-07-14 08:53 . 2008-04-14 03:42 67072 c:\windows\system32\rdshost.exe - 2010-07-14 08:53 . 2004-08-04 12:00 67072 c:\windows\system32\rdshost.exe + 2010-07-14 08:53 . 2008-04-14 03:42 13824 c:\windows\system32\rdsaddin.exe - 2010-07-14 08:53 . 2004-08-04 12:00 13824 c:\windows\system32\rdsaddin.exe + 2010-07-14 08:53 . 2008-04-14 03:43 87176 c:\windows\system32\rdpwsx.dll - 2010-07-14 08:53 . 2004-08-04 12:00 87176 c:\windows\system32\rdpwsx.dll + 2010-07-14 08:53 . 2008-04-14 03:42 19968 c:\windows\system32\rdpsnd.dll - 2010-07-14 08:53 . 2004-08-04 12:00 19968 c:\windows\system32\rdpsnd.dll + 2004-08-04 12:00 . 2008-04-14 03:43 92424 c:\windows\system32\rdpdd.dll + 2010-07-14 08:53 . 2008-04-14 03:42 62976 c:\windows\system32\rdpclip.exe - 2004-08-04 12:00 . 2004-08-04 12:00 21504 c:\windows\system32\rcp.exe + 2004-08-04 12:00 . 2008-04-14 03:42 21504 c:\windows\system32\rcp.exe - 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\rcimlby.exe + 2004-08-04 12:00 . 2008-04-14 03:42 35840 c:\windows\system32\rcimlby.exe + 2004-08-04 12:00 . 2008-04-14 03:42 58368 c:\windows\system32\rastapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 16384 c:\windows\system32\rassapi.dll + 2012-02-01 19:42 . 2008-04-14 03:42 61952 c:\windows\system32\rasqec.dll - 2004-08-04 12:00 . 2004-08-04 12:00 56832 c:\windows\system32\rasphone.exe + 2004-08-04 12:00 . 2008-04-14 03:42 56832 c:\windows\system32\rasphone.exe + 2004-08-04 12:00 . 2008-04-14 03:42 61440 c:\windows\system32\rasman.dll - 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\rasman.dll + 2004-08-04 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll + 2004-08-04 12:00 . 2008-04-14 03:42 88576 c:\windows\system32\rasauto.dll - 2010-07-14 08:57 . 2004-08-04 12:00 43520 c:\windows\system32\racpldlg.dll + 2010-07-14 08:57 . 2008-04-14 03:42 43520 c:\windows\system32\racpldlg.dll + 2012-02-01 19:42 . 2008-04-14 03:42 76800 c:\windows\system32\qutil.dll + 2010-07-14 08:53 . 2008-04-14 03:42 19968 c:\windows\system32\qprocess.exe + 2010-07-14 08:58 . 2008-04-14 03:42 18944 c:\windows\system32\qmgrprxy.dll - 2010-07-14 08:58 . 2004-08-04 12:00 18944 c:\windows\system32\qmgrprxy.dll + 2012-02-01 19:42 . 2008-04-14 03:42 62464 c:\windows\system32\qcliprov.dll + 2004-08-04 12:00 . 2008-04-14 03:42 34304 c:\windows\system32\pstorsvc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\pstorsvc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 43520 c:\windows\system32\pstorec.dll + 2004-08-04 12:00 . 2008-04-14 03:42 43520 c:\windows\system32\pstorec.dll - 2004-08-04 12:00 . 2004-08-04 12:00 96768 c:\windows\system32\psbase.dll + 2004-08-04 12:00 . 2008-04-14 03:42 96768 c:\windows\system32\psbase.dll - 2004-08-04 12:00 . 2004-08-04 12:00 23040 c:\windows\system32\psapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 23040 c:\windows\system32\psapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\proquota.exe + 2004-08-04 12:00 . 2008-04-14 03:42 50176 c:\windows\system32\proquota.exe - 2004-08-04 12:00 . 2004-08-04 12:00 27648 c:\windows\system32\profmap.dll + 2004-08-04 12:00 . 2008-04-14 03:42 27648 c:\windows\system32\profmap.dll + 2004-08-04 12:00 . 2008-04-14 03:42 17408 c:\windows\system32\powrprof.dll - 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\powrprof.dll - 2004-08-04 12:00 . 2004-08-04 12:00 49152 c:\windows\system32\powercfg.exe + 2004-08-04 12:00 . 2008-04-14 03:42 49152 c:\windows\system32\powercfg.exe + 2004-08-04 12:00 . 2008-04-14 03:42 58880 c:\windows\system32\pnrpnsp.dll + 2004-08-04 00:56 . 2008-04-14 03:42 15360 c:\windows\system32\pjlmon.dll - 2004-08-04 00:56 . 2004-08-04 12:00 15360 c:\windows\system32\pjlmon.dll - 2004-08-04 12:00 . 2004-08-04 12:00 17920 c:\windows\system32\ping.exe + 2004-08-04 12:00 . 2008-04-14 03:42 17920 c:\windows\system32\ping.exe - 2004-08-04 12:00 . 2004-08-04 12:00 24064 c:\windows\system32\pidgen.dll + 2004-08-04 12:00 . 2008-04-14 03:39 24064 c:\windows\system32\pidgen.dll - 2004-08-04 00:56 . 2004-08-04 12:00 35328 c:\windows\system32\pid.dll + 2004-08-04 00:56 . 2008-04-14 03:42 35328 c:\windows\system32\pid.dll + 2004-08-04 12:00 . 2008-04-14 03:42 34816 c:\windows\system32\perfproc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 34816 c:\windows\system32\perfproc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\perfos.dll + 2004-08-04 12:00 . 2008-04-14 03:42 25088 c:\windows\system32\perfos.dll + 2004-08-04 12:00 . 2008-04-14 03:42 17920 c:\windows\system32\perfnet.dll - 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\perfmon.exe + 2004-08-04 12:00 . 2008-04-14 03:42 15872 c:\windows\system32\perfmon.exe - 2004-08-04 12:00 . 2004-08-04 12:00 26624 c:\windows\system32\perfdisk.dll + 2004-08-04 12:00 . 2008-04-14 03:42 26624 c:\windows\system32\perfdisk.dll + 2004-08-04 12:00 . 2008-04-14 03:42 39936 c:\windows\system32\perfctrs.dll - 2004-08-04 12:00 . 2004-08-04 12:00 39936 c:\windows\system32\perfctrs.dll + 2004-08-04 12:00 . 2012-02-01 21:08 40836 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2012-01-31 01:54 40836 c:\windows\system32\perfc009.dat + 2004-08-04 12:00 . 2008-04-14 03:42 67584 c:\windows\system32\pautoenr.dll - 2004-08-04 12:00 . 2004-08-04 12:00 67584 c:\windows\system32\osuninst.dll + 2004-08-04 12:00 . 2008-04-14 03:42 67584 c:\windows\system32\osuninst.dll - 2004-08-04 12:00 . 2004-08-04 12:00 67584 c:\windows\system32\openfiles.exe + 2004-08-04 12:00 . 2008-04-14 03:42 67584 c:\windows\system32\openfiles.exe + 2010-07-14 08:57 . 2008-04-14 03:42 51200 c:\windows\system32\oobe\oobebaln.exe - 2010-07-14 08:57 . 2004-08-04 12:00 51200 c:\windows\system32\oobe\oobebaln.exe + 2010-07-14 08:59 . 2008-04-14 03:42 29184 c:\windows\system32\oobe\msoobe.exe + 2010-07-14 08:57 . 2008-04-14 03:42 19456 c:\windows\system32\oobe\msobweb.dll + 2010-07-14 08:57 . 2008-04-14 03:42 30720 c:\windows\system32\oobe\msobshel.dll - 2010-07-14 08:57 . 2004-08-04 12:00 30720 c:\windows\system32\oobe\msobshel.dll + 2010-07-14 08:57 . 2008-04-14 03:42 16384 c:\windows\system32\oobe\msobdl.dll - 2010-07-14 08:57 . 2004-08-04 12:00 16384 c:\windows\system32\oobe\msobdl.dll + 2004-08-04 12:00 . 2008-04-14 03:42 84992 c:\windows\system32\olepro32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 37376 c:\windows\system32\olecnv32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 74752 c:\windows\system32\olecli32.dll + 2004-08-04 12:00 . 2011-09-26 09:41 20480 c:\windows\system32\oleaccrc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20511 c:\windows\system32\odtext32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20511 c:\windows\system32\odtext32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odpdx32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20510 c:\windows\system32\odpdx32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odfox32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20510 c:\windows\system32\odfox32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odexl32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20510 c:\windows\system32\odexl32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 20511 c:\windows\system32\oddbse32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20511 c:\windows\system32\oddbse32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 12288 c:\windows\system32\odbcp32r.dll + 2004-08-04 12:00 . 2008-04-13 20:56 12288 c:\windows\system32\odbcp32r.dll - 2004-08-04 12:00 . 2004-08-04 12:00 53279 c:\windows\system32\odbcji32.dll + 2004-08-04 12:00 . 2008-04-14 03:40 53279 c:\windows\system32\odbcji32.dll + 2004-08-04 12:00 . 2008-04-13 20:56 94208 c:\windows\system32\odbcint.dll - 2004-08-04 12:00 . 2004-08-04 12:00 94208 c:\windows\system32\odbcint.dll + 2004-08-04 12:00 . 2008-04-14 03:42 65536 c:\windows\system32\odbccu32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 65536 c:\windows\system32\odbccu32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 65536 c:\windows\system32\odbccr32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 65536 c:\windows\system32\odbccr32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\odbcconf.exe + 2004-08-04 12:00 . 2008-04-14 03:42 69632 c:\windows\system32\odbcconf.exe + 2004-08-04 12:00 . 2008-04-14 03:42 24576 c:\windows\system32\odbcbcp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\odbcbcp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 32768 c:\windows\system32\odbcad32.exe + 2004-08-04 12:00 . 2008-04-14 03:42 32768 c:\windows\system32\odbcad32.exe + 2004-08-04 12:00 . 2008-04-14 03:42 16384 c:\windows\system32\odbc32gt.dll - 2004-08-04 12:00 . 2004-08-04 12:00 16384 c:\windows\system32\odbc32gt.dll + 2004-08-04 12:00 . 2008-04-14 03:42 67584 c:\windows\system32\ocmanage.dll + 2004-08-04 12:00 . 2008-04-14 03:42 65536 c:\windows\system32\nwwks.dll + 2004-08-04 12:00 . 2008-04-14 03:42 64000 c:\windows\system32\nwapi32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 15360 c:\windows\system32\ntvdmd.dll + 2004-08-04 12:00 . 2008-04-14 03:42 91136 c:\windows\system32\ntprint.dll - 2004-08-04 12:00 . 2004-08-04 12:00 91136 c:\windows\system32\ntprint.dll - 2004-08-04 12:00 . 2004-08-04 12:00 40960 c:\windows\system32\ntmsapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 40960 c:\windows\system32\ntmsapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 44032 c:\windows\system32\ntlanman.dll + 2004-08-04 12:00 . 2008-04-14 03:42 67072 c:\windows\system32\ntdsapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 67072 c:\windows\system32\ntdsapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 76800 c:\windows\system32\nslookup.exe + 2004-08-04 12:00 . 2008-04-14 03:42 76800 c:\windows\system32\nslookup.exe - 2004-08-04 12:00 . 2004-08-04 12:00 54784 c:\windows\system32\npptools.dll + 2004-08-04 12:00 . 2008-04-14 03:42 54784 c:\windows\system32\npptools.dll + 2004-08-04 12:00 . 2008-04-14 03:42 15360 c:\windows\system32\npp\nppagent.exe - 2004-08-04 12:00 . 2004-08-04 12:00 15360 c:\windows\system32\npp\nppagent.exe + 2004-08-04 12:00 . 2008-04-14 03:42 57344 c:\windows\system32\npp\ndisnpp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 57344 c:\windows\system32\npp\ndisnpp.dll + 2004-08-04 12:00 . 2008-04-14 03:42 69120 c:\windows\system32\notepad.exe - 2004-08-04 12:00 . 2004-08-04 12:00 69120 c:\windows\system32\notepad.exe + 2010-07-14 08:57 . 2008-04-14 03:42 28672 c:\windows\system32\nmmkcert.dll - 2010-07-14 08:57 . 2004-08-04 12:00 28672 c:\windows\system32\nmmkcert.dll + 2004-08-04 12:00 . 2008-04-14 03:42 98304 c:\windows\system32\nlhtml.dll + 2004-08-04 12:00 . 2008-04-14 03:42 80896 c:\windows\system32\netui0.dll - 2004-08-04 12:00 . 2004-08-04 12:00 80896 c:\windows\system32\netui0.dll - 2004-08-04 12:00 . 2004-08-04 12:00 36864 c:\windows\system32\netstat.exe + 2004-08-04 12:00 . 2008-04-14 03:42 36864 c:\windows\system32\netstat.exe - 2004-08-04 12:00 . 2004-08-04 12:00 86016 c:\windows\system32\netsh.exe + 2004-08-04 12:00 . 2008-04-14 03:42 86016 c:\windows\system32\netsh.exe + 2004-08-04 12:00 . 2008-04-14 03:42 11776 c:\windows\system32\netrap.dll + 2004-08-04 12:00 . 2008-04-14 03:42 42496 c:\windows\system32\net.exe - 2004-08-04 12:00 . 2004-08-04 12:00 42496 c:\windows\system32\net.exe + 2004-08-04 12:00 . 2008-04-14 03:42 18944 c:\windows\system32\nddenb32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\nddenb32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 17920 c:\windows\system32\nddeapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 17920 c:\windows\system32\nddeapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 36352 c:\windows\system32\ncobjapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 36352 c:\windows\system32\ncobjapi.dll + 2004-08-04 12:00 . 2008-04-14 03:42 53760 c:\windows\system32\narrator.exe - 2004-08-04 12:00 . 2004-08-04 12:00 53760 c:\windows\system32\narrator.exe + 2012-02-01 19:42 . 2008-04-14 03:42 30208 c:\windows\system32\napipsec.dll - 2004-08-04 12:00 . 2004-08-04 12:00 90624 c:\windows\system32\mydocs.dll + 2004-08-04 12:00 . 2008-04-14 03:42 90624 c:\windows\system32\mydocs.dll - 2010-07-14 08:53 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll + 2010-07-14 08:53 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll + 2010-07-14 08:54 . 2008-04-14 03:42 34304 c:\windows\system32\mtxlegih.dll + 2010-07-14 08:54 . 2008-04-14 03:42 30720 c:\windows\system32\mtxdm.dll + 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll - 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll - 2004-08-04 00:56 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll + 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll + 2012-02-01 19:42 . 2008-04-13 20:57 79872 c:\windows\system32\msxml6r.dll + 2004-08-04 12:00 . 2008-04-14 03:42 72704 c:\windows\system32\msw3prt.dll - 2004-08-04 12:00 . 2004-08-04 12:00 72704 c:\windows\system32\msw3prt.dll + 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll - 2004-08-04 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\msvcrt40.dll + 2004-08-04 12:00 . 2008-04-13 22:00 61440 c:\windows\system32\msvcrt40.dll + 2004-08-04 12:00 . 2008-04-14 03:42 57344 c:\windows\system32\msvcirt.dll + 2010-07-14 08:57 . 2008-04-14 03:42 12288 c:\windows\system32\mstinit.exe - 2010-07-14 08:57 . 2004-08-04 12:00 12288 c:\windows\system32\mstinit.exe + 2012-02-01 19:42 . 2008-04-13 21:45 76800 c:\windows\system32\msshavmsg.dll + 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll - 2004-08-04 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll + 2004-08-04 12:00 . 2008-04-13 19:53 48128 c:\windows\system32\msprivs.dll - 2004-08-04 12:00 . 2004-08-04 12:00 48128 c:\windows\system32\msprivs.dll + 2004-08-04 12:00 . 2008-04-14 03:42 29696 c:\windows\system32\mspatcha.dll - 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\msorc32r.dll + 2004-08-04 12:00 . 2008-04-13 20:54 20480 c:\windows\system32\msorc32r.dll + 2004-08-04 12:00 . 2008-04-14 03:42 25088 c:\windows\system32\mslbui.dll - 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\mslbui.dll + 2004-08-04 12:00 . 2007-04-02 16:19 60192 c:\windows\system32\msjter40.dll - 2004-08-04 12:00 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll + 2004-08-04 12:00 . 2008-04-14 03:42 15360 c:\windows\system32\msisip.dll + 2004-08-04 12:00 . 2008-04-14 03:42 78848 c:\windows\system32\msiexec.exe - 2004-08-04 12:00 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe + 2004-08-04 12:00 . 2008-04-14 03:42 51712 c:\windows\system32\msident.dll - 2004-08-04 12:00 . 2004-08-04 12:00 51712 c:\windows\system32\msident.dll + 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll - 2004-08-04 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll + 2004-08-04 12:00 . 2008-04-14 03:42 33792 c:\windows\system32\msgsvc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 33792 c:\windows\system32\msgsvc.dll - 2009-03-08 02:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll + 2009-03-08 02:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll + 2010-07-14 08:53 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll - 2010-07-14 08:53 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll + 2004-08-04 12:00 . 2008-04-14 03:42 14336 c:\windows\system32\msdmo.dll - 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\msdmo.dll + 2004-08-04 12:00 . 2008-04-14 03:42 68608 c:\windows\system32\msctfp.dll + 2004-08-04 12:00 . 2008-04-14 03:42 36864 c:\windows\system32\mscpxl32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 36864 c:\windows\system32\mscpxl32.dLL + 2004-08-04 12:00 . 2008-04-13 20:56 12288 c:\windows\system32\mscpx32r.dll - 2004-08-04 12:00 . 2004-08-04 12:00 12288 c:\windows\system32\mscpx32r.dLL + 2010-07-14 08:57 . 2008-04-14 03:42 69632 c:\windows\system32\msconf.dll - 2010-07-14 08:57 . 2004-08-04 12:00 69632 c:\windows\system32\msconf.dll + 2004-08-04 12:00 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll - 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll - 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll + 2004-08-04 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll + 2004-08-04 12:00 . 2008-04-14 03:42 86016 c:\windows\system32\msapsspc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 86016 c:\windows\system32\msapsspc.dll - 2004-08-04 12:00 . 2004-08-04 12:00 71680 c:\windows\system32\msacm32.dll + 2004-08-04 12:00 . 2008-04-14 03:42 71680 c:\windows\system32\msacm32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 89088 c:\windows\system32\mqlogmgr.dll + 2004-08-04 12:00 . 2008-04-14 03:41 89088 c:\windows\system32\mqlogmgr.dll + 2004-08-04 12:00 . 2008-04-14 03:41 53248 c:\windows\system32\mprdim.dll - 2004-08-04 12:00 . 2004-08-04 12:00 87040 c:\windows\system32\mprapi.dll + 2004-08-04 12:00 . 2008-04-14 03:41 87040 c:\windows\system32\mprapi.dll + 2004-08-04 12:00 . 2008-04-14 03:41 59904 c:\windows\system32\mpr.dll - 2004-08-04 12:00 . 2004-08-04 12:00 59904 c:\windows\system32\mpr.dll + 2004-08-04 12:00 . 2008-04-14 03:42 16896 c:\windows\system32\more.com + 2010-07-14 08:57 . 2008-04-14 03:42 32768 c:\windows\system32\mnmsrvc.exe - 2010-07-14 08:57 . 2004-08-04 12:00 32768 c:\windows\system32\mnmsrvc.exe - 2010-07-14 08:57 . 2004-08-04 12:00 34560 c:\windows\system32\mnmdd.dll + 2010-07-14 08:57 . 2008-04-14 03:41 34560 c:\windows\system32\mnmdd.dll + 2010-07-14 08:53 . 2008-04-14 03:41 17408 c:\windows\system32\mmfutil.dll - 2010-07-14 08:53 . 2004-08-04 12:00 17408 c:\windows\system32\mmfutil.dll + 2004-08-04 12:00 . 2008-04-14 03:41 61440 c:\windows\system32\mmcshext.dll + 2012-02-01 19:42 . 2008-04-14 03:42 33792 c:\windows\system32\mmcperf.exe + 2004-08-04 12:00 . 2008-04-14 03:41 29696 c:\windows\system32\mimefilt.dll + 2004-08-04 12:00 . 2008-04-14 03:41 60928 c:\windows\system32\miglibnt.dll - 2004-08-04 12:00 . 2004-08-04 12:00 60928 c:\windows\system32\miglibnt.dll - 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\midimap.dll + 2004-08-04 12:00 . 2008-04-14 03:41 18944 c:\windows\system32\midimap.dll + 2004-08-04 12:00 . 2008-04-14 03:41 14848 c:\windows\system32\mgmtapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\mgmtapi.dll - 2004-08-04 12:00 . 2004-08-04 12:00 22528 c:\windows\system32\mfcsubs.dll + 2004-08-04 12:00 . 2008-04-14 03:41 22528 c:\windows\system32\mfcsubs.dll + 2004-08-04 12:00 . 2008-04-14 03:41 40960 c:\windows\system32\mf3216.dll + 2012-02-01 19:42 . 2008-04-14 03:41 86016 c:\windows\system32\mdmxsdk.dll + 2004-08-04 12:00 . 2008-04-14 03:41 23552 c:\windows\system32\mciwave.dll - 2004-08-04 12:00 . 2004-08-04 12:00 23552 c:\windows\system32\mciwave.dll + 2004-08-04 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll - 2004-08-04 12:00 . 2004-08-04 12:00 23040 c:\windows\system32\mciseq.dll - 2004-08-04 12:00 . 2004-08-04 12:00 35328 c:\windows\system32\mciqtz32.dll + 2004-08-04 12:00 . 2008-04-14 03:41 35328 c:\windows\system32\mciqtz32.dll + 2004-08-04 12:00 . 2008-04-14 03:41 84480 c:\windows\system32\mciavi32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 84480 c:\windows\system32\mciavi32.dll + 2004-08-04 12:00 . 2008-04-14 03:41 14336 c:\windows\system32\mcastmib.dll + 2004-08-04 12:00 . 2008-04-14 03:42 57344 c:\windows\system32\makecab.exe - 2004-08-04 12:00 . 2004-08-04 12:00 72704 c:\windows\system32\magnify.exe + 2004-08-04 12:00 . 2008-04-14 03:42 72704 c:\windows\system32\magnify.exe + 2004-08-04 12:00 . 2008-04-14 03:42 13312 c:\windows\system32\lsass.exe - 2004-08-04 12:00 . 2004-08-04 12:00 13312 c:\windows\system32\lsass.exe + 2004-08-04 12:00 . 2008-04-14 03:41 10240 c:\windows\system32\lprhelp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 10240 c:\windows\system32\lprhelp.dll - 2004-08-04 12:00 . 2004-08-04 12:00 22016 c:\windows\system32\lpk.dll + 2004-08-04 12:00 . 2008-04-14 03:41 22016 c:\windows\system32\lpk.dll + 2004-08-04 12:00 . 2008-04-14 03:42 59392 c:\windows\system32\logman.exe - Това е една малка част от лога , обърках се не знам до къде съм го копирал !!! Няма ли друг начин да го изпратя целия !? Или да почвам от начало , по малко и да внимавам повече.. !!!

  • Цитирай

    Публикувано изображение Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

  • Цитирай

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
ClearJavaCache::

File::
c:\windows\system32\KB905474\wgasetup.exe

AtJob::

Folder::
C:\extensions
C:\VundoFix Backups
c:\documents and settings\h\Doctor Web
c:\program files\Common Files\Doctor Web
c:\program files\DrWeb

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

  • Цитирай
    • Автор

    Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.04.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 h :: H-3C60CB0E64C74 [administrator] 2/4/2012 11:32:58 AM mbam-log-2012-02-04 (11-32-58).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206572 Time elapsed: 1 hour(s), 11 minute(s), 32 second(s) Memory Processes Detected: 1 C:\Program Files\Lwgame RuBar Toolbar\RubarUpdateService.exe (PUP.Rubar) -> 2056 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 27 HKCR\AppID\{6A44A601-E455-47D9-9712-0B79EEE39A9C} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\AppID\{9285AB27-8BD7-421A-9AA5-2523C00D4E4A} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\AppID\{D17B4854-A796-4173-9775-5FB684E40ADA} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\CLSID\{0411B32B-E91D-4208-8913-9DB95BE806C3} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\Broker.ServerLayer.1 (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\Broker.ServerLayer (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\CLSID\{23DD83B5-BDDC-49CE-B77B-514819C6D551} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\TypeLib\{C41FAEC8-6123-4F4D-8B1F-426AF5F9A59A} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\Interface\{270860E2-0441-4BB9-9FE1-FAE0ECBB2E97} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\iebar.PluginCore.1 (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\iebar.PluginCore (PUP.Rubar) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{23DD83B5-BDDC-49CE-B77B-514819C6D551} (PUP.Rubar) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23DD83B5-BDDC-49CE-B77B-514819C6D551} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\CLSID\{8DBC3732-863F-41B4-9A36-BCDBEB05E7C5} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\Interface\{8DBC3732-863F-41B4-9A36-BCDBEB05E7C5} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\CLSID\{BC64691C-C3A7-4913-9301-6D323BC72B93} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\TypeLib\{6515FF50-8533-49F9-B5A1-8839E9DF8E22} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\Interface\{72FA4765-9255-4C69-AB1F-23F78B3D94D6} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\Broker.RubarDealer.1 (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\Broker.RubarDealer (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\CLSID\{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677} (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\iebar.Searcher.1 (PUP.Rubar) -> Quarantined and deleted successfully. HKCR\iebar.Searcher (PUP.Rubar) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677} (PUP.Rubar) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677} (PUP.Rubar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677} (PUP.Rubar) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\Rubar Update Service (PUP.Rubar) -> Quarantined and deleted successfully. Registry Values Detected: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{23DD83B5-BDDC-49CE-B77B-514819C6D551} (PUP.Rubar) -> Data: Rubar Toolbar -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677} (PUP.Rubar) -> Data: поиск от Яндекса -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{C44D2EA2-FCCE-4CE8-8710-5ED0D33F7677} (PUP.Rubar) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{23DD83B5-BDDC-49CE-B77B-514819C6D551} (PUP.Rubar) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Documents and Settings\h\Application Data\Rubar-Toolbar (PUP.Rubar) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Rubar-Toolbar (PUP.Rubar) -> Delete on reboot. Files Detected: 8 C:\Program Files\Lwgame RuBar Toolbar\rubar.dll (PUP.Rubar) -> Quarantined and deleted successfully. C:\Program Files\Lwgame RuBar Toolbar\RubarBroker.exe (PUP.Rubar) -> Quarantined and deleted successfully. C:\Program Files\Datecs\FlexType 2K\Remove.exe (Trojan.FakeAlert.SecGen) -> Quarantined and deleted successfully. C:\Program Files\Driver Magician\crd.exe (TheftMarker.Crude) -> Quarantined and deleted successfully. C:\Program Files\Lwgame RuBar Toolbar\RubarUpdateService.exe (PUP.Rubar) -> Delete on reboot. C:\Documents and Settings\h\Application Data\Rubar-Toolbar\Broker.log.log (PUP.Rubar) -> Quarantined and deleted successfully. C:\Documents and Settings\h\Application Data\Rubar-Toolbar\MsiHelper.log.log (PUP.Rubar) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Rubar-Toolbar\Service.log.log (PUP.Rubar) -> Delete on reboot. (end) ComboFix 12-02-03.02 - h 02/04/2012 13:09:41.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.255.9 [GMT 2:00] Running from: c:\documents and settings\h\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\h\Desktop\CFScript.txt.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 ))))))))))))))))))))))))))))))) . . 2012-02-04 09:28 . 2012-02-04 09:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-02-04 09:28 . 2012-02-04 09:28 -------- dc----w- c:\documents and settings\h\Application Data\Malwarebytes 2012-02-04 09:28 . 2012-02-04 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-02-04 09:28 . 2012-02-04 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-04 09:28 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-02 19:53 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-02-02 19:48 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-02-02 19:48 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-02-02 19:37 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-02-02 19:36 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-02-02 19:34 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-02-02 19:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-02-01 19:36 . 2008-04-14 03:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll 2012-02-01 19:33 . 2006-12-28 22:31 19569 ----a-w- c:\windows\002845_.tmp 2012-01-31 10:37 . 2012-01-31 10:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-01-31 01:27 . 2012-01-31 01:27 -------- d-----w- c:\windows\system32\KB905474 2012-01-31 01:07 . 2012-02-01 19:38 -------- d-----w- c:\windows\ServicePackFiles 2012-01-31 01:05 . 2012-02-03 01:10 -------- d-----w- c:\windows\ie8updates 2012-01-30 08:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2012-01-30 08:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-01-30 08:56 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-01-30 08:56 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-01-30 08:54 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-01-30 08:54 . 2011-11-04 19:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-01-30 08:54 . 2011-11-04 19:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-01-30 08:54 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-01-30 08:54 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-01-30 08:54 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-01-30 08:54 . 2011-11-04 19:20 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-01-30 08:54 . 2011-11-04 19:20 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-01-30 08:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-01-30 08:48 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2012-01-30 08:47 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys 2012-01-30 08:47 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-01-30 08:46 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2012-01-30 08:46 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2012-01-30 08:46 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2012-01-30 08:46 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2012-01-30 08:46 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2012-01-30 08:46 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2012-01-30 08:46 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2012-01-30 08:46 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll 2012-01-30 08:46 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2012-01-30 08:46 . 2011-10-25 13:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2012-01-30 08:46 . 2011-10-25 13:33 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2012-01-30 08:46 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2012-01-30 08:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2012-01-30 08:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2012-01-30 08:35 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2012-01-30 08:35 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2012-01-30 06:53 . 2012-02-03 01:21 -------- d--h--w- c:\windows\$hf_mig$ 2012-01-28 16:38 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-28 16:38 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-28 16:38 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-28 16:38 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-28 16:38 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-28 16:38 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-01-28 16:38 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-01-28 16:38 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-01-28 16:36 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-01-28 16:36 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\program files\AVAST Software 2012-01-28 16:35 . 2012-01-28 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-01-28 14:09 . 2012-01-28 14:09 -------- d-----w- C:\VundoFix Backups 2012-01-27 12:03 . 2012-01-27 12:03 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\bluesoleil 2012-01-27 11:58 . 2012-01-27 11:58 -------- d-----w- c:\program files\IVT Corporation 2012-01-26 16:40 . 2012-01-26 16:40 -------- d-----w- c:\program files\Microsoft Silverlight 2012-01-25 14:34 . 2012-01-25 14:34 -------- dc----w- c:\documents and settings\h\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis 2012-01-25 14:34 . 2012-01-25 15:13 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Mirillis 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Thinstall 2012-01-25 14:23 . 2012-01-25 14:23 -------- dc----w- c:\documents and settings\h\Application Data\Thinstall 2012-01-25 12:41 . 2012-01-25 12:41 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Daum 2012-01-25 12:40 . 2012-01-25 12:40 -------- d-----w- c:\program files\DAUM 2012-01-25 11:17 . 2012-01-25 11:17 -------- dc----w- c:\documents and settings\h\Application Data\rubar 2012-01-25 11:16 . 2012-01-25 11:16 -------- d-----w- C:\extensions 2012-01-25 11:16 . 2012-01-25 11:16 -------- dc----w- c:\documents and settings\h\Application Data\Lwgame RuBar 2012-01-25 11:16 . 2012-02-04 10:53 -------- d-----w- c:\program files\Lwgame RuBar Toolbar 2012-01-25 11:14 . 2010-05-26 08:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-01-24 10:34 . 2012-01-24 10:34 -------- d-----w- c:\program files\Xenocode 2012-01-22 14:57 . 2012-01-22 14:58 -------- dc----w- c:\documents and settings\h\Doctor Web 2012-01-22 14:33 . 2012-01-30 20:01 -------- d-----w- c:\program files\Common Files\Doctor Web 2012-01-22 14:29 . 2012-01-23 17:35 -------- d-----w- c:\program files\DrWeb 2012-01-21 11:29 . 2012-01-21 11:29 -------- d-----w- c:\program files\Windows Sidebar 2012-01-21 11:29 . 2012-01-21 11:30 474 ----a-w- C:\user.js 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Local Settings\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- dc----w- c:\documents and settings\h\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2012-01-21 11:28 . 2012-01-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2012-01-21 11:28 . 2012-01-21 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2012-01-10 08:30 . 2012-01-10 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-02-03_17.53.57 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-04 10:55 . 2012-02-04 10:55 16384 c:\windows\Temp\Perflib_Perfdata_540.dat + 2012-02-04 11:26 . 2012-02-04 11:26 16384 c:\windows\Temp\Perflib_Perfdata_154.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 28160] "PerfectSpeed.exe"="c:\program files\Raxco\PerfectSpeed20\PerfectSpeed.exe" [2010-01-21 7365896] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\documents and settings\h\Start Menu\Programs\Startup\ Изрязване на екран и стартиране на OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2010-7-14 95232] SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-2-26 532480] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-07-14 13:05 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-12 10:48 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\IP-TV Player\\IpTvPlayer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 10:39 PM 20744] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/28/2012 6:38 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/28/2012 6:38 PM 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/28/2012 6:38 PM 20568] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 4:40 PM 143467] R2 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [1/21/2010 10:33 AM 779528] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 11:44 AM 30088] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 1:58 PM 26248] R3 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [1/21/2010 10:33 AM 947464] S2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2011 10:42 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2011 10:42 PM 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/4/2012 11:28 AM 40776] . Contents of the 'Scheduled Tasks' folder . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 20:42] . 2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003Core.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-343818398-839522115-1003UA.job - c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-04 16:38] . 2012-02-03 c:\windows\Tasks\User_Feed_Synchronization-{207FF4D3-462C-4DC7-824C-E8842C7305A8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . 2012-02-04 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2012-01-31 20:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.bg/ uDefault_Search_URL = yandex.ru mSearch Bar = yandex.ru uSearchAssistant = yandex.ru IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm Trusted Zone: digicom.bg\tv Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} - hxxp://tv.digicom.bg/vlc-0.9.9-win32.exe DPF: {E23FE9C6-778E-49D4-B537-38FCDE4887D8} - hxxp://tv.digicom.bg/dtvax.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-04 13:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(264) c:\windows\system32\WININET.dll c:\windows\system32\newdll.dll c:\program files\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\BsMobileSDK.dll c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE . ************************************************************************** . Completion time: 2012-02-04 13:37:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-04 11:37 ComboFix2.txt 2012-02-03 18:00 ComboFix3.txt 2012-01-31 18:13 ComboFix4.txt 2012-01-30 21:18 ComboFix5.txt 2012-02-04 11:03 . Pre-Run: 7,005,929,472 bytes free Post-Run: 7,003,402,240 bytes free . - - End Of File - - D22BFC0B0C929FCF6138BC9AEE62FB35

  • Цитирай

    Отново скрипта с Комбофик не е сработил..Не знам по каква причина добавя в този ред допълнително разширение и мисля че това е причината...!

    Command switches used :: c:\documents and settings\h\Desktop\CFScript.txt.txt

  • Цитирай

    • Архивирана тема

    Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

    Назад

    Разглеждащи това в момента 0

    • Няма регистрирани потребители разглеждащи тази страница.

    Дарение

    • Подкрепи съществуването на форума - направи дарение
      25%
      Дарени 252.69 EUR от нужните 1,000.00 EUR

    Бюлетин

    Получавайте известие, когато има важна промяна или новина свързана с форума.
    Абонирайте се

    Профил

    Навигация

    Търсене

    Търсене

    Конфигуриране на push известия в браузъра
    Chrome (Android)
    1. Докоснете иконата на катинар до адресната лента.
    2. Докоснете Разрешения → Известия.
    3. Променете предпочитанията си.
    Chrome (Desktop)
    1. Кликнете върху иконата на катинар в адресната лента.
    2. Изберете Настройки на сайта.
    3. Намерете Известия и коригирайте предпочитанията си.