Созданные ответы форума
-
Сообщения
-
ComboFix 09-09-18.02 — Кристина 20.09.2009 16:55.2.2 — FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1023.394 [GMT 4:00]
Running from: c:documents and settingsКристинаРабочий столComboFix.exe
Command switches used :: c:documents and settingsКристинаРабочий столCFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090919-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FILE ::
«c:windowssystem32driverszdqmyvdo.sys»
«c:windowssystem32gswinva6.exe»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowsALCMTR.EXE
c:windowssystem32gswinva6.exe.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ZBLBGUM
Service_zblbgum((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.2009-09-17 14:57 . 2009-09-17 14:57
d
w- c:program filestrend micro
2009-09-17 14:57 . 2009-09-17 14:57
d
w- C:rsit
2009-09-16 22:54 . 2009-08-17 16:04 51376 —-a-w- c:windowssystem32driversaswTdi.sys
2009-09-16 22:54 . 2009-08-17 16:04 23152 —-a-w- c:windowssystem32driversaswRdr.sys
2009-09-16 22:54 . 2009-08-17 16:03 26944 —-a-w- c:windowssystem32driversaavmker4.sys
2009-09-16 22:54 . 2009-08-17 16:02 97480 —-a-w- c:windowssystem32AvastSS.scr
2009-09-16 22:54 . 2009-08-17 16:05 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2009-09-16 22:54 . 2009-08-17 16:06 93392 —-a-w- c:windowssystem32driversaswmon.sys
2009-09-16 22:54 . 2009-08-17 16:06 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2009-09-16 22:54 . 2009-08-17 16:05 114768 —-a-w- c:windowssystem32driversaswSP.sys
2009-09-16 22:53 . 2009-08-17 16:10 1279456 —-a-w- c:windowssystem32aswBoot.exe
2009-09-16 22:53 . 2009-09-16 22:53
d
w- c:program filesAlwil Software
2009-09-16 21:26 . 2009-09-16 21:26
d
w- c:documents and settingsAll UsersApplication DataTEMP
2009-09-16 20:17 . 2009-09-16 20:17
d
w- c:documents and settingsКристинаApplication DataMalwarebytes
2009-09-16 20:16 . 2009-09-10 10:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-16 20:16 . 2009-09-16 20:16
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-09-16 20:16 . 2009-09-10 10:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-09-16 20:16 . 2009-09-16 20:16
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-09-11 16:00 . 2009-09-11 16:00
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2009-09-09 12:58 . 2009-06-21 21:48 153088
w- c:windowssystem32dllcachetriedit.dll
2009-09-08 18:17 . 2009-09-08 18:17
d-sh—w- c:documents and settingsКристинаPrivacIE
2009-09-08 18:00 . 2009-09-08 18:00
d-sh—w- c:documents and settingsКристинаIETldCache
2009-09-08 17:56 . 2009-09-08 17:56
d
w- c:windowsie8updates
2009-09-08 17:54 . 2009-09-08 17:54
d—h—w- c:windowsie8
2009-09-08 17:54 . 2009-09-08 17:54
d
w- c:program filesMicrosoft Silverlight
2009-09-08 17:53 . 2009-09-08 17:53
d—h—w- c:windowsmsdownld.tmp
2009-09-08 17:47 . 2009-08-07 08:48 100352
w- c:windowssystem32dllcacheiecompat.dll
2009-09-08 17:47 . 2009-07-03 17:00 55296
w- c:windowssystem32dllcachemsfeedsbs.dll
2009-09-08 17:47 . 2009-07-03 17:00 246272
w- c:windowssystem32dllcacheieproxy.dll
2009-09-08 17:47 . 2009-07-03 17:00 12800
w- c:windowssystem32dllcachexpshims.dll
2009-09-08 17:47 . 2009-07-03 17:00 1985536
w- c:windowssystem32dllcacheiertutil.dll
2009-09-08 17:47 . 2009-07-03 17:00 594432
w- c:windowssystem32dllcachemsfeeds.dll
2009-09-01 14:26 . 2009-07-10 13:28 1315328
w- c:windowssystem32dllcachemsoe.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 21:49 . 2009-09-16 21:49 7396 —-a-w- c:windowssystem32driverspctcore.cat
2009-08-05 09:01 . 2004-09-22 13:51 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesCommon Filesxing shared
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesCommon FilesReal
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesReal
2009-07-17 19:03 . 2004-09-22 13:50 58880 —-a-w- c:windowssystem32atl.dll
2009-07-13 08:21 . 2004-09-22 13:51 49750 —-a-w- c:windowssystem32perfc019.dat
2009-07-13 08:21 . 2004-09-22 13:51 346690 —-a-w- c:windowssystem32perfh019.dat
2009-07-12 08:21 . 2004-09-22 13:51 233472 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-03 17:00 . 2004-09-22 13:51 915456
w- c:windowssystem32wininet.dll
2009-06-25 08:27 . 2004-09-22 13:51 54272 —-a-w- c:windowssystem32wdigest.dll
2009-06-25 08:27 . 2004-09-22 13:51 56832 —-a-w- c:windowssystem32secur32.dll
2009-06-25 08:27 . 2004-09-22 13:51 147456 —-a-w- c:windowssystem32schannel.dll
2009-06-25 08:27 . 2004-09-22 13:51 136192 —-a-w- c:windowssystem32msv1_0.dll
2009-06-25 08:27 . 2004-09-22 13:51 732160 —-a-w- c:windowssystem32lsasrv.dll
2009-06-25 08:27 . 2004-09-22 13:51 301568 —-a-w- c:windowssystem32kerberos.dll
2009-06-24 11:18 . 2004-09-22 13:51 92928 —-a-w- c:windowssystem32driversksecdd.sys
2008-12-07 23:00 . 2008-12-07 22:59 2788800 —-a-w- c:program filesFLV PlayerFCSetup.exe
2008-12-07 22:59 . 2008-12-07 22:58 8320728 —-a-w- c:program filesFLV PlayerRCATSetup.exe
2008-12-07 22:55 . 2008-12-07 22:54 20938728 —-a-w- c:program filesFLV PlayerRCSetup.exe
2009-01-13 22:36 . 2006-12-26 11:22 67688 —-a-w- c:program filesmozilla firefoxcomponentsjar50.dll
2009-01-13 22:36 . 2006-12-26 11:22 54368 —-a-w- c:program filesmozilla firefoxcomponentsjsd3250.dll
2009-01-13 22:36 . 2006-12-26 11:22 46712 —-a-w- c:program filesmozilla firefoxcomponentsspellchk.dll
2009-01-13 22:36 . 2006-12-26 11:22 34944 —-a-w- c:program filesmozilla firefoxcomponentsmyspell.dll
2009-01-13 22:36 . 2006-12-26 11:22 172136 —-a-w- c:program filesmozilla firefoxcomponentsxpinstal.dll
.((((((((((((((((((((((((((((( SnapShot@2009-09-17_20.27.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 13:11 . 2009-09-20 13:11 16384 c:windowsTempPerflib_Perfdata_7d4.dat
+ 2009-09-19 11:45 . 2009-09-19 11:45 16384 c:windowsTempPerflib_Perfdata_724.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-04-16 24264488]
«Tutor.exe»=»c:program filesABBYY Lingvo 12Tutor.exe» [2006-12-13 987136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HControl»=»c:windowsATK0100HControl.exe» [2006-04-17 110592]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-03-16 7561216]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-03-16 86016]
«ASUS Live Update»=»c:program filesASUSASUS Live UpdateALU.exe» [2006-02-21 180224]
«Wireless Console 2″=»c:program filesWireless Console 2wcourier.exe» [2005-10-17 987136]
«ATKMEDIA»=»c:program filesASUSATK MediaDMEDIA.EXE» [2006-02-15 49152]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2006-05-25 786521]
«ABLKSR»=»c:windowsABLKSRABLKSR.exe» [2006-01-02 61440]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«ACMON»=»c:program filesASUSSplendidACMON.exe» [2006-02-21 17920]
«IntelZeroConfig»=»c:program filesIntelWirelessbinZCfgSvc.exe» [2006-04-14 667718]
«IntelWireless»=»c:program filesIntelWirelessBinifrmewrk.exe» [2006-04-14 602182]
«EOUApp»=»c:program filesIntelWirelessBinEOUWiz.exe» [2006-04-14 569413]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2003-12-12 33792]
«EPSON Stylus Photo R220 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_FATIAIE.EXE» [2005-03-09 98304]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2006-11-12 157592]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2006-12-13 258048]
«QuickTime Task»=»c:program filesK-Lite Codec PackQuickTimeqttask.exe» [2008-03-28 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2008-03-30 267048]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2009-07-28 198160]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-08-17 81000]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-03-16 1519616]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2006-05-04 16206848][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2006-12-26 278528]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-3-30 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\UTORRENT.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Documents and Settings\Кристина\Рабочий стол\utorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [17.09.2009 2:54 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [17.09.2009 2:54 20560]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:windowssystem32driversSynMini.sys [17.10.2006 10:21 841110]
R3 SynScan;ASUS WebCam Still Image;c:windowssystem32driversSynScan.sys [17.10.2006 10:21 8278]
S2 gupdate1ca0f77dbc21edc;Служба Google Update (gupdate1ca0f77dbc21edc);c:program filesGoogleUpdateGoogleUpdate.exe [28.07.2009 15:37 133104]
.
Contents of the ‘Scheduled Tasks’ folder2009-07-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 10:57]2009-09-20 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-28 11:37]2009-09-20 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-28 11:37]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Опубликовать в Дневнике — c:program filesRambler AssistantramblertoolbarU0.dll/planet.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
FF — ProfilePath — c:documents and settingsКристинаApplication DataMozillaFirefoxProfiles206vs1co.default
FF — prefs.js: browser.search.selectedEngine — ICQ Search
FF — prefs.js: keyword.URL — hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF — component: c:program filesMozilla Firefoxcomponentsxpinstal.dll
FF — component: c:program filesRealRealPlayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 17:11
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2492)
c:windowssystem32WININET.dll
c:program filesABBYY Lingvo 12LvHook.dll
c:windowssystem32webcheck.dll
.
Other Running Processes
.
c:program filesINTELWIRELESSBINEVTENG.EXE
c:program filesINTELWIRELESSBINS24EVMON.EXE
c:program filesALWIL SOFTWAREAVAST4ASWUPDSV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHSERV.EXE
c:program filesCOMMON FILESAPPLEMOBILE DEVICE SUPPORTBINAPPLEMOBILEDEVICESERVICE.EXE
c:program filesCOMMON FILESMICROSOFT SHAREDVS7DEBUGMDM.EXE
c:windowsSYSTEM32NVSVC32.EXE
c:program filesINTELWIRELESSBINREGSRVC.EXE
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:windowsATK0100ATKOSD.exe
c:windowsSYSTEM32ACENGSVR.EXE
c:progra~1IntelWirelessBinDot1XCfg.exe
c:program filesALWIL SOFTWAREAVAST4ASHDISP.EXE
c:program filesiPodbiniPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-20 17:16 — machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 13:16
ComboFix2.txt 2009-09-17 20:30Pre-Run: 18 836 209 664 байт свободно
Post-Run: 19 724 091 392 байт свободно212 — E O F — 2009-09-09 23:01
ComboFix 09-09-16.05 — Кристина 18.09.2009 0:11.1.2 — FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1023.603 [GMT 4:00]
Running from: c:documents and settingsКристинаРабочий столComboFix.exe
Command switches used :: c:documents and settingsКристинаРабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsКристинаApplication DataMicrosoftClip Organizermstore10.mgc
c:documents and settingsКристинаApplication DataMicrosoftClip OrganizerOffic10.MGC
c:windows10039vir9z2f5.cpl
c:windows10fas59rse1583z.ocx
c:windows11045t9oz412.bin
c:windows1130z5orm291.bin
c:windows11470n5t-a-viru9z35.cpl
c:windows11564sz59fd.cpl
c:windows1158v9rus6z9.cpl
c:windows1179spamzot2d5.exe
c:windows11z5sparse2069.exe
c:windows122bthrza9280355.bin
c:windows125499zoj70.exe
c:windows125estzal2409.ocx
c:windows12797spambo5523z.bin
c:windows131znot-a9vi5us258.exe
c:windows135faddwzr9430.bin
c:windows13e59ir31z0.ocx
c:windows13z39virus354.ocx
c:windows13zestea92885.ocx
c:windows14265vizus900.dll
c:windows1459spam5otz79.dll
c:windows145ezir9422.cpl
c:windows14763nz9-a-virus57f5.bin
c:windows14946notza-vir5s497.dll
c:windows15055tr9j3zb.ocx
c:windows1508ztro930c.exe
c:windows15139n9t5a-virzs6a6.cpl
c:windows15209nzt-a-virus5cf.bin
c:windows15250t9ojzc75.ocx
c:windows1529zspy607.bin
c:windows153175acktozl769.exe
c:windows1539ztr9j585.exe
c:windows15512s9ambot65bz.exe
c:windows155azhreat104489.cpl
c:windows156z1spy5739.dll
c:windows156z2s9y564.cpl
c:windows15799virzs323.ocx
c:windows15814t9ojzd.cpl
c:windows15845v5rus9z4.exe
c:windows15z95rus6d6.cpl
c:windows16575iz17469.cpl
c:windows165915roz405.ocx
c:windows16945t59z6f2.dll
c:windows16964nzt-a-vi5us7b1.bin
c:windows17080not-a-virzs759.dll
c:windows17191notz5-vi9usc2.cpl
c:windows17355not-a-viru96ze.dll
c:windows17585zor935c.dll
c:windows17894spz1d75.dll
c:windows18849spam5o9z5.ocx
c:windows189z5hackto5l79d.cpl
c:windows19246ha9k5oolzdd.exe
c:windows192915ozm7c3.exe
c:windows19330tr5j29z.ocx
c:windows19397wo5m55cz.cpl
c:windows194cad5ware294z.bin
c:windows1959dow9loaderz327.exe
c:windows19658vzrus31e.dll
c:windows1977vzr5945.dll
c:windows19b6stez5859.dll
c:windows19d5zir694.ocx
c:windows19f69zck5oor2459.dll
c:windows19z9troj5f.ocx
c:windows1c98azdware251.ocx
c:windows1d97spar5e261z.dll
c:windows1db5threat5z94.ocx
c:windows1f9dzwnloader2598.cpl
c:windows1z335v9rus552.exe
c:windows1z55st9al5404.bin
c:windows1z719no9-a5virus2c0.bin
c:windows1z8b9hreat25941.bin
c:windows1z94sp9511.ocx
c:windows1zbavir958.cpl
c:windows20619spamzot5389.exe
c:windows209825orm16cz.dll
c:windows209885acktool53cz.ocx
c:windows209spywzre5197.cpl
c:windows2142tzo56d99.dll
c:windows2144nzt-a-5iru968c.exe
c:windows216755ot-z9virusf.bin
c:windows21705not-a-zi59s390.exe
c:windows2192backdooz5941.ocx
c:windows21za5teal399.cpl
c:windows2205zspy298.bin
c:windows22542s5am9oz1e5.ocx
c:windows229cspzw5re2180.cpl
c:windows230719pambot55z.dll
c:windows232z2not-a-vir9s3c85.cpl
c:windows232z8s5y3749.cpl
c:windows2353ad9zare122.bin
c:windows23dz9hreat12657.ocx
c:windows23f5dzwnloa9er18745.cpl
c:windows24100not-a-59rus6b1z.cpl
c:windows244z9not-a-virus7365.exe
c:windows24595spambotz94.exe
c:windows249295oz4a.exe
c:windows24d9spzrs5937.cpl
c:windows24z37s9ambot55d.bin
c:windows2536znot-a-virus1a9.exe
c:windows254daddwa9z992.bin
c:windows2554worm69z.dll
c:windows25579w5rmz919.ocx
c:windows25611w95m1z8.cpl
c:windows25612szam9ot450.bin
c:windows2562h9cktozl83.ocx
c:windows25645s9amzot4fa.cpl
c:windows2572thiefz956.bin
c:windows25854troz339.exe
c:windows2592zsp57b5.exe
c:windows2594znot-a-vi5us4c7.cpl
c:windows25950wzrm1da.dll
c:windows25b6steal5496z.bin
c:windows26198z9oje5.exe
c:windows26205t9oz28a.cpl
c:windows265fsp9rse1899z.cpl
c:windows26700v59zs72f.exe
c:windows26zast9al1159.dll
c:windows2702dzwnl5ader392.dll
c:windows279259ot-a-vi5us1ze.ocx
c:windows28464hackt9ol40z5.cpl
c:windows28502spamb9tz03.dll
c:windows290179pamb5t1z3.dll
c:windows290285ac9tzol1b7.exe
c:windows2912zpars52551.dll
c:windows29156wormz5a.ocx
c:windows29459hackzoo9345.exe
c:windows29555zacktool55a.bin
c:windows295aszeal15855.ocx
c:windows29609worz15d.exe
c:windows296z5spy6f4.bin
c:windows2976ztroj15.exe
c:windows29978hacktool559z.dll
c:windows2c3f5ir19z0.cpl
c:windows2cb9stealz0645.exe
c:windows2dz6addwa5e7419.ocx
c:windows2e55downzoa9er2686.exe
c:windows2f89addw5re3069z.dll
c:windows2fa9spyw9rz1165.dll
c:windows2z2aspa9se275.exe
c:windows2z5backdo5r1900.exe
c:windows2z695troj175.cpl
c:windows2z799sp5245.bin
c:windows2z916wo59e3.bin
c:windows301339o5-a-virus61ez.cpl
c:windows30947t9ojz3f5.exe
c:windows30z43ha5ktool139.cpl
c:windows30z7downlo9der3591.exe
c:windows310795py2az.ocx
c:windows3180baczd5or7699.ocx
c:windows31e9szyware656.ocx
c:windows32579trzj22e.ocx
c:windows32588spazbo955f.dll
c:windows326765pamzot2f9.dll
c:windows328eaddw9re5z2.ocx
c:windows3354spy9aze1151.dll
c:windows3394azdware9955.ocx
c:windows3398t5zeat24143.cpl
c:windows339zthreat47805.bin
c:windows33z1add9are5000.cpl
c:windows35367z9oj38c.ocx
c:windows35d7dowzl9ade52764.cpl
c:windows374dsp5rse9192z.cpl
c:windows3906backdo5r3z9.dll
c:windows3958thiez274.bin
c:windows3974v5rzs440.cpl
c:windows39e0spar5e9459z.dll
c:windows39faddware17z5.cpl
c:windows3c90viz5784.exe
c:windows3e9baddw5ze76.ocx
c:windows3z349spambo5d0.exe
c:windows3z3dthief2995.dll
c:windows3z755spy9f4.dll
c:windows3z85vi5us592.ocx
c:windows3zaa9ddware1541.cpl
c:windows402e5zarse6079.cpl
c:windows4125thie59097z.cpl
c:windows42a5ba9kdoorz090.bin
c:windows43f8ad5ware1z59.exe
c:windows4459wo9m4z5.cpl
c:windows4562v9ruz16e.dll
c:windows4579s9ywarez057.bin
c:windows4594h5cktozl72f.ocx
c:windows45b459ezl1447.dll
c:windows45b5spazs91995.cpl
c:windows45e9szeal194.bin
c:windows46a1d5w9loadez1465.cpl
c:windows46ezspars59241.cpl
c:windows4879d5znloader1049.dll
c:windows4883zpywa9e5991.dll
c:windows48c9stz5l1979.bin
c:windows4925spzware6625.exe
c:windows4954szarse2753.ocx
c:windows4997vizu92935.cpl
c:windows49bbzparse2995.cpl
c:windows49e0zi911955.ocx
c:windows49zaspy5are2086.dll
c:windows4a9695zrse104.ocx
c:windows4b04adzware5029.dll
c:windows4ddcz9ief1115.bin
c:windows4ffzstea915965.bin
c:windows4z259acktool1d6.dll
c:windows4z28thie52953.cpl
c:windows4z4spars59658.dll
c:windows4zf5vir2996.exe
c:windows4zfbthrea517429.bin
c:windows508z9r2494.ocx
c:windows51937vzru9ff.ocx
c:windows51de9zreat27895.cpl
c:windows5218th9efz574.exe
c:windows52562spyz9b9.exe
c:windows52609ddwarez586.dll
c:windows5349z9ormd7.ocx
c:windows5365hazktoo97be5.bin
c:windows542z7not-a-vir9s6e6.exe
c:windows5451addwa9ez120.cpl
c:windows54759spamz9t5d9.ocx
c:windows5499vzrus5165.exe
c:windows549csteal797z.ocx
c:windows54aebackdoor2z89.cpl
c:windows551z9parse958.exe
c:windows5532zhreat10934.ocx
c:windows5552s9eal2z54.dll
c:windows559caddwzre1570.dll
c:windows55cesp5wa9e480z.dll
c:windows55f5tzreat97687.cpl
c:windows55f9b5ck9oor5z1.ocx
c:windows56009iz56.dll
c:windows56439spy272z.cpl
c:windows56615zpambot295.bin
c:windows569virz254.dll
c:windows56dadownlo5d9r67z.bin
c:windows57east9al1417z.ocx
c:windows585cdow9zoader2321.bin
c:windows5869szy752.ocx
c:windows58afspywar91z6.ocx
c:windows59001wor96z3.bin
c:windows5900troz1e9.dll
c:windows5918s5yware24z8.exe
c:windows5929threat25335z.ocx
c:windows595ado9nzoader502.bin
c:windows595azddware2168.bin
c:windows5982trojz19.bin
c:windows5983bzck5oor1242.exe
c:windows5991s5azbot95.ocx
c:windows599zt5ief18399.bin
c:windows59z1st9al2163.ocx
c:windows5b29threat3z203.cpl
c:windows5b58d9wnloa5er2z90.cpl
c:windows5b74sz9rse2502.dll
c:windows5bz9backdoor1459.ocx
c:windows5bz9v9r2097.exe
c:windows5c94bac59oorz215.exe
c:windows5cc4downzoade92042.ocx
c:windows5d95addza9e559.bin
c:windows5dz8thief15549.ocx
c:windows5e57a9dwaze3126.dll
c:windows5e99tz5ef506.dll
c:windows5f0esparze937.cpl
c:windows5z89threat6577.cpl
c:windows5z9a5i9169.cpl
c:windows5za9ba5kdoo9939.cpl
c:windows5zc9vir12905.exe
c:windows6153threat2792z.cpl
c:windows61f2dow5loazer30689.cpl
c:windows6201zp9war5808.bin
c:windows6207spzr5e9776.cpl
c:windows645eszea51869.dll
c:windows64e8zd5ware1999.bin
c:windows64z7ad9ware552.cpl
c:windows655cd9wnloazer1735.ocx
c:windows6565thi9f179z.cpl
c:windows659z9hief927.bin
c:windows671ab5ckdoor169z.dll
c:windows6749spam5otz9.cpl
c:windows67519ot-a-zirus23d5.bin
c:windows6906vzr27995.exe
c:windows6920ste5l281z.exe
c:windows6a20down5oz9er2035.exe
c:windows6a989zyware1359.cpl
c:windows6b32z9eal1650.exe
c:windows6b51ad9warz3445.bin
c:windows6b94virz945.ocx
c:windows6e5th9eat20105z.dll
c:windows6e64steaz9995.exe
c:windows6eb8sp5zare6139.bin
c:windows6z17v5r249.dll
c:windows6z52down9oader978.dll
c:windows7098spzrse5258.cpl
c:windows71f5downloade9z061.exe
c:windows73595orm59z.ocx
c:windows74f5addw9rez896.cpl
c:windows751zspamb9tc35.ocx
c:windows7554tzo5369.dll
c:windows75d79zckdoor3056.cpl
c:windows75z7thi5f907.cpl
c:windows7619thiez365.bin
c:windows765fad5warz3290.cpl
c:windows7888thr5atz79.ocx
c:windows7908tzreat22525.exe
c:windows7954v5z709.dll
c:windows7955trzj505.dll
c:windows7980zroj2549.dll
c:windows799dbac5zoor2288.ocx
c:windows799dzteal5463.ocx
c:windows7b3bac9doo519z1.ocx
c:windows7ba2spyw5z91859.cpl
c:windows7ed05pzwa9e3081.exe
c:windows7ef195dwarez01.ocx
c:windows7z32s9eal527.bin
c:windows7z91w5rm6ed.dll
c:windows8099za5kt9ol95.dll
c:windows855dozn9oader2348.dll
c:windows8569zirus54c.exe
c:windows8574tr9z7b35.cpl
c:windows8574w9rz5a5.ocx
c:windows8776spamzo92a65.ocx
c:windows88z0w9rm1515.ocx
c:windows8b09parse1z235.cpl
c:windows8z9hacktool543.cpl
c:windows90458virus5zd.ocx
c:windows9053not-z-virus620.bin
c:windows90548szambot6a0.exe
c:windows9081z9y57f5.exe
c:windows90e7z5ckdoor1113.bin
c:windows91050nzt-a-vir5s665.ocx
c:windows91424zot-a-v5rus588.ocx
c:windows91z6spa5se877.dll
c:windows9243spywarz19935.bin
c:windows928spywarez945.dll
c:windows9295st5al1z1.dll
c:windows92eebackdooz6665.dll
c:windows93152virusedz.cpl
c:windows931v9r5z9.cpl
c:windows93384wormzac5.ocx
c:windows937bspyzare2559.cpl
c:windows93z5vir723.exe
c:windows9433hac9tool7f5z.exe
c:windows9531downloade57z8.dll
c:windows95ecsteal150z.cpl
c:windows96075ddware910z.ocx
c:windows9656zpy909.cpl
c:windows9659tro55z9.bin
c:windows970585py58z.cpl
c:windows97153nzt-a-virus124.dll
c:windows9728hazk5ool387.dll
c:windows9798spy570z.exe
c:windows9995virus3z15.dll
c:windows9995zpy5e5.cpl
c:windows99c6zte5l1006.cpl
c:windows9a9ad9warez577.dll
c:windows9f75zief2248.bin
c:windows9z457hacktool37.ocx
c:windows9z96sp5rse209.ocx
c:windowsb55threa915199z.bin
c:windowsc55baczdoor12569.bin
c:windowsc5cstzal9795.exe
c:windowsczsteal26559.ocx
c:windowsd4btzreat974375.exe
c:windowse03thr5az52729.bin
c:windowsfd5thi9fz10.bin
c:windowsfdf9z5ef607.bin
c:windowssystem3210095worz5d7.cpl
c:windowssystem3210443hacktzol1569.dll
c:windowssystem3210489wozm51c.cpl
c:windowssystem3210z72spambot5e9.dll
c:windowssystem32110095zrm24c.cpl
c:windowssystem321108z5orm190.exe
c:windowssystem32122z6virus965.exe
c:windowssystem32123579irus283z.cpl
c:windowssystem32125z6spambo9729.bin
c:windowssystem321328hack5ooz949.cpl
c:windowssystem32132virz5749.bin
c:windowssystem3213458sp95bot7z8.bin
c:windowssystem321355zvir9s599.cpl
c:windowssystem3213769vzrus695.bin
c:windowssystem321383downl9ade5146z.ocx
c:windowssystem3213988noz-a-v9ru551b.ocx
c:windowssystem3214499pywa5e2z8.bin
c:windowssystem32145zddware9360.cpl
c:windowssystem321495zparse1870.dll
c:windowssystem321509szeal1933.bin
c:windowssystem3215168szy995.ocx
c:windowssystem3215202vi9uszdc.dll
c:windowssystem32153829rzj47a.exe
c:windowssystem32156289py5fz5.cpl
c:windowssystem3215697not-a9vi5zs530.exe
c:windowssystem3215894vzr591cb.dll
c:windowssystem32158c5zwnlo9der849.exe
c:windowssystem3215900not5a-ziru9d9.exe
c:windowssystem3215906hzcktool93b.ocx
c:windowssystem3215baspywzr91059.ocx
c:windowssystem3215z85s9y152.bin
c:windowssystem3215z95not-a-virus6955.ocx
c:windowssystem32167z759ambot69e.cpl
c:windowssystem3216bfbaczdoo9459.ocx
c:windowssystem3217050vi9uz23c.bin
c:windowssystem321706zspa5bot559.dll
c:windowssystem3217606s9azbot55b.cpl
c:windowssystem32176czac59oor2093.exe
c:windowssystem32181559zrm6d9.ocx
c:windowssystem32190125irzs6299.cpl
c:windowssystem3219145z9a5bot1be.bin
c:windowssystem321940spyw59ez156.ocx
c:windowssystem32194235ackt9oz23c.exe
c:windowssystem3219494szy57f.dll
c:windowssystem3219498zp5c1.ocx
c:windowssystem321953spywaz51475.exe
c:windowssystem3219557zroj789.dll
c:windowssystem3219692spy59z5.dll
c:windowssystem3219d5addware1495z.bin
c:windowssystem321ad5spazs91937.ocx
c:windowssystem321c6d5wnloa9ez1967.bin
c:windowssystem321cz5backdoo59258.dll
c:windowssystem321cz5backdoor898.dll
c:windowssystem321d9195arsz2004.bin
c:windowssystem321z012not5a-vi9us4e7.ocx
c:windowssystem321z6659pambot535.cpl
c:windowssystem321z955spy39d9.exe
c:windowssystem322024t5oz694.dll
c:windowssystem3220505z9m385.exe
c:windowssystem3221059ziru55c9.exe
c:windowssystem3221830ha9kt5oz466.dll
c:windowssystem3221e3t5reat9909z.dll
c:windowssystem3222573not-z-virus379.cpl
c:windowssystem322299z9irus750.ocx
c:windowssystem3223261troj592z.exe
c:windowssystem3223511hzckt9o54f3.ocx
c:windowssystem3223555zpambot495.dll
c:windowssystem3223759spa59ot3z.dll
c:windowssystem3223778t9o523z.exe
c:windowssystem3223z4spyw5r9624.dll
c:windowssystem322498spy5are1310z.bin
c:windowssystem322500wo9m3z7.exe
c:windowssystem3225054not9a-zirus504.cpl
c:windowssystem32251z95py647.bin
c:windowssystem322529pyw5re1284z.bin
c:windowssystem32255629irus4z4.dll
c:windowssystem322556vz92971.exe
c:windowssystem322559thiez506.exe
c:windowssystem3225798hzc5tool5f4.exe
c:windowssystem32258thiefz0529.cpl
c:windowssystem32259779r5jz1b.dll
c:windowssystem3225f5zhre9t15598.bin
c:windowssystem32265zspywar515569.bin
c:windowssystem3226e8virz5229.cpl
c:windowssystem32276a5zie92915.bin
c:windowssystem3228221woz55569.exe
c:windowssystem3228599ackdooz313.ocx
c:windowssystem32290z7worm3575.cpl
c:windowssystem32293dt9zef2725.dll
c:windowssystem322949thr5at18826z.exe
c:windowssystem32294bt5iefz144.bin
c:windowssystem3229507wzrm559.cpl
c:windowssystem3229533spazbot4c5.ocx
c:windowssystem3229559tzoj4bb.bin
c:windowssystem32295z5virus420.exe
c:windowssystem3229945trzj61.cpl
c:windowssystem3229990not-azvi5us79d.exe
c:windowssystem3229995spambzt1cb5.dll
c:windowssystem3229z99troj59d5.cpl
c:windowssystem322a8z9ir23455.bin
c:windowssystem322b9ethief1755z.exe
c:windowssystem322ce3vi5z7549.ocx
c:windowssystem322eadzpy95re223.ocx
c:windowssystem322ef59ddzare749.cpl
c:windowssystem322z059rm1b.dll
c:windowssystem322z25s9arse5144.ocx
c:windowssystem322z5309py58c.bin
c:windowssystem322z69threat8355.dll
c:windowssystem322z79a9dware2587.bin
c:windowssystem322z8559roj69d.dll
c:windowssystem322z919sp529.ocx
c:windowssystem322z922virus4f5.dll
c:windowssystem3230265zroj690.ocx
c:windowssystem3230555virus9ez.ocx
c:windowssystem3230790n5tza-vi9us322.ocx
c:windowssystem323096viruz1245.bin
c:windowssystem32309este9z30005.ocx
c:windowssystem3231053no9-a-zirus15a.cpl
c:windowssystem3231885spz9bot541.dll
c:windowssystem323234t59eat2505z.dll
c:windowssystem3232658hacktozl479.dll
c:windowssystem3232990vi5zs3ec.dll
c:windowssystem3232z5download9r83.exe
c:windowssystem3233149zcktool5d3.bin
c:windowssystem32345zbackdo9r1861.cpl
c:windowssystem3234b5steal27z69.bin
c:windowssystem32351z9virus5f8.ocx
c:windowssystem3235559pazse1169.cpl
c:windowssystem3235czth9ef2206.dll
c:windowssystem323645t9iez1234.cpl
c:windowssystem323733w5rm5z9.bin
c:windowssystem323779vi92815z.bin
c:windowssystem323785zot9a-virus246.exe
c:windowssystem323832d9wnloa5er53z.bin
c:windowssystem3238b1sp5w9rz3036.cpl
c:windowssystem323911downlza95r2345.ocx
c:windowssystem3239a0spa9s5534z.bin
c:windowssystem3239a1sparze25435.exe
c:windowssystem3239a1vzr5594.cpl
c:windowssystem323bc8thief15z9.bin
c:windowssystem323c18b5ckd9or2478z.ocx
c:windowssystem323e3eth9ef27z5.exe
c:windowssystem323eafvi9z045.dll
c:windowssystem323ebzvi59668.dll
c:windowssystem323fazvir2895.exe
c:windowssystem323fczvi59589.dll
c:windowssystem323z59th9ef327.bin
c:windowssystem323z7a5ddware519.exe
c:windowssystem32404zstea518629.cpl
c:windowssystem3241579pywarez550.ocx
c:windowssystem3241a9za5kdoo91542.exe
c:windowssystem324305szyw9re16235.ocx
c:windowssystem324399hacktooz5859.cpl
c:windowssystem3243d1ste5l957z.cpl
c:windowssystem324455zirus75d9.dll
c:windowssystem324554szyware2964.ocx
c:windowssystem32459spar9z733.bin
c:windowssystem3245b6zp9ware393.exe
c:windowssystem3246315z9eat865.bin
c:windowssystem3248049r5jz85.bin
c:windowssystem324847v9r8z5.bin
c:windowssystem3249015ot-a-zir9s553.dll
c:windowssystem324968tr9j4z25.dll
c:windowssystem324974threaz9590.exe
c:windowssystem324999addwa5e56z.ocx
c:windowssystem3249azthief1569.ocx
c:windowssystem324ab15tea9795z.bin
c:windowssystem324dc9sparse235z.exe
c:windowssystem324e85vir1963z.dll
c:windowssystem324f759hreat25z75.dll
c:windowssystem324f96zpyware1756.exe
c:windowssystem324fa9zt5al4999.ocx
c:windowssystem324z3v5r26769.cpl
c:windowssystem325091vzr1405.exe
c:windowssystem3250e9virz596.dll
c:windowssystem3250z9v5rus449.cpl
c:windowssystem325103thrzat91255.dll
c:windowssystem3251099zpy5a5.dll
c:windowssystem325150z9py298.cpl
c:windowssystem325199hzcktool635.exe
c:windowssystem32520thie9z316.cpl
c:windowssystem32526cst5al3z19.dll
c:windowssystem325277n9z5a-virus2db.bin
c:windowssystem325294hzck9ool6c95.ocx
c:windowssystem3252fdadzware9051.dll
c:windowssystem3252zd5hre9t8209.bin
c:windowssystem3253949wzrma.bin
c:windowssystem3254198not-a-virusze9.ocx
c:windowssystem325425sz9696.ocx
c:windowssystem3254489p5waze88.cpl
c:windowssystem325496tro9bz.ocx
c:windowssystem32552fdownl5aderz859.cpl
c:windowssystem32554zsparse12619.bin
c:windowssystem325564szam9ot3c7.cpl
c:windowssystem325574spywa5929z7.cpl
c:windowssystem325594bazkdoor2008.dll
c:windowssystem3255a2sp5rs9z131.exe
c:windowssystem3255ez5ddware1895.dll
c:windowssystem325639spa9sz2858.dll
c:windowssystem3256902zirus9ee.bin
c:windowssystem3256a1addware4z89.cpl
c:windowssystem32570zback9oor5187.cpl
c:windowssystem3258765notza-viru960d.cpl
c:windowssystem32588n5t-a9viruz5e9.bin
c:windowssystem3258d19zeal346.dll
c:windowssystem3258z7w9r585.dll
c:windowssystem325907sparze992.bin
c:windowssystem325951zhreat15039.ocx
c:windowssystem325a0ds5ezl5759.cpl
c:windowssystem325afes9eal155z.bin
c:windowssystem325b29sz95are2016.ocx
c:windowssystem325b5asparze2792.ocx
c:windowssystem325b68stz9l2550.exe
c:windowssystem325b90virz0885.exe
c:windowssystem325b92steal2z33.exe
c:windowssystem325c95tzi9f588.ocx
c:windowssystem325d18thzea5216569.cpl
c:windowssystem325eb99hrea52505z.dll
c:windowssystem325f12backdo9r318z.dll
c:windowssystem325f35b9ckdoorz849.ocx
c:windowssystem325z193vir9s2f7.bin
c:windowssystem325z27spywa9e1884.ocx
c:windowssystem325z9athief1548.dll
c:windowssystem32607dthzef9055.cpl
c:windowssystem3260eb95arsz427.bin
c:windowssystem32639zspa5s9629.exe
c:windowssystem32641dzhi5f2983.ocx
c:windowssystem326553zirus95.dll
c:windowssystem32657zpambo9721.bin
c:windowssystem32658atzre9t25342.ocx
c:windowssystem3265c4downloadez9956.exe
c:windowssystem3266539z5eat7112.exe
c:windowssystem32666aaddw5re290z.ocx
c:windowssystem32689azpyware3055.exe
c:windowssystem3269z3thief2051.bin
c:windowssystem3269zbackdoor1052.dll
c:windowssystem326a36tz59at19144.exe
c:windowssystem326a6zdownl9a5er1955.cpl
c:windowssystem326aad59r25z1.ocx
c:windowssystem326b05down5z9der2427.dll
c:windowssystem326c79backd5or255z.cpl
c:windowssystem326d5bac9doorz959.dll
c:windowssystem326d69tzreat920025.ocx
c:windowssystem326e9espywarz17715.exe
c:windowssystem326f1f5ackdoor32z69.ocx
c:windowssystem326f305hze9t31966.exe
c:windowssystem326f36st9al157z.cpl
c:windowssystem326fz2b5ckdo9r2794.dll
c:windowssystem326z1threat59548.bin
c:windowssystem327081v9ruz534.ocx
c:windowssystem327088notza-vi95s3bb.exe
c:windowssystem3271b2spywa5z729.cpl
c:windowssystem3274c1t5izf2897.bin
c:windowssystem3274zdste9l1305.cpl
c:windowssystem327569back5oor151z.ocx
c:windowssystem327574hzcktool2c9.bin
c:windowssystem327576threzt12291.cpl
c:windowssystem32759bthze92851.ocx
c:windowssystem3277495acktooz46d.bin
c:windowssystem327799thiez532.bin
c:windowssystem32779edownlozde51375.exe
c:windowssystem3278f9pywzr51980.cpl
c:windowssystem327952thzea94092.cpl
c:windowssystem327965addwarz2025.ocx
c:windowssystem3279cdvir2521z.bin
c:windowssystem3279zespa5se984.ocx
c:windowssystem327a05th5zf209.ocx
c:windowssystem327aa5oznload9r1102.ocx
c:windowssystem327b895pywarez992.ocx
c:windowssystem327d2dth95f2z54.cpl
c:windowssystem327e49downlozd5r9028.exe
c:windowssystem327f59zir1259.cpl
c:windowssystem327f5bdownloaze93538.exe
c:windowssystem327f73do9n5oazer2669.bin
c:windowssystem327za8back9oor21005.dll
c:windowssystem328253spazbot29f.exe
c:windowssystem32849zsp52e9.exe
c:windowssystem328884s5zmbo9514.bin
c:windowssystem328f9dow5loader30z1.bin
c:windowssystem328z04t95j4ff.ocx
c:windowssystem328z91not-a9virus5dd.bin
c:windowssystem3290z90virus1955.bin
c:windowssystem3291ect5rzat23444.dll
c:windowssystem3292097worm5z9.ocx
c:windowssystem32922fa5zware485.cpl
c:windowssystem3292756vizus3f5.cpl
c:windowssystem3292b9threaz25096.exe
c:windowssystem3292d0sze5l730.exe
c:windowssystem32930dowzl5ad9r2935.bin
c:windowssystem32935back9zor706.dll
c:windowssystem3294e0thief19z5.exe
c:windowssystem329503wo5z61e.ocx
c:windowssystem32950zthreat20556.ocx
c:windowssystem3295523ha5ktooz7cf.ocx
c:windowssystem329565oznloader629.exe
c:windowssystem329585ztroj5165.cpl
c:windowssystem3295bthief7z5.exe
c:windowssystem3295e6zir288.cpl
c:windowssystem3295z9troj655.dll
c:windowssystem3296ddowzl5ader1172.dll
c:windowssystem3296fd5tezl2302.exe
c:windowssystem329712no95z-virus19e.ocx
c:windowssystem3297cstezl1655.dll
c:windowssystem329865hackzool1459.bin
c:windowssystem3299897troj55bz.ocx
c:windowssystem3299dsparze9158.bin
c:windowssystem3299fba9kzoor5642.bin
c:windowssystem329adast5al4z9.exe
c:windowssystem329cb5steal1z65.ocx
c:windowssystem329ec35azkdoor3015.dll
c:windowssystem329f05vir4z8.bin
c:windowssystem329z9spyware1590.bin
c:windowssystem329za55ddware549.cpl
c:windowssystem32a07dzwnloader25579.exe
c:windowssystem32a08sza9se2353.dll
c:windowssystem32d5zthr9at20.dll
c:windowssystem32dz29teal215.dll
c:windowssystem32e92azdware27555.bin
c:windowssystem32f7dtzreat209795.bin
c:windowssystem32f9zsparse1592.cpl
c:windowssystem32z1189virus3965.exe
c:windowssystem32z1484worm954.exe
c:windowssystem32z1cathre5923399.ocx
c:windowssystem32z22355roj18a9.cpl
c:windowssystem32z359a9dw5re1106.cpl
c:windowssystem32z3b7thi9f1650.bin
c:windowssystem32z5659spy7a5.ocx
c:windowssystem32z595hacktool83.dll
c:windowssystem32z5f1ste5l1796.dll
c:windowssystem32z61619acktool454.dll
c:windowssystem32z7544tro9555.cpl
c:windowssystem32z9636not-a-vir5s3ce.exe
c:windowssystem32z979h5ck9ool6fb.ocx
c:windowssystem32za95backdo5r2989.cpl
c:windowssystem32zf23thie9511.ocx
c:windowswiaservb.log
c:windowswiaserviv.log
c:windowsz0959h5cktool339.exe
c:windowsz1249spy985.cpl
c:windowsz1719s5y2d0.dll
c:windowsz1edv591102.ocx
c:windowsz27fv5r2891.exe
c:windowsz3065teal999.ocx
c:windowsz3399not-a5vir9s2a4.cpl
c:windowsz427addw9re5205.bin
c:windowsz440th9eat25689.dll
c:windowsz5031sp9mbot1a5.dll
c:windowsz5474t9o51ce.dll
c:windowsz549st9al2597.ocx
c:windowsz7552troj59a.ocx
c:windowsz7585troj95e.dll
c:windowsz8765spy3839.cpl
c:windowsz954backdoor1008.bin
c:windowszdb2v5r993.ocx
D:AUTORUN.INF.
((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.2009-09-17 14:57 . 2009-09-17 14:57
d
w- c:program filestrend micro
2009-09-17 14:57 . 2009-09-17 14:57
d
w- C:rsit
2009-09-16 22:54 . 2009-08-17 16:04 51376 —-a-w- c:windowssystem32driversaswTdi.sys
2009-09-16 22:54 . 2009-08-17 16:04 23152 —-a-w- c:windowssystem32driversaswRdr.sys
2009-09-16 22:54 . 2009-08-17 16:03 26944 —-a-w- c:windowssystem32driversaavmker4.sys
2009-09-16 22:54 . 2009-08-17 16:02 97480 —-a-w- c:windowssystem32AvastSS.scr
2009-09-16 22:54 . 2009-08-17 16:05 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2009-09-16 22:54 . 2009-08-17 16:06 93392 —-a-w- c:windowssystem32driversaswmon.sys
2009-09-16 22:54 . 2009-08-17 16:06 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2009-09-16 22:54 . 2009-08-17 16:05 114768 —-a-w- c:windowssystem32driversaswSP.sys
2009-09-16 22:53 . 2009-08-17 16:10 1279456 —-a-w- c:windowssystem32aswBoot.exe
2009-09-16 22:53 . 2009-09-16 22:53
d
w- c:program filesAlwil Software
2009-09-16 21:27 . 2008-12-11 04:38 159600 —-a-w- c:windowssystem32driverspctgntdi.sys
2009-09-16 21:26 . 2009-09-16 21:26
d
w- c:documents and settingsAll UsersApplication DataTEMP
2009-09-16 21:26 . 2009-09-16 21:49 206256 —-a-w- c:windowssystem32driversPCTCore.sys
2009-09-16 21:26 . 2008-12-18 07:16 73840 —-a-w- c:windowssystem32driversPCTAppEvent.sys
2009-09-16 21:26 . 2009-09-16 21:26
d
w- c:program filesCommon FilesPC Tools
2009-09-16 21:26 . 2008-12-10 07:36 64392 —-a-w- c:windowssystem32driverspctplsg.sys
2009-09-16 21:26 . 2009-09-16 21:26
d
w- c:program filesSpyware Doctor
2009-09-16 21:26 . 2009-09-16 21:26
d
w- c:documents and settingsAll UsersApplication DataPC Tools
2009-09-16 21:26 . 2009-09-16 21:26
d
w- c:documents and settingsКристинаApplication DataPC Tools
2009-09-16 20:17 . 2009-09-16 20:17
d
w- c:documents and settingsКристинаApplication DataMalwarebytes
2009-09-16 20:16 . 2009-09-10 10:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-16 20:16 . 2009-09-16 20:16
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-09-16 20:16 . 2009-09-10 10:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-09-16 20:16 . 2009-09-16 20:16
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-09-16 19:49 . 2009-09-16 19:49 467456 —-a-w- c:windowssystem32gswinva6.exe
2009-09-11 16:00 . 2009-09-11 16:00
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2009-09-09 12:58 . 2009-06-21 21:48 153088
w- c:windowssystem32dllcachetriedit.dll
2009-09-08 18:17 . 2009-09-08 18:17
d-sh—w- c:documents and settingsКристинаPrivacIE
2009-09-08 18:00 . 2009-09-08 18:00
d-sh—w- c:documents and settingsКристинаIETldCache
2009-09-08 17:56 . 2009-09-08 17:56
d
w- c:windowsie8updates
2009-09-08 17:54 . 2009-09-08 17:54
d—h—w- c:windowsie8
2009-09-08 17:54 . 2009-09-08 17:54
d
w- c:program filesMicrosoft Silverlight
2009-09-08 17:53 . 2009-09-08 17:53
d—h—w- c:windowsmsdownld.tmp
2009-09-08 17:47 . 2009-08-07 08:48 100352
w- c:windowssystem32dllcacheiecompat.dll
2009-09-08 17:47 . 2009-07-03 17:00 55296
w- c:windowssystem32dllcachemsfeedsbs.dll
2009-09-08 17:47 . 2009-07-03 17:00 246272
w- c:windowssystem32dllcacheieproxy.dll
2009-09-08 17:47 . 2009-07-03 17:00 12800
w- c:windowssystem32dllcachexpshims.dll
2009-09-08 17:47 . 2009-07-03 17:00 1985536
w- c:windowssystem32dllcacheiertutil.dll
2009-09-08 17:47 . 2009-07-03 17:00 594432
w- c:windowssystem32dllcachemsfeeds.dll
2009-09-01 14:26 . 2009-07-10 13:28 1315328
w- c:windowssystem32dllcachemsoe.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 21:49 . 2009-09-16 21:49 7396 —-a-w- c:windowssystem32driverspctcore.cat
2009-08-05 09:01 . 2004-09-22 13:51 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesCommon Filesxing shared
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesCommon FilesReal
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesReal
2009-07-17 19:03 . 2004-09-22 13:50 58880 —-a-w- c:windowssystem32atl.dll
2009-07-13 08:21 . 2004-09-22 13:51 49750 —-a-w- c:windowssystem32perfc019.dat
2009-07-13 08:21 . 2004-09-22 13:51 346690 —-a-w- c:windowssystem32perfh019.dat
2009-07-12 08:21 . 2004-09-22 13:51 233472 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-03 17:00 . 2004-09-22 13:51 915456 —-a-w- c:windowssystem32wininet.dll
2009-06-25 08:27 . 2004-09-22 13:51 54272 —-a-w- c:windowssystem32wdigest.dll
2009-06-25 08:27 . 2004-09-22 13:51 56832 —-a-w- c:windowssystem32secur32.dll
2009-06-25 08:27 . 2004-09-22 13:51 147456 —-a-w- c:windowssystem32schannel.dll
2009-06-25 08:27 . 2004-09-22 13:51 136192 —-a-w- c:windowssystem32msv1_0.dll
2009-06-25 08:27 . 2004-09-22 13:51 732160 —-a-w- c:windowssystem32lsasrv.dll
2009-06-25 08:27 . 2004-09-22 13:51 301568 —-a-w- c:windowssystem32kerberos.dll
2009-06-24 11:18 . 2004-09-22 13:51 92928 —-a-w- c:windowssystem32driversksecdd.sys
2008-12-07 23:00 . 2008-12-07 22:59 2788800 —-a-w- c:program filesFLV PlayerFCSetup.exe
2008-12-07 22:59 . 2008-12-07 22:58 8320728 —-a-w- c:program filesFLV PlayerRCATSetup.exe
2008-12-07 22:55 . 2008-12-07 22:54 20938728 —-a-w- c:program filesFLV PlayerRCSetup.exe
2009-01-13 22:36 . 2006-12-26 11:22 67688 —-a-w- c:program filesmozilla firefoxcomponentsjar50.dll
2009-01-13 22:36 . 2006-12-26 11:22 54368 —-a-w- c:program filesmozilla firefoxcomponentsjsd3250.dll
2009-01-13 22:36 . 2006-12-26 11:22 46712 —-a-w- c:program filesmozilla firefoxcomponentsspellchk.dll
2009-01-13 22:36 . 2006-12-26 11:22 34944 —-a-w- c:program filesmozilla firefoxcomponentsmyspell.dll
2009-01-13 22:36 . 2006-12-26 11:22 172136 —-a-w- c:program filesmozilla firefoxcomponentsxpinstal.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-04-16 24264488]
«gswinva6.exe»=»c:windowssystem32gswinva6.exe» [2009-09-16 467456]
«Tutor.exe»=»c:program filesABBYY Lingvo 12Tutor.exe» [2006-12-13 987136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HControl»=»c:windowsATK0100HControl.exe» [2006-04-17 110592]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-03-16 7561216]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-03-16 86016]
«ASUS Live Update»=»c:program filesASUSASUS Live UpdateALU.exe» [2006-02-21 180224]
«Wireless Console 2″=»c:program filesWireless Console 2wcourier.exe» [2005-10-17 987136]
«ATKMEDIA»=»c:program filesASUSATK MediaDMEDIA.EXE» [2006-02-15 49152]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2006-05-25 786521]
«ABLKSR»=»c:windowsABLKSRABLKSR.exe» [2006-01-02 61440]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«ACMON»=»c:program filesASUSSplendidACMON.exe» [2006-02-21 17920]
«IntelZeroConfig»=»c:program filesIntelWirelessbinZCfgSvc.exe» [2006-04-14 667718]
«IntelWireless»=»c:program filesIntelWirelessBinifrmewrk.exe» [2006-04-14 602182]
«EOUApp»=»c:program filesIntelWirelessBinEOUWiz.exe» [2006-04-14 569413]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2003-12-12 33792]
«EPSON Stylus Photo R220 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_FATIAIE.EXE» [2005-03-09 98304]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2006-11-12 157592]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2006-12-13 258048]
«QuickTime Task»=»c:program filesK-Lite Codec PackQuickTimeqttask.exe» [2008-03-28 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2008-03-30 267048]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2009-07-28 198160]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2009-07-22 1181064]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-08-17 81000]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-03-16 1519616]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2006-05-04 16206848][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2006-12-26 278528]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-3-30 113664][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=»»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\UTORRENT.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Documents and Settings\Кристина\Рабочий стол\utorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [17.09.2009 1:26 206256]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [17.09.2009 2:54 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [17.09.2009 2:54 20560]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [17.09.2009 1:26 348752]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:windowssystem32driversSynMini.sys [17.10.2006 10:21 841110]
R3 SynScan;ASUS WebCam Still Image;c:windowssystem32driversSynScan.sys [17.10.2006 10:21 8278]
S2 gupdate1ca0f77dbc21edc;Служба Google Update (gupdate1ca0f77dbc21edc);c:program filesGoogleUpdateGoogleUpdate.exe [28.07.2009 15:37 133104]
S2 zblbgum;zblbgum;??c:windowssystem32driverszdqmyvdo.sys —> c:windowssystem32driverszdqmyvdo.sys [?]— Other Services/Drivers In Memory —
*NewlyCreated* — AAVMKER4
*NewlyCreated* — ASWFSBLK
*NewlyCreated* — ASWMON2
*NewlyCreated* — ASWRDR
*NewlyCreated* — ASWSP
*NewlyCreated* — ASWTDI
*NewlyCreated* — ASWUPDSV
*NewlyCreated* — AVAST!_ANTIVIRUS
*NewlyCreated* — AVAST!_MAIL_SCANNER
*NewlyCreated* — AVAST!_WEB_SCANNER
*Deregistered* — mchInjDrv
*Deregistered* — NAVENG
*Deregistered* — NAVEX15
*Deregistered* — SAVRT
*Deregistered* — SAVRTPEL
*Deregistered* — SPBBCDrv
*Deregistered* — SymEvent
*Deregistered* — SYMREDRV
.
Contents of the ‘Scheduled Tasks’ folder2009-07-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 10:57]2009-09-16 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-28 11:37]2009-09-17 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-28 11:37]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Опубликовать в Дневнике — c:program filesRambler AssistantramblertoolbarU0.dll/planet.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
FF — ProfilePath — c:documents and settingsКристинаApplication DataMozillaFirefoxProfiles206vs1co.default
FF — prefs.js: browser.search.selectedEngine — ICQ Search
FF — prefs.js: keyword.URL — hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF — component: c:program filesMozilla Firefoxcomponentsxpinstal.dll
FF — component: c:program filesRealRealPlayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
.
.
File Associations
.
inifile=%SystemRoot%System32NOTEPAD.EXE %1″
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-SMSERIAL — c:windowssm56hlpr.exe
Notify-NavLogon — (no file)
AddRemove-Adobe Acrobat 5.0 — c:windowsISUNINST.EXE -fc:program filesCommon FilesAdobeAcrobat 5.0NTUninst.isu
AddRemove-ShockwaveFlash — c:windowssystem32MacromedFlashFlashUtil9b.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 00:27
Windows 5.1.2600 Service Pack 3 FAT NTAPIdetected NTDLL code modification:
ZwClosescanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2009-09-17 0:29
ComboFix-quarantined-files.txt 2009-09-17 20:29Pre-Run: 16 914 481 152 байт свободно
Post-Run: 19 252 428 800 байт свободноWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Home Edition RU» /noexecute=optin /fastdetect944 — E O F — 2009-09-09 23:01
