- This topic has 23 ответа, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Теперь пожалуйста просканируйте компьютер используя Combofix и получившийся лог вставьте в ваше следующее сообщение.
ComboFix 09-01-15.01 — Наталия Новикова 2009-02-04 20:28:23.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.293 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Outdated)
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowsIE4 Error Log.txt
c:windowswiaserviv.log.
((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.2009-02-04 19:08 . 2009-02-04 19:08 107,888 —a—c— c:windowssystem32CmdLineExt.dll
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowssystem32AGEIA
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowsLastGood
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesCommon FilesWise Installation Wizard
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesAGEIA Technologies
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsAll Users.WINDOWSApplication DataActivision
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsНаталия НовиковаApplication DataActivision
2009-01-29 18:27 . 2009-01-29 18:27d—-c— c:program filesActivision
2009-01-29 16:20 . 2009-01-29 16:19 502,368 —a—c— c:windowssystem32driversamon.sys
2009-01-29 16:20 . 2009-01-29 16:19 274,432 —a—c— c:windowssystem32imon.dll
2009-01-19 23:42 . 2009-01-19 23:42d—-c— C:GameRival
2009-01-19 23:41 . 2009-01-19 23:41d—-c— c:program filesReflexiveArcade
2009-01-15 15:11 . 2009-01-15 15:11d—-c— c:documents and settingsAll Users.WINDOWSApplication DataNero
2009-01-10 06:52 . 2009-01-10 07:51d—-c— c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 06:49 . 2009-01-10 06:49d—-c— c:program filesK-Lite Codec Pack
2009-01-10 06:49 . 2006-05-25 00:47 3,596,288 —a—c— c:windowssystem32qt-dx331.dll
2009-01-10 06:49 . 2006-06-21 12:42 1,044,480 —a—c— c:windowssystem32libdivx.dll
2009-01-10 06:49 . 2006-04-20 16:00 856,064 —a—c— c:windowssystem32xvidcore.dll
2009-01-10 06:49 . 2006-07-03 23:40 620,180 —a—c— c:windowssystem32divx.dll
2009-01-10 06:49 . 2006-08-22 21:53 594,450 —a—c— c:windowssystem32x264vfw.dll
2009-01-10 06:49 . 2006-02-27 15:30 217,088 —a—c— c:windowssystem32xvidvfw.dll
2009-01-10 06:49 . 2006-06-21 12:42 200,704 —a—c— c:windowssystem32ssldivx.dll
2009-01-10 06:49 . 2006-05-25 00:46 200,704 —a—c— c:windowssystem32dtu100.dll
2009-01-10 06:49 . 2006-05-13 23:16 118,784 —a—c— c:windowssystem32ac3acm.acm
2009-01-10 06:49 . 2006-04-08 03:13 90,112 —a—c— c:windowssystem32dpl100.dll
2009-01-10 06:49 . 2006-07-05 20:02 5,120 —a—c— c:windowssystem32ff_vfw.dll
2009-01-10 06:49 . 2005-02-24 18:56 547 —a—c— c:windowssystem32ff_vfw.dll.manifest
2009-01-09 23:39 . 2009-01-09 23:39d—-c— C:_OTMoveIt
2009-01-04 23:40 . 2009-01-04 23:41d—-c— C:rsit
2009-01-04 23:40 . 2009-01-09 23:52d—-c— c:program filestrend micro .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 17:28
dc—-w c:program filesESET
2009-02-04 16:33
dc-h—w c:program filesInstallShield Installation Information
2009-01-20 15:06 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2009-01-20 15:06 103,736 -c—a-w c:windowssystem32PnkBstrB.exe
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2009-01-01 17:15
dc—-w c:program filesMalwarebytes’ Anti-Malware
2008-12-30 07:15 32,824 -c—a-w c:documents and settingsLocalService.NT AUTHORITY.000Application Data638097440.exe
2008-12-29 20:08
dc—-w c:program filesEnigma Software Group
2008-12-29 16:58
dc—-w c:program filesCommon FilesDownload Manager
2008-12-29 15:01
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-28 20:07 0 -c—a-w c:windowssystem32driversae9fec7d.sys
2008-12-28 20:07 0 -c—a-w c:windowssystem32drivers346d0bc6.sys
2008-12-28 19:12
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-24 12:20 50,960 -c—a-w c:documents and settingsLocalService.NT AUTHORITY.000Application Data850119343.exe
2008-12-03 15:40 66,872 -c—a-w c:windowssystem32PnkBstrA.exe
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
2008-11-24 16:04 606,848 -c—a-w c:windowsflashax.exe
2008-11-24 16:04 194,560 -c—a-w c:windowsASUS_Ai_Proactive_Screensaver (E).scr
2008-11-24 16:04 12,288 -c—a-w c:windowsimpborl.dll
.((((((((((((((((((((((((((((( snapshot@2009-01-14_22.36.57,89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 16:03:07 68,608 -c—a-w c:windowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
+ 2009-02-04 16:03:16 72,192 -c—a-w c:windowsassemblyGAC_32ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
+ 2009-02-04 16:03:17 4,308,992 -c—a-w c:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
+ 2009-02-04 16:03:18 482,304 -c—a-w c:windowsassemblyGAC_32System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
+ 2009-02-04 16:03:13 2,878,976 -c—a-w c:windowsassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll
+ 2009-02-04 16:03:03 258,048 -c—a-w c:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
+ 2009-02-04 16:03:03 114,176 -c—a-w c:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
+ 2009-02-04 16:03:22 260,096 -c—a-w c:windowsassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
+ 2009-02-04 16:03:10 5,025,792 -c—a-w c:windowsassemblyGAC_32System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll
+ 2009-02-04 16:03:06 10,752 -c—a-w c:windowsassemblyGAC_MSILAccessibility2.0.0.0__b03f5f7f11d50a3aAccessibility.dll
+ 2009-02-04 16:03:03 503,808 -c—a-w c:windowsassemblyGAC_MSILAspNetMMCExt2.0.0.0__b03f5f7f11d50a3aAspNetMMCExt.dll
+ 2009-02-04 16:03:04 13,312 -c—a-w c:windowsassemblyGAC_MSILcscompmgd8.0.0.0__b03f5f7f11d50a3acscompmgd.dll
+ 2009-02-04 16:03:15 8,192 -c—a-w c:windowsassemblyGAC_MSILIEExecRemote2.0.0.0__b03f5f7f11d50a3aIEExecRemote.dll
+ 2009-02-04 16:03:15 36,864 -c—a-w c:windowsassemblyGAC_MSILIEHost2.0.0.0__b03f5f7f11d50a3aIEHost.dll
+ 2009-02-04 16:03:15 5,632 -c—a-w c:windowsassemblyGAC_MSILIIEHost2.0.0.0__b03f5f7f11d50a3aIIEHost.dll
+ 2009-02-04 16:03:05 413,696 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Engine2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Engine.dll
+ 2009-02-04 16:03:05 36,864 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Framework2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Framework.dll
+ 2009-02-04 16:03:05 647,168 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Tasks2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Tasks.dll
+ 2009-02-04 16:03:06 73,728 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Utilities2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Utilities.dll
+ 2009-02-04 16:03:04 745,472 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.JScript8.0.0.0__b03f5f7f11d50a3aMicrosoft.JScript.dll
+ 2009-02-04 16:03:24 110,592 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility.Data8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.Data.dll
+ 2009-02-04 16:03:24 372,736 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.dll
+ 2009-02-04 16:03:01 28,672 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Vsa.dll
+ 2009-02-04 16:03:23 667,648 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.dll
+ 2009-02-04 16:03:25 5,632 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualC8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualC.Dll
+ 2009-02-04 16:03:02 12,800 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Vsa.Vb.CodeDOMProcessor8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-02-04 16:03:02 32,768 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.dll
+ 2009-02-04 16:03:02 7,168 -c—a-w c:windowsassemblyGAC_MSILMicrosoft_VsaVb8.0.0.0__b03f5f7f11d50a3aMicrosoft_VsaVb.dll
+ 2009-02-04 16:03:20 110,592 -c—a-w c:windowsassemblyGAC_MSILsysglobl2.0.0.0__b03f5f7f11d50a3asysglobl.dll
+ 2009-02-04 16:03:07 81,920 -c—a-w c:windowsassemblyGAC_MSILSystem.Configuration.Install2.0.0.0__b03f5f7f11d50a3aSystem.Configuration.Install.dll
+ 2009-02-04 16:03:20 389,120 -c—a-w c:windowsassemblyGAC_MSILSystem.Configuration2.0.0.0__b03f5f7f11d50a3aSystem.configuration.dll
+ 2009-02-04 16:03:18 716,800 -c—a-w c:windowsassemblyGAC_MSILSystem.Data.SqlXml2.0.0.0__b77a5c561934e089System.Data.SqlXml.dll
+ 2009-02-04 16:03:04 884,736 -c—a-w c:windowsassemblyGAC_MSILSystem.Deployment2.0.0.0__b03f5f7f11d50a3aSystem.Deployment.dll
+ 2009-02-04 16:03:14 5,050,368 -c—a-w c:windowsassemblyGAC_MSILSystem.Design2.0.0.0__b03f5f7f11d50a3aSystem.Design.dll
+ 2009-02-04 16:03:08 188,416 -c—a-w c:windowsassemblyGAC_MSILSystem.DirectoryServices.Protocols2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.Protocols.dll
+ 2009-02-04 16:03:08 397,312 -c—a-w c:windowsassemblyGAC_MSILSystem.DirectoryServices2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.dll
+ 2009-02-04 16:03:09 81,920 -c—a-w c:windowsassemblyGAC_MSILSystem.Drawing.Design2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.Design.dll
+ 2009-02-04 16:03:22 700,416 -c—a-w c:windowsassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.dll
+ 2009-02-04 16:03:19 368,640 -c—a-w c:windowsassemblyGAC_MSILSystem.Management2.0.0.0__b03f5f7f11d50a3aSystem.Management.dll
+ 2009-02-04 16:03:22 258,048 -c—a-w c:windowsassemblyGAC_MSILSystem.Messaging2.0.0.0__b03f5f7f11d50a3aSystem.Messaging.dll
+ 2009-02-04 16:03:19 299,008 -c—a-w c:windowsassemblyGAC_MSILSystem.Runtime.Remoting2.0.0.0__b77a5c561934e089System.Runtime.Remoting.dll
+ 2009-02-04 16:03:19 131,072 -c—a-w c:windowsassemblyGAC_MSILSystem.Runtime.Serialization.Formatters.Soap2.0.0.0__b03f5f7f11d50a3aSystem.Runtime.Serialization.Formatters.Soap.dll
+ 2009-02-04 16:03:06 258,048 -c—a-w c:windowsassemblyGAC_MSILSystem.Security2.0.0.0__b03f5f7f11d50a3aSystem.Security.dll
+ 2009-02-04 16:03:09 114,688 -c—a-w c:windowsassemblyGAC_MSILSystem.ServiceProcess2.0.0.0__b03f5f7f11d50a3aSystem.ServiceProcess.dll
+ 2009-02-04 16:03:23 835,584 -c—a-w c:windowsassemblyGAC_MSILSystem.Web.Mobile2.0.0.0__b03f5f7f11d50a3aSystem.Web.Mobile.dll
+ 2009-02-04 16:03:10 86,016 -c—a-w c:windowsassemblyGAC_MSILSystem.Web.RegularExpressions2.0.0.0__b03f5f7f11d50a3aSystem.Web.RegularExpressions.dll
+ 2009-02-04 16:03:11 823,296 -c—a-w c:windowsassemblyGAC_MSILSystem.Web.Services2.0.0.0__b03f5f7f11d50a3aSystem.Web.Services.dll
+ 2009-02-04 16:03:11 5,316,608 -c—a-w c:windowsassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.dll
+ 2009-02-04 16:03:12 2,035,712 -c—a-w c:windowsassemblyGAC_MSILSystem.Xml2.0.0.0__b77a5c561934e089System.XML.dll
+ 2009-02-04 16:03:21 3,018,752 -c—a-w c:windowsassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.dll
+ 2009-02-04 16:19:29 26,624 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Accessibilityce97e30a1151174391787d49f570e207Accessibility.ni.dll
+ 2009-02-04 16:19:34 860,160 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32AspNetMMCExtee6bf282ef0e664f8541a2755af9859bAspNetMMCExt.ni.dll
+ 2009-02-04 16:19:35 237,568 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32CustomMarshalers8134401614e19b4a824218e529f986eaCustomMarshalers.ni.dll
+ 2009-02-04 16:19:34 15,360 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32dfsvcc3fdca1fcf8d9745a3e85c6c78438008dfsvc.ni.exe
+ 2009-02-04 16:19:38 880,640 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Eng#1e731cfc58a9bb429c2bc4fe23ea9346Microsoft.Build.Engine.ni.dll
+ 2009-02-04 16:19:38 81,920 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Fra#8252f72d077f2c4fadbf8f30a3117f10Microsoft.Build.Framework.ni.dll
+ 2009-02-04 16:19:43 1,691,648 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Tas#b24202b978c29d489319e716b18ec945Microsoft.Build.Tasks.ni.dll
+ 2009-02-04 16:19:45 163,840 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Uti#9d4d1ee605e16b40ad022090c08a64f1Microsoft.Build.Utilities.ni.dll
+ 2009-02-04 16:19:49 1,724,416 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.VisualBas#94d5d0de9dc52849ba272e6693298e79Microsoft.VisualBasic.ni.dll
+ 2009-02-04 16:04:02 11,415,552 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32mscorlib068c28baccba57429cb1517f69ed867bmscorlib.ni.dll
+ 2009-02-04 16:19:51 962,560 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Configuration0cb49a80e9e8654f830020b9c2c414b5System.Configuration.ni.dll
+ 2009-02-04 16:05:30 6,688,768 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Data81bdde0527c1d244b769dc8514f7271aSystem.Data.ni.dll
+ 2009-02-04 16:19:54 1,712,128 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Deployment9d0ee160b81b634094e4c8f826b79630System.Deployment.ni.dll
+ 2009-02-04 16:05:55 10,723,328 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Designa0fa8e633c28154ca0c00e9d86c3e825System.Design.ni.dll
+ 2009-02-04 16:19:56 1,220,608 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.DirectorySer#94fe140370e7a6429261df55acbb9a08System.DirectoryServices.ni.dll
+ 2009-02-04 16:19:58 512,000 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.DirectorySer#cbe4073b55eef94985758a955a17003cSystem.DirectoryServices.Protocols.ni.dll
+ 2009-02-04 16:04:30 229,376 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Drawing.Desi#4fc5f939ebb2644da1047318db09a9b6System.Drawing.Design.ni.dll
+ 2009-02-04 16:04:35 1,626,112 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Drawingbbc4e6248d9f8044acdfc93a183ae63fSystem.Drawing.ni.dll
+ 2009-02-04 16:20:00 659,456 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#14b65120f3fcb94a9507ae0c7190e17bSystem.EnterpriseServices.ni.dll
+ 2009-02-04 16:20:00 294,912 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#14b65120f3fcb94a9507ae0c7190e17bSystem.EnterpriseServices.Wrapper.dll
+ 2009-02-04 16:20:01 729,088 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Security7beb54a54ce5dd40a86d980070c97e4eSystem.Security.ni.dll
+ 2009-02-04 16:20:03 684,032 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Transactionse6fcff4fa0c3ea4eaedd09daf92297d9System.Transactions.ni.dll
+ 2009-02-04 16:20:35 2,310,144 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Web.Mobilea0f849181ed9f64da8e8d2ec7350fc82System.Web.Mobile.ni.dll
+ 2009-02-04 16:20:37 237,568 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Web.RegularE#80796faa3ca63e47a4562c7e13665468System.Web.RegularExpressions.ni.dll
+ 2009-02-04 16:20:41 1,945,600 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Web.Servicesa4a06b5390d2e34c9429761d541abc8bSystem.Web.Services.ni.dll
+ 2009-02-04 16:20:29 11,808,768 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Weba14f6fb205f4b84dbfc18b198b95896eSystem.Web.ni.dll
+ 2009-02-04 16:05:00 13,107,200 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms4f34d50b320ed841b4dcdfd2ea882957System.Windows.Forms.ni.dll
+ 2009-02-04 16:05:14 5,640,192 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Xmlf78201119fb37940aaa3a5ce89855931System.Xml.ni.dll
+ 2009-02-04 16:04:26 8,093,696 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System97498259280e884ca355004440b8a22cSystem.ni.dll
+ 2005-10-20 17:02:28 163,328 -c—a-w c:windowsERDNTsubsERDNT.EXE
+ 2009-01-15 12:15:01 25,214 -c—a-r c:windowsInstaller{99B2B571-53D7-47C3-835D-9A4EFF351049}ARPPRODUCTICON.exe
+ 2009-01-29 15:38:36 16,958 -c—a-r c:windowsInstaller{BDA6A019-2695-4AE1-88CE-EE7801BD41AA}ARPPRODUCTICON.exe
+ 2006-09-28 13:05:20 2,414,360 -c—a-w c:windowsLastGoodsystem32d3dx9_31.dll
+ 2007-04-04 15:53:42 81,768 -c—a-w c:windowsLastGoodsystem32xinput1_3.dll
+ 2005-09-23 04:28:52 72,704 -c—a-w c:windowsMicrosoft.NETFrameworkNETFXSBS10.exe
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_diasymreader.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_iehost.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_microsoft.jscript.dll
+ 2005-09-23 04:29:04 5,632 -c—a-w c:windowsMicrosoft.NETFrameworksbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_mscordbi.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_mscorrc.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_mscorsec.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_system.configuration.install.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_system.data.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_system.enterpriseservices.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_VsaVb7rt.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_wminet_utils.dll
+ 2005-09-23 04:28:52 7,680 -c—a-w c:windowsMicrosoft.NETFrameworksbscmp10.dll
+ 2005-09-23 04:28:56 7,680 -c—a-w c:windowsMicrosoft.NETFrameworksbscmp20_mscorwks.dll
+ 2005-09-23 04:28:58 7,680 -c—a-w c:windowsMicrosoft.NETFrameworksbscmp20_perfcounter.dll
+ 2005-09-23 04:28:56 7,680 -c—a-w c:windowsMicrosoft.NETFrameworkSharedReg12.dll
+ 2005-09-23 04:28:36 18,944 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033alinkui.dll
+ 2005-09-23 04:28:42 136,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033cscompui.dll
+ 2005-09-23 04:28:44 4,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033CvtResUI.dll
+ 2005-09-23 04:29:04 183,808 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033vbc7ui.dll
+ 2005-09-23 04:28:28 208,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033Vsavb7rtUI.dll
+ 2005-09-23 04:28:56 10,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Accessibility.dll
+ 2005-09-23 04:28:58 138,240 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727AdoNetDiag.dll
+ 2005-09-23 04:28:36 87,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727alink.dll
+ 2005-09-23 04:28:58 55,488 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727AppLaunch.exe
+ 2005-09-23 04:28:32 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_compiler.exe
+ 2005-09-23 04:28:32 10,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_filter.dll
+ 2005-09-23 04:28:32 8,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_isapi.dll
+ 2005-09-23 04:28:32 23,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Aspnet_perf.dll
+ 2005-09-23 04:28:32 70,656 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_rc.dll
+ 2005-09-23 04:28:32 13,824 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regbrowsers.exe
+ 2005-09-23 04:28:32 26,824 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe
+ 2005-09-23 04:28:32 106,496 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regsql.exe
+ 2005-09-23 04:28:32 29,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe
+ 2005-09-23 04:28:32 29,888 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_wp.exe
+ 2005-09-23 04:28:32 503,808 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727AspNetMMCExt.dll
+ 2005-09-23 04:28:56 106,496 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727CasPol.exe
+ 2005-09-23 04:28:56 88,576 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727CORPerfMonExt.dll
+ 2005-09-23 04:28:42 76,984 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727csc.exe
+ 2005-09-23 04:28:42 1,144,832 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727cscomp.dll
+ 2005-09-23 04:28:42 13,312 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727cscompmgd.dll
+ 2005-09-23 04:28:58 17,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Culture.dll
+ 2005-09-23 04:28:56 68,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727CustomMarshalers.dll
+ 2005-09-23 04:28:44 31,936 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727cvtres.exe
+ 2005-09-23 04:28:38 52,736 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727dfdll.dll
+ 2005-09-23 04:28:38 4,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727dfsvc.exe
+ 2005-09-23 04:29:12 547,840 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727diasymreader.dll
+ 2005-09-23 04:28:56 788,992 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727EventLogMessages.dll
+ 2005-09-23 04:28:50 9,216 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727fusion.dll
+ 2005-09-23 04:28:56 9,728 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IEExec.exe
+ 2005-09-23 04:28:56 8,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IEExecRemote.dll
+ 2005-09-23 04:28:56 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IEHost.dll
+ 2005-09-23 04:28:56 5,632 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IIEHost.dll
+ 2005-09-23 04:28:56 224,952 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ilasm.exe
+ 2005-09-23 04:28:56 28,672 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727InstallUtil.exe
+ 2005-09-23 04:28:56 55,296 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727InstallUtilLib.dll
+ 2005-09-23 04:28:56 72,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ISymWrapper.dll
+ 2005-09-23 04:28:48 40,960 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727jsc.exe
+ 2005-09-23 04:01:16 609,472 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
+ 2005-09-23 03:29:48 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1025.dll
+ 2005-09-23 03:32:24 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1028.dll
+ 2005-09-23 03:34:10 82,944 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1029.dll
+ 2005-09-23 03:34:12 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1030.dll
+ 2005-09-23 03:34:44 85,504 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1031.dll
+ 2005-09-23 03:36:24 87,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1032.dll
+ 2005-09-23 00:46:14 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1033.dll
+ 2005-09-23 03:38:26 81,408 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1035.dll
+ 2005-09-23 03:38:52 86,016 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1036.dll
+ 2005-09-23 03:40:30 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1037.dll
+ 2005-09-23 03:40:32 83,968 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1038.dll
+ 2005-09-23 03:40:56 84,480 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1040.dll
+ 2005-09-23 03:42:58 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1041.dll
+ 2005-09-23 03:44:58 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1042.dll
+ 2005-09-23 03:46:38 83,456 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1043.dll
+ 2005-09-23 03:46:38 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1044.dll
+ 2005-09-23 03:46:40 83,456 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1045.dll
+ 2005-09-23 03:47:04 82,432 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1046.dll
+ 2005-09-23 03:47:30 82,432 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1049.dll
+ 2005-09-23 03:47:32 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1053.dll
+ 2005-09-23 03:47:32 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1055.dll
+ 2005-09-23 03:30:18 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.2052.dll
+ 2005-09-23 03:47:06 84,480 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.2070.dll
+ 2005-09-23 03:29:50 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.3076.dll
+ 2005-09-23 03:36:48 85,504 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.3082.dll
+ 2005-09-23 04:57:06 245,408 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0unicows.dll
+ 2005-09-23 04:28:48 413,696 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Engine.dll
+ 2005-09-23 04:28:48 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Framework.dll
+ 2005-09-23 04:28:48 647,168 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Tasks.dll
+ 2005-09-23 04:28:48 73,728 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Utilities.dll
+ 2005-09-23 04:28:48 745,472 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.JScript.dll
+ 2005-09-23 04:29:10 110,592 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 04:29:10 372,736 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 04:29:08 667,648 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.dll
+ 2005-09-23 04:28:30 28,672 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 04:29:10 5,632 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualC.Dll
+ 2005-09-23 04:28:30 32,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Vsa.dll
+ 2005-09-23 04:28:30 12,800 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 04:28:30 7,168 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft_VsaVb.dll
+ 2005-09-23 04:28:32 87,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727MmcAspExt.dll
+ 2005-09-23 04:28:48 69,632 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727MSBuild.exe
+ 2005-09-23 04:28:56 800,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscordacwks.dll
+ 2005-09-23 04:28:56 73,216 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscordbc.dll
+ 2005-09-23 04:28:56 288,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscordbi.dll
+ 2005-09-23 04:28:56 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorie.dll
+ 2005-09-23 04:28:56 326,144 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorjit.dll
+ 2005-09-23 04:28:56 81,408 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorld.dll
+ 2005-09-23 04:28:56 4,308,992 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorlib.dll
+ 2005-09-23 04:28:56 102,400 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorpe.dll
+ 2005-09-23 04:29:00 330,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorrc.dll
+ 2005-09-23 04:28:56 67,072 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsec.dll
+ 2005-09-23 04:28:50 9,216 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsn.dll
+ 2005-09-23 04:28:56 226,816 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsvc.dll
+ 2005-09-23 04:28:56 66,240 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
+ 2005-09-23 04:28:56 10,240 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscortim.dll
+ 2005-09-23 04:28:50 5,615,616 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
+ 2005-09-23 04:29:00 22,528 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727MUI0409mscorsecr.dll
+ 2005-09-23 04:28:56 96,440 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ngen.exe
+ 2005-09-23 04:28:56 14,848 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727normalization.dll
+ 2005-09-23 04:28:56 78,336 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727PerfCounter.dll
+ 2005-09-23 04:28:50 136,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727peverify.dll
+ 2005-09-23 04:28:56 53,248 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727RegAsm.exe
+ 2005-09-23 04:28:56 32,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727RegSvcs.exe
+ 2005-09-23 04:29:02 59,072 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727regtlibv12.exe
+ 2005-09-23 04:28:58 7,680 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727sbscmp20_mscorlib.dll
+ 2005-09-23 04:28:56 107,520 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727shfusion.dll
+ 2005-09-23 04:29:00 85,504 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ShFusRes.dll
+ 2005-09-23 04:28:56 377,344 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727SOS.dll
+ 2005-09-23 04:28:56 110,592 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727sysglobl.dll
+ 2005-09-23 04:28:58 389,120 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.configuration.dll
+ 2005-09-23 04:28:56 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Configuration.Install.dll
+ 2005-09-23 04:28:56 2,878,976 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.dll
+ 2005-09-23 04:28:56 482,304 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.OracleClient.dll
+ 2005-09-23 04:28:56 716,800 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.SqlXml.dll
+ 2005-09-23 04:28:38 884,736 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Deployment.dll
+ 2005-09-23 04:28:56 5,050,368 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Design.dll
+ 2005-09-23 04:28:56 397,312 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.DirectoryServices.dll
+ 2005-09-23 04:28:56 188,416 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.DirectoryServices.Protocols.dll
+ 2005-09-23 04:28:56 3,018,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.dll
+ 2005-09-23 04:28:56 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Drawing.Design.dll
+ 2005-09-23 04:28:56 700,416 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Drawing.dll
+ 2005-09-23 04:28:56 258,048 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.dll
+ 2005-09-23 04:28:56 47,616 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.Thunk.dll
+ 2005-09-23 04:28:56 114,176 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 04:28:56 368,640 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Management.dll
+ 2005-09-23 04:28:56 258,048 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Messaging.dll
+ 2005-09-23 04:28:56 299,008 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Runtime.Remoting.dll
+ 2005-09-23 04:28:56 131,072 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 04:28:56 258,048 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Security.dll
+ 2005-09-23 04:28:56 114,688 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.ServiceProcess.dll
+ 2005-09-23 04:28:56 260,096 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Transactions.dll
+ 2005-09-23 04:28:56 5,025,792 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.dll
+ 2005-09-23 04:28:56 835,584 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.Mobile.dll
+ 2005-09-23 04:28:56 86,016 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.RegularExpressions.dll
+ 2005-09-23 04:28:56 823,296 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.Services.dll
+ 2005-09-23 04:28:56 5,316,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Windows.Forms.dll
+ 2005-09-23 04:28:56 2,035,712 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.XML.dll
+ 2005-09-23 04:28:56 71,680 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727TLBREF.DLL
+ 2005-09-23 04:29:06 1,140,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727vbc.exe
+ 2005-09-23 04:28:30 1,306,624 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727VsaVb7rt.dll
+ 2005-09-23 04:28:32 298,496 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727webengine.dll
+ 2005-09-23 04:28:56 28,160 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727WMINet_Utils.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelFrench.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelGerman.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelJapanese.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelKorean.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelPortugese.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelSimplifiedChinese.dll
+ 2007-07-23 06:03:32 53,248 -c—a-w c:windowssystem32AgCPanelSpanish.dll
+ 2007-07-23 06:03:32 53,248 -c—a-w c:windowssystem32AgCPanelSwedish.dll
+ 2007-07-23 06:03:32 53,248 -c—a-w c:windowssystem32AgCPanelTraditionalChinese.dll
+ 2007-07-24 05:20:06 207,405 -c—a-w c:windowssystem32AGEIAAG1011app.bin
+ 2007-05-16 05:42:42 122,249 -c—a-w c:windowssystem32AGEIAAG1011diag.bin
+ 2007-07-25 05:30:38 214,141 -c—a-w c:windowssystem32AGEIAAG1021app.bin
+ 2007-10-25 05:29:50 114,505 -c—a-w c:windowssystem32AGEIAAG1021diag.bin
+ 2005-09-23 04:28:38 83,456 -c—a-w c:windowssystem32dfshim.dll
— 2003-08-18 00:00:00 2,804,224 —-a-w c:windowssystem32dllcachemsi.dll
+ 2005-05-03 09:58:36 2,890,240 -c—a-w c:windowssystem32dllcachemsi.dll
— 2003-08-18 00:00:00 77,312 —-a-w c:windowssystem32dllcachemsiexec.exe
+ 2005-05-03 09:58:36 78,848 -c—a-w c:windowssystem32dllcachemsiexec.exe
— 2003-08-18 00:00:00 331,264 —-a-w c:windowssystem32dllcachemsihnd.dll
+ 2005-05-03 09:58:36 271,360 -c—a-w c:windowssystem32dllcachemsihnd.dll
— 2003-08-18 00:00:00 884,736 —-a-w c:windowssystem32dllcachemsimsg.dll
+ 2005-05-03 09:58:36 884,736 -c—a-w c:windowssystem32dllcachemsimsg.dll
— 2003-08-18 00:00:00 44,032 —-a-w c:windowssystem32dllcachemsisip.dll
+ 2005-05-03 09:58:36 15,360 -c—a-w c:windowssystem32dllcachemsisip.dll
+ 2005-08-15 08:08:26 5,888 -c—a-w c:windowssystem32driversimagedrv.sys
+ 2005-08-15 08:08:26 127,488 -c—a-w c:windowssystem32driversimagesrv.sys
+ 2007-09-13 04:43:00 120,320 -c—a-w c:windowssystem32DRVSTOREPhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4physX32.sys
+ 2004-07-26 13:16:10 1,568,768 -c—a-w c:windowssystem32imagX7.dll
+ 2004-07-26 13:16:10 476,320 -c—a-w c:windowssystem32imagXpr7.dll
+ 2004-07-26 13:16:10 262,144 -c—a-w c:windowssystem32imagXR7.dll
+ 2004-07-26 13:16:10 471,040 -c—a-w c:windowssystem32imagXRA7.dll
+ 2005-09-23 04:28:52 270,848 -c—a-w c:windowssystem32mscoree.dll
+ 2005-09-23 04:28:52 150,016 -c—a-w c:windowssystem32mscorier.dll
— 2003-08-18 00:00:00 2,804,224 —-a-w c:windowssystem32msi.dll
+ 2005-05-03 09:58:36 2,890,240 -c—a-w c:windowssystem32msi.dll
— 2003-08-18 00:00:00 77,312 —-a-w c:windowssystem32msiexec.exe
+ 2005-05-03 09:58:36 78,848 -c—a-w c:windowssystem32msiexec.exe
— 2003-08-18 00:00:00 331,264 —-a-w c:windowssystem32msihnd.dll
+ 2005-05-03 09:58:36 271,360 -c—a-w c:windowssystem32msihnd.dll
— 2003-08-18 00:00:00 884,736 —-a-w c:windowssystem32msimsg.dll
+ 2005-05-03 09:58:36 884,736 -c—a-w c:windowssystem32msimsg.dll
— 2003-08-18 00:00:00 44,032 —-a-w c:windowssystem32msisip.dll
+ 2005-05-03 09:58:36 15,360 -c—a-w c:windowssystem32msisip.dll
+ 2005-09-23 04:29:00 6,144 -c—a-w c:windowssystem32mui0409mscorees.dll
+ 2005-02-16 11:18:04 90,184 -c—a-w c:windowssystem32NeroCo.dll
+ 2005-09-23 04:28:56 32,768 -c—a-w c:windowssystem32netfxperf.dll
— 2008-12-19 15:43:02 51,260 —-a-w c:windowssystem32perfc009.dat
+ 2009-02-04 16:06:01 58,596 —-a-w c:windowssystem32perfc009.dat
— 2008-12-19 15:43:02 61,672 —-a-w c:windowssystem32perfc019.dat
+ 2009-02-04 16:06:01 70,134 —-a-w c:windowssystem32perfc019.dat
— 2008-12-19 15:43:02 336,916 —-a-w c:windowssystem32perfh009.dat
+ 2009-02-04 16:06:01 392,296 —-a-w c:windowssystem32perfh009.dat
— 2008-12-19 15:43:02 372,680 —-a-w c:windowssystem32perfh019.dat
+ 2009-02-04 16:06:01 432,488 —-a-w c:windowssystem32perfh019.dat
+ 2007-11-13 07:54:36 70,944 -c—a-w c:windowssystem32PhysXLoader.dll
+ 2004-07-09 05:43:56 364,544 -c—a-w c:windowssystem32TwnLib4.dll
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroBackItUp.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroMediaHome.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroShowTime.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroVision.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNRecode.exe
+ 2005-09-23 04:29:16 479,232 -c—a-w c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcm80.dll
+ 2005-09-23 04:29:16 548,864 -c—a-w c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcp80.dll
+ 2005-09-23 04:29:16 626,688 -c—a-w c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcr80.dll
+ 2009-02-04 16:03:03 258,048 -c—a-w c:windowsWinSxSx86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790System.EnterpriseServices.dll
+ 2009-02-04 16:03:03 114,176 -c—a-w c:windowsWinSxSx86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790System.EnterpriseServices.Wrapper.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-29 921600]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=
«d:\Ник\Binaries\FFOW.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2008-12-30 38496]
S4 CbEvtSvc;CbEvtSvc;c:windowsSystem32CbEvtSvc.exe -k netsvcs —> c:windowsSystem32CbEvtSvc.exe -k netsvcs [?]— Other Services/Drivers In Memory —
*NewlyCreated* — CLR_OPTIMIZATION_V2.0.50727_32
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windowssystem32imon.dll
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 20:29:46
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(632)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(688)
c:windowssystem32imon.dll
.
Completion time: 2009-02-04 20:31:01
ComboFix-quarantined-files.txt 2009-02-04 17:30:58
ComboFix2.txt 2009-01-21 05:07:52
ComboFix3.txt 2009-01-16 20:14:59
ComboFix4.txt 2009-01-14 19:43:24Pre-Run: 3 253 170 176 байт свободно
Post-Run: 3,650,789,376 байт свободно461 — E O F — 2009-01-04 04:03:06
Удалили файл руткита, осталось подчистить реестр.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
CbEvtSvc
NetSvc::
CbEvtSvcЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-02-14.01 — Наталия Новикова 2009-02-15 19:30:30.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.249 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаталия НовиковаРабочий столCFScript.txt
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsНаталия НовиковаApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus 2009.lnk
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsLocalService.NT AUTHORITY.000Application Data638097440.exe
c:documents and settingsLocalService.NT AUTHORITY.000Application Data850119343.exe
c:windowssystem32win32x.exe
c:windowssystem32wpv201229976527.cpx
c:windowssystem32wpv401229732545.cpx
c:windowssystem32wpv981229732464.cpx.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_CBEVTSVC
Legacy_WIN32X
Service_CbEvtSvc((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.2009-02-05 19:39 . 2009-02-05 20:09
d—-c— c:documents and settingsНаталия НовиковаApplication DataTMNT
2009-02-04 19:08 . 2009-02-04 19:08 107,888 —a—c— c:windowssystem32CmdLineExt.dll
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowssystem32AGEIA
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesCommon FilesWise Installation Wizard
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesAGEIA Technologies
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsAll Users.WINDOWSApplication DataActivision
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsНаталия НовиковаApplication DataActivision
2009-01-29 18:27 . 2009-01-29 18:27d—-c— c:program filesActivision
2009-01-29 16:20 . 2009-01-29 16:19 502,368 —a—c— c:windowssystem32driversamon.sys
2009-01-29 16:20 . 2009-01-29 16:19 274,432 —a—c— c:windowssystem32imon.dll
2009-01-19 23:42 . 2009-01-19 23:42d—-c— C:GameRival
2009-01-19 23:41 . 2009-01-19 23:41d—-c— c:program filesReflexiveArcade
2009-01-15 15:11 . 2009-01-15 15:11d—-c— c:documents and settingsAll Users.WINDOWSApplication DataNero .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 17:52
dc—-w c:program filesMalwarebytes’ Anti-Malware
2009-02-04 17:28
dc—-w c:program filesESET
2009-02-04 16:33
dc-h—w c:program filesInstallShield Installation Information
2009-01-20 15:06 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2009-01-10 04:51
dc—-w c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 03:49
dc—-w c:program filesK-Lite Codec Pack
2009-01-09 20:52
dc—-w c:program filestrend micro
2008-12-29 20:08
dc—-w c:program filesEnigma Software Group
2008-12-29 16:58
dc—-w c:program filesCommon FilesDownload Manager
2008-12-29 15:01
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-28 20:07 0 -c—a-w c:windowssystem32driversae9fec7d.sys
2008-12-28 20:07 0 -c—a-w c:windowssystem32drivers346d0bc6.sys
2008-12-28 19:12
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
2008-11-24 16:04 606,848 -c—a-w c:windowsflashax.exe
2008-11-24 16:04 194,560 -c—a-w c:windowsASUS_Ai_Proactive_Screensaver (E).scr
2008-11-24 16:04 12,288 -c—a-w c:windowsimpborl.dll
.((((((((((((((((((((((((((((( snapshot_2009-02-04_20.30.16,64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-24 12:25:25 65,448 -c—a-w c:windowssystem32driverspe3ajzsb.sys
+ 2007-03-24 12:25:02 52,152 -c—a-w c:windowssystem32driversps6ajzsb.sys
+ 2007-03-24 12:25:46 407,208 -c—a-w c:windowssystem32pr2ajzsb.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-29 921600]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=R0 pe3ajzsb;TMNT.Teenage Mutant Ninja Turtles Environment Driver (pe3ajzsb);c:windowssystem32driverspe3ajzsb.sys [2007-03-24 65448]
R0 ps6ajzsb;TMNT.Teenage Mutant Ninja Turtles Synchronization Driver (ps6ajzsb);c:windowssystem32driversps6ajzsb.sys [2007-03-24 52152]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
S2 pr2ajzsb;TMNT.Teenage Mutant Ninja Turtles Drivers Auto Removal (pr2ajzsb);c:windowssystem32pr2ajzsb.exe svc —> c:windowssystem32pr2ajzsb.exe svc [?]
S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys —> c:windowssystem32driversmbamswissarmy.sys [?][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}]
ShellAutoRuncommand — H:
ShellopenCommand — rundll32.exe .\nsdll.dll,InstallM
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windowssystem32imon.dll
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 19:35:49
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(648)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(704)
c:windowssystem32imon.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesESETnod32krn.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32ufdsvc.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-15 19:37:51 — machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 16:37:48
ComboFix2.txt 2009-02-04 17:31:02
ComboFix3.txt 2009-01-21 05:07:52
ComboFix4.txt 2009-01-16 20:14:59
ComboFix5.txt 2009-02-15 16:27:55Pre-Run: 3 547 168 768 байт свободно
Post-Run: 3,799,842,816 байт свободно174 — E O F — 2009-01-04 04:03:06
Лог выглядит нормально, за исключением одного ключа в реестре.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}]Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-02-24.02 — Наталия Новикова 2009-02-25 11:11:12.6 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.252 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаталия НовиковаРабочий столCFScript.txt
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.2009-02-21 16:14 . 2009-02-21 16:14
d—-c— c:program filesByte Software
2009-02-04 19:08 . 2009-02-04 19:08 107,888 —a—c— c:windowssystem32CmdLineExt.dll
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowssystem32AGEIA
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesCommon FilesWise Installation Wizard
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesAGEIA Technologies
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsAll Users.WINDOWSApplication DataActivision
2009-01-29 18:27 . 2009-01-29 18:27d—-c— c:program filesActivision
2009-01-29 16:20 . 2009-01-29 16:19 502,368 —a—c— c:windowssystem32driversamon.sys
2009-01-29 16:20 . 2009-01-29 16:19 274,432 —a—c— c:windowssystem32imon.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 07:01
dc—-w c:program filesCommon FilesInstallShield
2009-02-19 07:35
dc—-w c:program filestrend micro
2009-02-04 17:52
dc—-w c:program filesMalwarebytes’ Anti-Malware
2009-02-04 17:28
dc—-w c:program filesESET
2009-02-04 16:33
dc-h—w c:program filesInstallShield Installation Information
2009-01-20 15:06 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2009-01-20 15:06 103,736 -c—a-w c:windowssystem32PnkBstrB.exe
2009-01-19 20:41
dc—-w c:program filesReflexiveArcade
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2009-01-15 12:11
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataNero
2009-01-10 04:51
dc—-w c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 03:49
dc—-w c:program filesK-Lite Codec Pack
2008-12-29 20:08
dc—-w c:program filesEnigma Software Group
2008-12-29 16:58
dc—-w c:program filesCommon FilesDownload Manager
2008-12-29 15:01
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-28 20:07 0 -c—a-w c:windowssystem32driversae9fec7d.sys
2008-12-28 20:07 0 -c—a-w c:windowssystem32drivers346d0bc6.sys
2008-12-28 19:12
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-03 15:40 66,872 -c—a-w c:windowssystem32PnkBstrA.exe
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
.((((((((((((((((((((((((((((( snapshot_2009-02-04_20.30.16,64 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-01-09 20:49:03 188,200 -c—a-w c:windowssystem32FNTCACHE.DAT
+ 2009-02-19 15:12:50 192,976 -c—a-w c:windowssystem32FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-29 921600]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys —> c:windowssystem32driversmbamswissarmy.sys [?]
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windowssystem32imon.dll
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 11:13:19
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(632)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(688)
c:windowssystem32imon.dll
.
Completion time: 2009-02-25 11:14:31
ComboFix-quarantined-files.txt 2009-02-25 08:14:28
ComboFix2.txt 2009-02-15 16:37:53
ComboFix3.txt 2009-02-04 17:31:02
ComboFix4.txt 2009-01-21 05:07:52
ComboFix5.txt 2009-02-25 08:07:25Pre-Run: 3 500 556 288 байт свободно
Post-Run: 3,724,619,776 байт свободно121 — E O F — 2009-01-04 04:03:06
Вроде неплохо) Но я так понимаю, что никакой антивирус не гарантирует ибежания подобных проблем?
Очевидно, что если бы какой-то производитель антивирусов гарантировал 100% защиту, то он бы уже обанкротился 🙂
Несколько завершающих действий.
1. Обновите ваши программы.
Зайдите на сайт update.microsoft.com и обновите Windows.2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скавать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.3. Подойдите к защите вашего компьютера более серьёзно.
Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ.
Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую установить и использовать Оперу или Firefox.
4. Создайте новую точку восстановления и удалите все старые.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
5. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
