Созданные ответы форума
-
Сообщения
-
Том в устройстве F не имеет метки.
Серийный номер тома: 946D-5B6BСодержимое папки F:WINDOWSsystem32
2008-07-05 15:32 503,808 winlogon.exe
1 файлов 503,808 байтComboFix 09-01-04.01 — lena 2009-01-05 16:28:59.7 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.255.61 [GMT 3:00]
Running from: f:documents and settingslenaРабочий столComboFix.exe
Command switches used :: f:documents and settingslenaРабочий столCFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090104-0] *On-access scanning disabled* (Outdated)
* Created a new restore pointFILE ::
f:windowssystem32VIDEO.sys
f:windowssystem32vmmreg32.dll
f:windowsvmmreg32.dll
f:windowssystem32webmin — Whitelisted —
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.f:windowssystem32clrs.tmp
f:windowssystem32VIDEO.sys
f:windowssystem32vmmreg32.dll
f:windowsvmmreg32.dll
.
—- Previous Run
.
f:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
f:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
f:windowssystem32clrs.tmpf:windowssystem32winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_VIDEO
Service_VIDEO
Service_VIDEO((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.2009-01-04 13:50 . 2009-01-04 14:15
d
f:program filesPCStitch Pro 9
2009-01-04 13:50 . 2009-01-04 14:05d
f:documents and settingsAll UsersApplication DataPCStitch Pro
2009-01-04 13:49 . 2009-01-04 13:49d
f:documents and settingslenaApplication DataInstallShield
2008-12-27 20:58 . 2008-12-27 20:58d
F:_OTMoveIt
2008-12-27 17:25 . 2008-12-27 17:26d
F:rsit
2008-12-27 17:25 . 2008-12-27 21:23d
f:program filestrend micro
2008-12-26 10:04 . 2008-12-26 10:05 163,840 —a
f:windowswin32_fpc.dll
2008-12-20 22:22 . 2009-01-04 13:45dr
F:M A S H A
2008-12-13 16:09 . 2008-12-13 16:09d
f:program filesYandex
2008-12-13 16:09 . 2008-12-13 16:09d
f:documents and settingslenaApplication DataYandex
2008-12-09 20:02 . 2008-12-09 20:02d
f:program filesICQ6Toolbar
2008-12-09 20:02 . 2008-12-09 20:02d
f:documents and settingsAll UsersApplication DataICQ
2008-12-09 20:00 . 2008-12-09 20:06d
f:program filesICQ6.5.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 10:50
d—h—w f:program filesInstallShield Installation Information
2008-12-27 14:36
d
w f:program filesEnglishTr
2008-12-20 16:26
d
w f:documents and settingslenaApplication DataICQ
2008-12-04 11:22 344,064 —-a-r f:windowssystem32PCSThumbExt.dll
2008-11-26 18:12
d
w f:documents and settingslenaApplication DatauTorrent
2008-10-16 11:13 202,776 —-a-w f:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w f:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w f:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w f:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w f:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w f:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w f:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w f:windowssystem32wups.dll
2008-10-12 14:50 7,569,408 —-a-w f:windowsFontsSET27A.tmp
2008-10-12 14:32 720,896 —-a-w f:windowsFontsSETB9.tmp
.((((((((((((((((((((((((((((( snapshot@2008-12-30_22.31.04,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-04 10:55:43 68,608 —-a-w f:windowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
+ 2009-01-04 10:56:08 72,192 —-a-w f:windowsassemblyGAC_32ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
+ 2009-01-04 10:56:11 4,308,992 —-a-w f:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
+ 2009-01-04 10:56:14 482,304 —-a-w f:windowsassemblyGAC_32System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
+ 2009-01-04 10:55:58 2,878,976 —-a-w f:windowsassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll
+ 2009-01-04 10:55:29 258,048 —-a-w f:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
+ 2009-01-04 10:55:29 114,176 —-a-w f:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
+ 2009-01-04 10:56:28 260,096 —-a-w f:windowsassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
+ 2009-01-04 10:55:51 5,025,792 —-a-w f:windowsassemblyGAC_32System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll
+ 2009-01-04 10:55:39 10,752 —-a-w f:windowsassemblyGAC_MSILAccessibility2.0.0.0__b03f5f7f11d50a3aAccessibility.dll
+ 2009-01-04 10:55:28 503,808 —-a-w f:windowsassemblyGAC_MSILAspNetMMCExt2.0.0.0__b03f5f7f11d50a3aAspNetMMCExt.dll
+ 2009-01-04 10:55:32 13,312 —-a-w f:windowsassemblyGAC_MSILcscompmgd8.0.0.0__b03f5f7f11d50a3acscompmgd.dll
+ 2009-01-04 10:56:03 8,192 —-a-w f:windowsassemblyGAC_MSILIEExecRemote2.0.0.0__b03f5f7f11d50a3aIEExecRemote.dll
+ 2009-01-04 10:56:04 36,864 —-a-w f:windowsassemblyGAC_MSILIEHost2.0.0.0__b03f5f7f11d50a3aIEHost.dll
+ 2009-01-04 10:56:05 5,632 —-a-w f:windowsassemblyGAC_MSILIIEHost2.0.0.0__b03f5f7f11d50a3aIIEHost.dll
+ 2009-01-04 10:55:34 413,696 —-a-w f:windowsassemblyGAC_MSILMicrosoft.Build.Engine2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Engine.dll
+ 2009-01-04 10:55:35 36,864 —-a-w f:windowsassemblyGAC_MSILMicrosoft.Build.Framework2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Framework.dll
+ 2009-01-04 10:55:36 647,168 —-a-w f:windowsassemblyGAC_MSILMicrosoft.Build.Tasks2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Tasks.dll
+ 2009-01-04 10:55:38 73,728 —-a-w f:windowsassemblyGAC_MSILMicrosoft.Build.Utilities2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Utilities.dll
+ 2009-01-04 10:55:33 745,472 —-a-w f:windowsassemblyGAC_MSILMicrosoft.JScript8.0.0.0__b03f5f7f11d50a3aMicrosoft.JScript.dll
+ 2009-01-04 10:56:35 110,592 —-a-w f:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility.Data8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.Data.dll
+ 2009-01-04 10:56:34 372,736 —-a-w f:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.dll
+ 2009-01-04 10:55:25 28,672 —-a-w f:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Vsa.dll
+ 2009-01-04 10:56:32 667,648 —-a-w f:windowsassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.dll
+ 2009-01-04 10:56:36 5,632 —-a-w f:windowsassemblyGAC_MSILMicrosoft.VisualC8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualC.Dll
+ 2009-01-04 10:55:27 12,800 —-a-w f:windowsassemblyGAC_MSILMicrosoft.Vsa.Vb.CodeDOMProcessor8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-01-04 10:55:26 32,768 —-a-w f:windowsassemblyGAC_MSILMicrosoft.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.dll
+ 2009-01-04 10:55:27 7,168 —-a-w f:windowsassemblyGAC_MSILMicrosoft_VsaVb8.0.0.0__b03f5f7f11d50a3aMicrosoft_VsaVb.dll
+ 2009-01-04 10:56:20 110,592 —-a-w f:windowsassemblyGAC_MSILsysglobl2.0.0.0__b03f5f7f11d50a3asysglobl.dll
+ 2009-01-04 10:55:44 81,920 —-a-w f:windowsassemblyGAC_MSILSystem.Configuration.Install2.0.0.0__b03f5f7f11d50a3aSystem.Configuration.Install.dll
+ 2009-01-04 10:56:21 389,120 —-a-w f:windowsassemblyGAC_MSILSystem.Configuration2.0.0.0__b03f5f7f11d50a3aSystem.configuration.dll
+ 2009-01-04 10:56:15 716,800 —-a-w f:windowsassemblyGAC_MSILSystem.Data.SqlXml2.0.0.0__b77a5c561934e089System.Data.SqlXml.dll
+ 2009-01-04 10:55:30 884,736 —-a-w f:windowsassemblyGAC_MSILSystem.Deployment2.0.0.0__b03f5f7f11d50a3aSystem.Deployment.dll
+ 2009-01-04 10:56:02 5,050,368 —-a-w f:windowsassemblyGAC_MSILSystem.Design2.0.0.0__b03f5f7f11d50a3aSystem.Design.dll
+ 2009-01-04 10:55:46 188,416 —-a-w f:windowsassemblyGAC_MSILSystem.DirectoryServices.Protocols2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.Protocols.dll
+ 2009-01-04 10:55:45 397,312 —-a-w f:windowsassemblyGAC_MSILSystem.DirectoryServices2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.dll
+ 2009-01-04 10:55:47 81,920 —-a-w f:windowsassemblyGAC_MSILSystem.Drawing.Design2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.Design.dll
+ 2009-01-04 10:56:26 700,416 —-a-w f:windowsassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.dll
+ 2009-01-04 10:56:16 368,640 —-a-w f:windowsassemblyGAC_MSILSystem.Management2.0.0.0__b03f5f7f11d50a3aSystem.Management.dll
+ 2009-01-04 10:56:27 258,048 —-a-w f:windowsassemblyGAC_MSILSystem.Messaging2.0.0.0__b03f5f7f11d50a3aSystem.Messaging.dll
+ 2009-01-04 10:56:17 299,008 —-a-w f:windowsassemblyGAC_MSILSystem.Runtime.Remoting2.0.0.0__b77a5c561934e089System.Runtime.Remoting.dll
+ 2009-01-04 10:56:19 131,072 —-a-w f:windowsassemblyGAC_MSILSystem.Runtime.Serialization.Formatters.Soap2.0.0.0__b03f5f7f11d50a3aSystem.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-04 10:55:41 258,048 —-a-w f:windowsassemblyGAC_MSILSystem.Security2.0.0.0__b03f5f7f11d50a3aSystem.Security.dll
+ 2009-01-04 10:55:48 114,688 —-a-w f:windowsassemblyGAC_MSILSystem.ServiceProcess2.0.0.0__b03f5f7f11d50a3aSystem.ServiceProcess.dll
+ 2009-01-04 10:56:30 835,584 —-a-w f:windowsassemblyGAC_MSILSystem.Web.Mobile2.0.0.0__b03f5f7f11d50a3aSystem.Web.Mobile.dll
+ 2009-01-04 10:55:52 86,016 —-a-w f:windowsassemblyGAC_MSILSystem.Web.RegularExpressions2.0.0.0__b03f5f7f11d50a3aSystem.Web.RegularExpressions.dll
+ 2009-01-04 10:55:53 823,296 —-a-w f:windowsassemblyGAC_MSILSystem.Web.Services2.0.0.0__b03f5f7f11d50a3aSystem.Web.Services.dll
+ 2009-01-04 10:55:54 5,316,608 —-a-w f:windowsassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.dll
+ 2009-01-04 10:55:56 2,035,712 —-a-w f:windowsassemblyGAC_MSILSystem.Xml2.0.0.0__b77a5c561934e089System.XML.dll
+ 2009-01-04 10:56:25 3,018,752 —-a-w f:windowsassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.dll
+ 2009-01-04 11:45:10 26,624 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32Accessibilityef89b6df9de33e43b13fcf25f276154cAccessibility.ni.dll
+ 2009-01-04 11:45:13 860,160 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32AspNetMMCExtdc735deb0a28784fbfc748125b16f12bAspNetMMCExt.ni.dll
+ 2009-01-04 11:45:14 237,568 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32CustomMarshalersfdd3cfeecafdac499c0fb656358f3bd6CustomMarshalers.ni.dll
+ 2009-01-04 11:45:15 15,360 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32dfsvc590241d65f68ce40989a9b42746de7eddfsvc.ni.exe
+ 2009-01-04 11:45:18 880,640 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Eng#8218bbbb0f10e445bd82e53972e85e85Microsoft.Build.Engine.ni.dll
+ 2009-01-04 11:45:18 81,920 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Fra#879464ff0dd7e4488d71ed5b234ed86bMicrosoft.Build.Framework.ni.dll
+ 2009-01-04 11:45:23 1,691,648 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Tas#581a0ee329ef12429255a7bb502e8dbdMicrosoft.Build.Tasks.ni.dll
+ 2009-01-04 11:45:24 163,840 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Uti#8e5a0adb50dff5469ec2f3339a049f0eMicrosoft.Build.Utilities.ni.dll
+ 2009-01-04 11:45:28 1,724,416 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32Microsoft.VisualBas#4a7f693cdaa72141a17b8e00db09d68aMicrosoft.VisualBasic.ni.dll
+ 2009-01-04 10:58:00 11,411,456 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32mscorlib222178571e632f41a02963cf53d2c3ccmscorlib.ni.dll
+ 2009-01-04 11:45:30 962,560 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Configurationf595eff0df963f4aa0b134d4c12fe450System.Configuration.ni.dll
+ 2009-01-04 10:59:50 6,688,768 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Data88126f1ac6ccf445a1eba59c93968119System.Data.ni.dll
+ 2009-01-04 11:45:33 1,712,128 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Deploymentfef494bd58aadd499989ae93c4ce048aSystem.Deployment.ni.dll
+ 2009-01-04 11:00:19 10,723,328 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Design761d332bc660264d8f1089c5827f6b9aSystem.Design.ni.dll
+ 2009-01-04 11:45:38 512,000 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.DirectorySer#7ce35d92a44f8a4db251f6cd1e1534c4System.DirectoryServices.Protocols.ni.dll
+ 2009-01-04 11:45:36 1,220,608 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.DirectorySer#ed718fca1eae7147a872e5fd3fa73889System.DirectoryServices.ni.dll
+ 2009-01-04 10:58:42 229,376 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Drawing.Desi#a6406758dc51be44914ecce837558c57System.Drawing.Design.ni.dll
+ 2009-01-04 10:58:49 1,626,112 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Drawing85943a29af4019469c824b588b11180cSystem.Drawing.ni.dll
+ 2009-01-04 11:45:40 659,456 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#4241c2980068b34d8b9db04ec6fb4b80System.EnterpriseServices.ni.dll
+ 2009-01-04 11:45:40 294,912 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#4241c2980068b34d8b9db04ec6fb4b80System.EnterpriseServices.Wrapper.dll
+ 2009-01-04 11:45:41 729,088 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Security35bb207dca149645bf9ee1868b2fe993System.Security.ni.dll
+ 2009-01-04 11:45:43 684,032 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Transactionsb6bb1b054a285f43a0fdf837b14355a4System.Transactions.ni.dll
+ 2009-01-04 11:46:18 2,310,144 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Web.Mobile5ad6ce6e92928447867140858c37f4efSystem.Web.Mobile.ni.dll
+ 2009-01-04 11:46:19 237,568 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Web.RegularE#30e72af04f3541428b7d5cbf624ab066System.Web.RegularExpressions.ni.dll
+ 2009-01-04 11:46:23 1,945,600 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Web.Servicesfb48a323b9a3154ca155ee4919ca960aSystem.Web.Services.ni.dll
+ 2009-01-04 11:46:10 11,808,768 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Web448742c7ab0b8c49802c806f2c157e5aSystem.Web.ni.dll
+ 2009-01-04 10:59:18 13,107,200 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms9fb26ccb5174414094513b7435c460c6System.Windows.Forms.ni.dll
+ 2009-01-04 10:59:32 5,640,192 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32System.Xml58d133ac4321284486d2b74368785b5cSystem.Xml.ni.dll
+ 2009-01-04 10:58:36 8,093,696 —-a-w f:windowsassemblyNativeImages_v2.0.50727_32Systemc6f09bcf251b7641a818ff59848a4f69System.ni.dll
+ 2005-10-20 17:02:28 163,328 —-a-w f:windowsERDNTsubsERDNT.EXE
+ 2005-09-23 04:28:52 72,704 —-a-w f:windowsMicrosoft.NETFrameworkNETFXSBS10.exe
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_diasymreader.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_iehost.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_microsoft.jscript.dll
+ 2005-09-23 04:29:04 5,632 —-a-w f:windowsMicrosoft.NETFrameworksbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_mscordbi.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_mscorrc.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_mscorsec.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_system.configuration.install.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_system.data.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_system.enterpriseservices.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_VsaVb7rt.dll
+ 2005-09-23 04:29:04 5,120 —-a-w f:windowsMicrosoft.NETFrameworksbs_wminet_utils.dll
+ 2005-09-23 04:28:52 7,680 —-a-w f:windowsMicrosoft.NETFrameworksbscmp10.dll
+ 2005-09-23 04:28:56 7,680 —-a-w f:windowsMicrosoft.NETFrameworksbscmp20_mscorwks.dll
+ 2005-09-23 04:28:58 7,680 —-a-w f:windowsMicrosoft.NETFrameworksbscmp20_perfcounter.dll
+ 2005-09-23 04:28:56 7,680 —-a-w f:windowsMicrosoft.NETFrameworkSharedReg12.dll
+ 2005-09-23 04:28:52 86,528 —-a-w f:windowsMicrosoft.NETFrameworkv1.0.3705mscormmc.dll
+ 2005-09-23 04:28:36 18,944 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.507271033alinkui.dll
+ 2005-09-23 04:28:42 136,192 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.507271033cscompui.dll
+ 2005-09-23 04:28:44 4,608 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.507271033CvtResUI.dll
+ 2005-09-23 04:29:04 183,808 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.507271033vbc7ui.dll
+ 2005-09-23 04:28:28 208,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.507271033Vsavb7rtUI.dll
+ 2005-09-23 04:28:56 10,752 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Accessibility.dll
+ 2005-09-23 04:28:58 138,240 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727AdoNetDiag.dll
+ 2005-09-23 04:28:36 87,552 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727alink.dll
+ 2005-09-23 04:28:58 55,488 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727AppLaunch.exe
+ 2005-09-23 04:28:32 36,864 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_compiler.exe
+ 2005-09-23 04:28:32 10,752 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_filter.dll
+ 2005-09-23 04:28:32 8,192 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_isapi.dll
+ 2005-09-23 04:28:32 23,552 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Aspnet_perf.dll
+ 2005-09-23 04:28:32 70,656 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_rc.dll
+ 2005-09-23 04:28:32 13,824 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regbrowsers.exe
+ 2005-09-23 04:28:32 26,824 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe
+ 2005-09-23 04:28:32 106,496 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regsql.exe
+ 2005-09-23 04:28:32 29,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe
+ 2005-09-23 04:28:32 29,888 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_wp.exe
+ 2005-09-23 04:28:32 503,808 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727AspNetMMCExt.dll
+ 2005-09-23 04:28:56 106,496 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727CasPol.exe
+ 2005-09-23 04:28:56 88,576 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727CORPerfMonExt.dll
+ 2005-09-23 04:28:42 76,984 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727csc.exe
+ 2005-09-23 04:28:42 1,144,832 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727cscomp.dll
+ 2005-09-23 04:28:42 13,312 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727cscompmgd.dll
+ 2005-09-23 04:28:58 17,920 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Culture.dll
+ 2005-09-23 04:28:56 68,608 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727CustomMarshalers.dll
+ 2005-09-23 04:28:44 31,936 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727cvtres.exe
+ 2005-09-23 04:28:38 52,736 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727dfdll.dll
+ 2005-09-23 04:28:38 4,608 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727dfsvc.exe
+ 2005-09-23 04:29:12 547,840 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727diasymreader.dll
+ 2005-09-23 04:28:56 788,992 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727EventLogMessages.dll
+ 2005-09-23 04:28:50 9,216 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727fusion.dll
+ 2005-09-23 04:28:56 9,728 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727IEExec.exe
+ 2005-09-23 04:28:56 8,192 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727IEExecRemote.dll
+ 2005-09-23 04:28:56 36,864 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727IEHost.dll
+ 2005-09-23 04:28:56 5,632 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727IIEHost.dll
+ 2005-09-23 04:28:56 224,952 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727ilasm.exe
+ 2005-09-23 04:28:56 28,672 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727InstallUtil.exe
+ 2005-09-23 04:28:56 55,296 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727InstallUtilLib.dll
+ 2005-09-23 04:28:56 72,192 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727ISymWrapper.dll
+ 2005-09-23 04:28:48 40,960 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727jsc.exe
+ 2005-09-23 04:01:16 609,472 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
+ 2005-09-23 03:29:48 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1025.dll
+ 2005-09-23 03:32:24 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1028.dll
+ 2005-09-23 03:34:10 82,944 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1029.dll
+ 2005-09-23 03:34:12 81,920 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1030.dll
+ 2005-09-23 03:34:44 85,504 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1031.dll
+ 2005-09-23 03:36:24 87,552 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1032.dll
+ 2005-09-23 00:46:14 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1033.dll
+ 2005-09-23 03:38:26 81,408 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1035.dll
+ 2005-09-23 03:38:52 86,016 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1036.dll
+ 2005-09-23 03:40:30 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1037.dll
+ 2005-09-23 03:40:32 83,968 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1038.dll
+ 2005-09-23 03:40:56 84,480 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1040.dll
+ 2005-09-23 03:42:58 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1041.dll
+ 2005-09-23 03:44:58 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1042.dll
+ 2005-09-23 03:46:38 83,456 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1043.dll
+ 2005-09-23 03:46:38 81,920 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1044.dll
+ 2005-09-23 03:46:40 83,456 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1045.dll
+ 2005-09-23 03:47:04 82,432 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1046.dll
+ 2005-09-23 03:47:30 82,432 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1049.dll
+ 2005-09-23 03:47:32 81,920 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1053.dll
+ 2005-09-23 03:47:32 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1055.dll
+ 2005-09-23 03:30:18 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.2052.dll
+ 2005-09-23 03:47:06 84,480 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.2070.dll
+ 2005-09-23 03:29:50 80,896 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.3076.dll
+ 2005-09-23 03:36:48 85,504 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.3082.dll
+ 2005-09-23 04:57:06 245,408 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0unicows.dll
+ 2005-09-23 04:28:48 413,696 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Engine.dll
+ 2005-09-23 04:28:48 36,864 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Framework.dll
+ 2005-09-23 04:28:48 647,168 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Tasks.dll
+ 2005-09-23 04:28:48 73,728 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Utilities.dll
+ 2005-09-23 04:28:48 745,472 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.JScript.dll
+ 2005-09-23 04:29:10 110,592 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 04:29:10 372,736 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 04:29:08 667,648 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.dll
+ 2005-09-23 04:28:30 28,672 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 04:29:10 5,632 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualC.Dll
+ 2005-09-23 04:28:30 32,768 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Vsa.dll
+ 2005-09-23 04:28:30 12,800 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 04:28:30 7,168 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft_VsaVb.dll
+ 2005-09-23 04:28:32 87,552 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727MmcAspExt.dll
+ 2005-09-23 04:28:48 69,632 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727MSBuild.exe
+ 2005-09-23 04:28:56 800,768 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscordacwks.dll
+ 2005-09-23 04:28:56 73,216 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscordbc.dll
+ 2005-09-23 04:28:56 288,768 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscordbi.dll
+ 2005-09-23 04:28:56 36,864 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorie.dll
+ 2005-09-23 04:28:56 326,144 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorjit.dll
+ 2005-09-23 04:28:56 81,408 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorld.dll
+ 2005-09-23 04:28:56 4,308,992 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorlib.dll
+ 2005-09-23 04:28:56 102,400 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorpe.dll
+ 2005-09-23 04:29:00 330,752 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorrc.dll
+ 2005-09-23 04:28:56 67,072 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorsec.dll
+ 2005-09-23 04:28:50 9,216 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorsn.dll
+ 2005-09-23 04:28:56 226,816 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorsvc.dll
+ 2005-09-23 04:28:56 66,240 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
+ 2005-09-23 04:28:56 10,240 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscortim.dll
+ 2005-09-23 04:28:50 5,615,616 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
+ 2005-09-23 04:29:00 22,528 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727MUI0409mscorsecr.dll
+ 2005-09-23 04:28:56 96,440 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727ngen.exe
+ 2005-09-23 04:28:56 14,848 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727normalization.dll
+ 2005-09-23 04:28:56 78,336 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727PerfCounter.dll
+ 2005-09-23 04:28:50 136,192 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727peverify.dll
+ 2005-09-23 04:28:56 53,248 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727RegAsm.exe
+ 2005-09-23 04:28:56 32,768 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727RegSvcs.exe
+ 2005-09-23 04:29:02 59,072 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727regtlibv12.exe
+ 2005-09-23 04:28:58 7,680 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727sbscmp20_mscorlib.dll
+ 2005-09-23 04:28:56 107,520 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727shfusion.dll
+ 2005-09-23 04:29:00 85,504 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727ShFusRes.dll
+ 2005-09-23 04:28:56 377,344 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727SOS.dll
+ 2005-09-23 04:28:56 110,592 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727sysglobl.dll
+ 2005-09-23 04:28:58 389,120 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.configuration.dll
+ 2005-09-23 04:28:56 81,920 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Configuration.Install.dll
+ 2005-09-23 04:28:56 2,878,976 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.dll
+ 2005-09-23 04:28:56 482,304 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.OracleClient.dll
+ 2005-09-23 04:28:56 716,800 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.SqlXml.dll
+ 2005-09-23 04:28:38 884,736 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Deployment.dll
+ 2005-09-23 04:28:56 5,050,368 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Design.dll
+ 2005-09-23 04:28:56 397,312 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.DirectoryServices.dll
+ 2005-09-23 04:28:56 188,416 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.DirectoryServices.Protocols.dll
+ 2005-09-23 04:28:56 3,018,752 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.dll
+ 2005-09-23 04:28:56 81,920 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Drawing.Design.dll
+ 2005-09-23 04:28:56 700,416 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Drawing.dll
+ 2005-09-23 04:28:56 258,048 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.dll
+ 2005-09-23 04:28:56 47,616 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.Thunk.dll
+ 2005-09-23 04:28:56 114,176 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 04:28:56 368,640 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Management.dll
+ 2005-09-23 04:28:56 258,048 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Messaging.dll
+ 2005-09-23 04:28:56 299,008 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Runtime.Remoting.dll
+ 2005-09-23 04:28:56 131,072 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 04:28:56 258,048 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Security.dll
+ 2005-09-23 04:28:56 114,688 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.ServiceProcess.dll
+ 2005-09-23 04:28:56 260,096 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Transactions.dll
+ 2005-09-23 04:28:56 5,025,792 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.dll
+ 2005-09-23 04:28:56 835,584 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.Mobile.dll
+ 2005-09-23 04:28:56 86,016 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.RegularExpressions.dll
+ 2005-09-23 04:28:56 823,296 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.Services.dll
+ 2005-09-23 04:28:56 5,316,608 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.Windows.Forms.dll
+ 2005-09-23 04:28:56 2,035,712 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727System.XML.dll
+ 2005-09-23 04:28:56 71,680 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727TLBREF.DLL
+ 2005-09-23 04:29:06 1,140,920 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727vbc.exe
+ 2005-09-23 04:28:30 1,306,624 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727VsaVb7rt.dll
+ 2005-09-23 04:28:32 298,496 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727webengine.dll
+ 2005-09-23 04:28:56 28,160 —-a-w f:windowsMicrosoft.NETFrameworkv2.0.50727WMINet_Utils.dll
+ 2005-09-23 04:28:38 83,456 —-a-w f:windowssystem32dfshim.dll
— 2004-08-18 12:00:00 2,804,224 -c—a-w f:windowssystem32dllcachemsi.dll
+ 2005-05-03 09:58:36 2,890,240 -c—a-w f:windowssystem32dllcachemsi.dll
— 2004-08-18 12:00:00 77,312 -c—a-w f:windowssystem32dllcachemsiexec.exe
+ 2005-05-03 09:58:36 78,848 -c—a-w f:windowssystem32dllcachemsiexec.exe
— 2004-08-18 12:00:00 331,264 -c—a-w f:windowssystem32dllcachemsihnd.dll
+ 2005-05-03 09:58:36 271,360 -c—a-w f:windowssystem32dllcachemsihnd.dll
— 2004-08-18 12:00:00 884,736 -c—a-w f:windowssystem32dllcachemsimsg.dll
+ 2005-05-03 09:58:36 884,736 -c—a-w f:windowssystem32dllcachemsimsg.dll
— 2004-08-18 12:00:00 44,032 -c—a-w f:windowssystem32dllcachemsisip.dll
+ 2005-05-03 09:58:36 15,360 -c—a-w f:windowssystem32dllcachemsisip.dll
+ 2004-08-18 12:00:00 18,944 -c—a-w f:windowssystem32dllcachevmmreg32.dll
— 2008-08-03 11:58:40 114,176 —-a-w f:windowssystem32FNTCACHE.DAT
+ 2009-01-04 11:04:05 118,952 —-a-w f:windowssystem32FNTCACHE.DAT
+ 2008-06-24 06:05:12 183,296 —-a-w f:windowssystem32lfacs14s.dll
+ 2008-06-24 06:02:32 247,296 —-a-w f:windowssystem32lfAFP14s.dll
+ 2008-06-24 06:02:34 18,432 —-a-w f:windowssystem32lfani14s.dll
+ 2008-06-24 06:02:34 12,288 —-a-w f:windowssystem32lfavi14s.dll
+ 2008-06-24 06:05:50 32,768 —-a-w f:windowssystem32lfawd14s.dll
+ 2008-06-24 06:02:36 23,552 —-a-w f:windowssystem32lfbmp14s.dll
+ 2008-06-24 06:03:42 22,016 —-a-w f:windowssystem32lfcal14s.dll
+ 2008-06-24 06:05:00 233,984 —-a-w f:windowssystem32lfcgm14s.dll
+ 2008-06-24 06:03:26 13,824 —-a-w f:windowssystem32lfcin14s.dll
+ 2008-06-24 06:02:38 17,408 —-a-w f:windowssystem32lfclp14s.dll
+ 2008-06-24 05:42:10 376,832 —-a-w f:windowssystem32LFCMP14n.DLL
+ 2008-06-24 06:02:44 388,608 —-a-w f:windowssystem32LFCMP14s.DLL
+ 2008-06-24 06:03:08 424,448 —-a-w f:windowssystem32LFCMW14s.dll
+ 2008-06-24 06:05:18 205,824 —-a-w f:windowssystem32LfCMX14s.dll
+ 2008-06-24 06:03:26 11,776 —-a-w f:windowssystem32lfcrw14s.dll
+ 2008-06-24 06:03:24 13,312 —-a-w f:windowssystem32lfCUT14s.dll
+ 2008-06-23 14:05:24 16,384 —-a-w f:windowssystem32LFDCR14s.dll
+ 2008-06-24 06:03:26 8,192 —-a-w f:windowssystem32lfDCS14s.dll
+ 2008-06-24 06:05:00 361,472 —-a-w f:windowssystem32Lfdgn14s.dll
+ 2008-06-23 14:05:32 1,860,096 —-a-w f:windowssystem32LFDJV14s.dll
+ 2008-06-24 06:05:02 202,752 —-a-w f:windowssystem32lfdrw14s.dll
+ 2008-06-24 06:05:52 1,196,032 —-a-w f:windowssystem32lfdwf14s.dll
+ 2008-06-24 06:05:04 289,280 —-a-w f:windowssystem32lfdwg14s.dll
+ 2008-06-24 06:05:56 315,392 —-a-w f:windowssystem32lfdxf14s.dll
+ 2008-06-24 06:03:28 12,800 —-a-w f:windowssystem32lfecw14s.dll
+ 2008-06-24 06:03:40 20,480 —-a-w f:windowssystem32lfeps14s.dll
+ 2008-06-24 06:03:40 79,360 —-a-w f:windowssystem32lffax14s.dll
+ 2008-06-24 06:03:42 14,848 —-a-w f:windowssystem32lffit14s.dll
+ 2008-06-24 06:03:42 32,256 —-a-w f:windowssystem32lfflc14s.dll
+ 2008-06-24 06:03:44 52,736 —-a-w f:windowssystem32lffpx14s.dll
+ 2008-06-24 06:05:44 219,136 —-a-w f:windowssystem32LfGbr14s.dll
+ 2008-06-24 06:03:46 28,160 —-a-w f:windowssystem32LFGIF14s.dll
+ 2008-06-24 06:03:48 26,624 —-a-w f:windowssystem32lfica14s.dll
+ 2008-06-24 06:03:48 20,992 —-a-w f:windowssystem32lfiff14s.dll
+ 2008-06-24 06:03:48 13,312 —-a-w f:windowssystem32lfimg14s.dll
+ 2008-06-24 06:03:50 13,312 —-a-w f:windowssystem32lfitg14s.dll
+ 2008-06-24 06:04:02 221,184 —-a-w f:windowssystem32LFJ2K14s.dll
+ 2008-06-24 06:03:52 65,536 —-a-w f:windowssystem32lfjbg14s.dll
+ 2008-06-24 06:04:12 11,264 —-a-w f:windowssystem32lfKDC14s.dll
+ 2008-06-24 06:04:12 22,016 —-a-w f:windowssystem32lflma14s.dll
+ 2008-06-24 06:04:14 17,920 —-a-w f:windowssystem32lflmb14s.dll
+ 2008-06-24 06:04:14 12,288 —-a-w f:windowssystem32lfmac14s.dll
+ 2008-06-24 06:04:14 78,848 —-a-w f:windowssystem32lfmpg14s.dll
+ 2008-06-24 06:04:16 12,288 —-a-w f:windowssystem32lfmsp14s.dll
+ 2008-06-24 06:04:16 13,312 —-a-w f:windowssystem32lfpcd14s.dll
+ 2008-06-24 06:05:48 264,704 —-a-w f:windowssystem32lfPCL14s.dll
+ 2008-06-24 06:06:00 61,440 —-a-w f:windowssystem32lfpct14s.dll
+ 2008-06-24 06:04:18 18,944 —-a-w f:windowssystem32lfpcx14s.dll
+ 2008-06-24 06:04:44 155,648 —-a-w f:windowssystem32Lfpdf14s.dll
+ 2008-06-24 06:04:20 172,544 —-a-w f:windowssystem32Lfpng14s.dll
+ 2008-06-24 06:04:20 15,872 —-a-w f:windowssystem32LFPNM14s.dll
+ 2008-06-24 06:04:22 72,192 —-a-w f:windowssystem32lfpsd14s.dll
+ 2008-06-24 06:04:56 226,304 —-a-w f:windowssystem32lfpsp14s.dll
+ 2008-06-24 06:04:22 34,816 —-a-w f:windowssystem32lfptk14s.dll
+ 2008-06-24 06:04:24 13,824 —-a-w f:windowssystem32lfras14s.dll
+ 2008-06-24 06:04:58 10,752 —-a-w f:windowssystem32lfRaw14s.dll
+ 2008-06-23 14:13:40 49,152 —-a-w f:windowssystem32lfRTF14s.dll
+ 2008-06-24 06:04:58 13,312 —-a-w f:windowssystem32lfsct14s.dll
+ 2008-06-23 14:12:52 15,360 —-a-w f:windowssystem32lfSFF14s.dll
+ 2008-06-24 06:04:24 13,312 —-a-w f:windowssystem32lfsgi14s.dll
+ 2008-06-24 06:05:44 186,880 —-a-w f:windowssystem32lfshp14s.dll
+ 2008-06-24 06:06:02 1,220,608 —-a-w f:windowssystem32Lfsid14s.dll
+ 2008-06-24 06:04:24 11,776 —-a-w f:windowssystem32LFSMP14s.dll
+ 2008-06-24 06:05:20 709,120 —-a-w f:windowssystem32lfsvg14s.dll
+ 2008-06-24 06:04:58 50,688 —-a-w f:windowssystem32lfTFX14s.dll
+ 2008-06-24 06:04:24 16,896 —-a-w f:windowssystem32lftga14s.dll
+ 2008-06-24 06:04:30 148,480 —-a-w f:windowssystem32lftif14s.dll
+ 2008-06-23 14:12:40 174,592 —-a-w f:windowssystem32lfvec14s.dll
+ 2008-06-24 06:05:42 196,096 —-a-w f:windowssystem32lfvpg14s.dll
+ 2008-06-24 06:04:32 13,824 —-a-w f:windowssystem32lfwfx14s.dll
+ 2008-06-24 06:04:34 19,456 —-a-w f:windowssystem32lfwmf14s.dll
+ 2008-06-24 06:04:34 11,776 —-a-w f:windowssystem32lfwmp14s.dll
+ 2008-06-24 06:04:36 305,152 —-a-w f:windowssystem32lfwmz14s.dll
+ 2008-06-24 06:04:38 13,824 —-a-w f:windowssystem32lfwpg14s.dll
+ 2008-06-24 06:04:38 14,848 —-a-w f:windowssystem32lfXbm14s.dll
+ 2008-06-24 06:04:38 25,600 —-a-w f:windowssystem32lfXpm14s.dll
+ 2008-06-24 06:04:40 18,432 —-a-w f:windowssystem32lfxwd14s.dll
+ 2008-06-23 08:27:30 1,777,152 —-a-w f:windowssystem32LTCLR14s.dll
+ 2008-06-24 06:03:34 1,441,280 —-a-w f:windowssystem32LTDic14s.dll
+ 2008-06-23 07:33:18 262,144 —-a-w f:windowssystem32LTDIS14n.dll
+ 2008-06-23 07:34:10 237,568 —-a-w f:windowssystem32ltefx14n.dll
+ 2008-06-23 07:33:28 155,648 —-a-w f:windowssystem32ltfil14n.DLL
+ 2008-06-23 07:34:08 1,122,304 —-a-w f:windowssystem32Ltimg14n.dll
+ 2008-06-23 07:33:08 442,368 —-a-w f:windowssystem32ltkrn14n.dll
+ 2008-06-24 05:58:08 815,104 —-a-w f:windowssystem32LTR14N.DLL
+ 2008-06-24 05:58:42 1,373,184 —-a-w f:windowssystem32LTRDF14N.DLL
+ 2008-06-24 05:58:36 1,298,432 —-a-w f:windowssystem32LTRDK14N.DLL
+ 2008-06-24 05:58:10 363,520 —-a-w f:windowssystem32LTRIO14N.DLL
+ 2008-06-24 05:58:12 1,447,424 —-a-w f:windowssystem32LTRPR14N.DLL
+ 2008-06-24 05:59:14 736,256 —-a-w f:windowssystem32LTRTN14N.DLL
+ 2008-06-23 14:25:52 65,392 —-a-w f:windowssystem32LTRVR14N.DLL
+ 2005-09-23 04:28:52 270,848 —-a-w f:windowssystem32mscoree.dll
+ 2005-09-23 04:28:52 150,016 —-a-w f:windowssystem32mscorier.dll
+ 2005-09-23 04:28:52 74,240 —-a-w f:windowssystem32mscories.dll
— 2004-08-18 12:00:00 2,804,224 —-a-w f:windowssystem32msi.dll
+ 2005-05-03 09:58:36 2,890,240 —-a-w f:windowssystem32msi.dll
— 2004-08-18 12:00:00 77,312 —-a-w f:windowssystem32msiexec.exe
+ 2005-05-03 09:58:36 78,848 —-a-w f:windowssystem32msiexec.exe
— 2004-08-18 12:00:00 331,264 —-a-w f:windowssystem32msihnd.dll
+ 2005-05-03 09:58:36 271,360 —-a-w f:windowssystem32msihnd.dll
— 2004-08-18 12:00:00 884,736 —-a-w f:windowssystem32msimsg.dll
+ 2005-05-03 09:58:36 884,736 —-a-w f:windowssystem32msimsg.dll
— 2004-08-18 12:00:00 44,032 —-a-w f:windowssystem32msisip.dll
+ 2005-05-03 09:58:36 15,360 —-a-w f:windowssystem32msisip.dll
+ 2005-09-23 04:29:00 6,144 —-a-w f:windowssystem32mui0409mscorees.dll
+ 2005-09-23 04:28:56 32,768 —-a-w f:windowssystem32netfxperf.dll
+ 2003-09-25 11:41:00 110,592 —-a-r f:windowssystem32PCS7.dll
— 2008-10-26 03:24:58 40,128 —-a-w f:windowssystem32perfc009.dat
+ 2009-01-04 11:00:29 58,732 —-a-w f:windowssystem32perfc009.dat
— 2008-10-26 03:24:58 49,552 —-a-w f:windowssystem32perfc019.dat
+ 2009-01-04 11:00:29 70,336 —-a-w f:windowssystem32perfc019.dat
— 2008-10-26 03:24:58 311,740 —-a-w f:windowssystem32perfh009.dat
+ 2009-01-04 11:00:29 392,432 —-a-w f:windowssystem32perfh009.dat
— 2008-10-26 03:24:58 346,452 —-a-w f:windowssystem32perfh019.dat
+ 2009-01-04 11:00:29 432,796 —-a-w f:windowssystem32perfh019.dat
+ 2005-05-03 09:58:32 14,048
w f:windowssystem32spmsg.dll
+ 2009-01-05 13:34:14 16,384 —-atw f:windowsTempPerflib_Perfdata_478.dat
+ 2005-09-23 04:29:16 479,232 —-a-w f:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcm80.dll
+ 2005-09-23 04:29:16 548,864 —-a-w f:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcp80.dll
+ 2005-09-23 04:29:16 626,688 —-a-w f:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcr80.dll
+ 2009-01-04 10:55:29 258,048 —-a-w f:windowsWinSxSx86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790System.EnterpriseServices.dll
+ 2009-01-04 10:55:29 114,176 —-a-w f:windowsWinSxSx86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790System.EnterpriseServices.Wrapper.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»f:windowssystem32ctfmon.exe» [2004-08-18 15360]f:windowssystem32webmin
VIDEO.bkp [2009-01-05 30080]
vmmreg32.bkp [2009-01-05 249856][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R1 aswSP;avast! Self Protection;f:windowssystem32driversaswSP.sys [2008-07-06 111184]
R4 aswFsBlk;aswFsBlk;f:windowssystem32driversaswFsBlk.sys [2008-07-06 20560]
R4 ICQ Service;ICQ Service;f:program filesICQ6ToolbarICQ Service.exe [2008-12-09 222456]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
mStart Page = hxxp://www.google.com
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 16:34:52
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
f:program filesAlwil SoftwareAvast4aswUpdSv.exe
f:program filesAlwil SoftwareAvast4ashServ.exe
f:windowssystem32CAP3RSK.EXE
f:windowssystem32spooldriversw32x863CAP3SWK.EXE
f:program filesAlwil SoftwareAvast4ashMaiSv.exe
f:program filesAlwil SoftwareAvast4ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-01-05 16:37:13 — machine was rebooted [lena]
ComboFix-quarantined-files.txt 2009-01-05 13:37:09
ComboFix2.txt 2009-01-03 18:18:09
ComboFix3.txt 2009-01-03 16:50:38
ComboFix4.txt 2008-12-30 19:31:44Pre-Run: 18 254 036 992 байт свободно
Post-Run: 18,250,903,552 байт свободно514
Так, все сделала.
Вот вопрос — появляется иногда сообщение, что готовы обновления для windows.
Как поступать в этом случае? Обновлять или нет? Просто несколько раз мы обновляли и мне кажется, что после этого появились проблемы с компьютером.Да, пробовала, но все равно выдает, что установка не выполнена.
Сейчас буду пробовать то, что Вы написали.
При перезагрузке компьютера появилось сообщение, что не удалось открыть файл vmmreg32.bkp и файл VIDEO.bkpComboFix 09-01-01.02 — lena 2009-01-03 21:14:00.4 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.255.55 [GMT 3:00]
Running from: f:documents and settingslenaРабочий столComboFix.exe
Command switches used :: f:documents and settingslenaРабочий столCFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090103-0] *On-access scanning disabled* (Outdated)
* Created a new restore pointFILE ::
f:windowssystem32driversethjpdjf.sys
f:windowssystem32DriversWinjp51.sys
f:windowsSYSTEM32VIDEO.sys
f:windowssystem32vmmreg32.dll
f:windowssystem32winhelp32.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.f:windowssystem32clrs.tmp
.
—- Previous Run
.
f:windowssystem32clrs.tmp
f:windowssystem32driversethjpdjf.sysf:windowssystem32winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_WINJP51
Service_ethjpdjf
Service_Winjp51((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.2009-01-03 21:01 . 2009-01-03 21:01 0 —a
F:bootcats.sys
2008-12-27 20:58 . 2008-12-27 20:58d
F:_OTMoveIt
2008-12-27 17:25 . 2008-12-27 17:26d
F:rsit
2008-12-27 17:25 . 2008-12-27 21:23d
f:program filestrend micro
2008-12-26 10:04 . 2008-12-26 10:05 163,840 —a
f:windowswin32_fpc.dll
2008-12-20 22:22 . 2009-01-03 19:38dr
F:M A S H A
2008-12-13 16:09 . 2008-12-13 16:09d
f:program filesYandex
2008-12-13 16:09 . 2008-12-13 16:09d
f:documents and settingslenaApplication DataYandex
2008-12-09 20:02 . 2008-12-09 20:02d
f:program filesICQ6Toolbar
2008-12-09 20:02 . 2008-12-09 20:02d
f:documents and settingsAll UsersApplication DataICQ
2008-12-09 20:00 . 2008-12-09 20:06d
f:program filesICQ6.5.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 14:36
d
w f:program filesEnglishTr
2008-12-20 16:26
d
w f:documents and settingslenaApplication DataICQ
2008-12-09 17:02
d—h—w f:program filesInstallShield Installation Information
2008-11-26 18:12
d
w f:documents and settingslenaApplication DatauTorrent
2008-10-16 11:13 202,776 —-a-w f:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w f:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w f:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w f:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w f:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w f:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w f:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w f:windowssystem32wups.dll
2008-10-12 14:50 7,569,408 —-a-w f:windowsFontsSET27A.tmp
2008-10-12 14:32 720,896 —-a-w f:windowsFontsSETB9.tmp
.((((((((((((((((((((((((((((( snapshot@2008-12-30_22.31.04,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 —-a-w f:windowsERDNTsubsERDNT.EXE
— 2008-10-26 03:24:58 40,128 —-a-w f:windowssystem32perfc009.dat
+ 2008-12-30 19:38:26 40,128 —-a-w f:windowssystem32perfc009.dat
— 2008-10-26 03:24:58 49,552 —-a-w f:windowssystem32perfc019.dat
+ 2008-12-30 19:38:26 49,552 —-a-w f:windowssystem32perfc019.dat
— 2008-10-26 03:24:58 311,740 —-a-w f:windowssystem32perfh009.dat
+ 2008-12-30 19:38:26 311,740 —-a-w f:windowssystem32perfh009.dat
— 2008-10-26 03:24:58 346,452 —-a-w f:windowssystem32perfh019.dat
+ 2008-12-30 19:38:26 346,452 —-a-w f:windowssystem32perfh019.dat
+ 2009-01-03 18:08:26 16,384 —-atw f:windowsTempPerflib_Perfdata_480.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}]
%SystemRoot%system32vmmreg32.dll [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»f:windowssystem32ctfmon.exe» [2004-08-18 15360]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowsCurrentversionpoliciesexplorerRun]
«1»=»f:windowssystem32winhelp32.exe» [BU][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=vmmreg32.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVIDEO]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R1 aswSP;avast! Self Protection;f:windowssystem32driversaswSP.sys [2008-07-06 111184]
R1 VIDEO;VIDEO;??f:windowsSYSTEM32VIDEO.sys []
R2 aswFsBlk;aswFsBlk;f:windowssystem32DRIVERSaswFsBlk.sys [2008-07-06 20560]
R2 ICQ Service;ICQ Service;f:program filesICQ6ToolbarICQ Service.exe [2008-12-09 222456]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
mStart Page = hxxp://www.google.com
TCP: {55DD82DA-9A60-4718-BE6D-BB10019C4D60} = 213.234.192.7 85.21.192.5
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 21:17:05
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
f:windowsvmmreg32.dll 18944 bytes executable
f:windowsSYSTEM32webminVIDEO.bkp 0 bytes
f:windowsSYSTEM32webminvmmreg32.bkp 249856 bytes executable
f:windowsSYSTEM32webminVIDEO.bkp 0 bytes
f:windowsSYSTEM32webminvmmreg32.bkp 249856 bytes executable
f:windowssystem32webmin
f:windowssystem32VIDEO.sys 0 bytes
f:windowssystem32vmmreg32.dll 249856 bytes executablescan completed successfully
hidden files: 8**************************************************************************
.
Completion time: 2009-01-03 21:18:07
ComboFix-quarantined-files.txt 2009-01-03 18:18:00
ComboFix2.txt 2009-01-03 16:50:38
ComboFix3.txt 2008-12-30 19:31:44Pre-Run: 18,953,916,416 байт свободно
Post-Run: 18,950,582,272 байт свободно153
Знаете, вот еще когда делали полное сканирование антивирусом, то выдавало сообщение, что вирус в системных файлах…Не знали, как это убрать.
omboFix 09-01-01.02 — lena 2009-01-03 19:44:08.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.255.88 [GMT 3:00]
Running from: f:documents and settingslenaРабочий столComboFix.exe
Command switches used :: f:documents and settingslenaРабочий столWinXP_EN_HOM_BF.EXE
AV: avast! antivirus 4.8.1296 [VPS 090103-0] *On-access scanning disabled* (Outdated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.f:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
f:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
f:windowssystem32clrs.tmp
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
f:windowssystem32winlogon.exe . . . is infected!!.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.2008-12-27 20:58 . 2008-12-27 20:58
d
F:_OTMoveIt
2008-12-27 17:25 . 2008-12-27 17:26d
F:rsit
2008-12-27 17:25 . 2008-12-27 21:23d
f:program filestrend micro
2008-12-26 10:04 . 2008-12-26 10:05 163,840 —a
f:windowswin32_fpc.dll
2008-12-20 22:22 . 2009-01-03 19:38dr
F:M A S H A
2008-12-13 16:09 . 2008-12-13 16:09d
f:program filesYandex
2008-12-13 16:09 . 2008-12-13 16:09d
f:documents and settingslenaApplication DataYandex
2008-12-09 20:02 . 2008-12-09 20:02d
f:program filesICQ6Toolbar
2008-12-09 20:02 . 2008-12-09 20:02d
f:documents and settingsAll UsersApplication DataICQ
2008-12-09 20:00 . 2008-12-09 20:06d
f:program filesICQ6.5.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 14:36
d
w f:program filesEnglishTr
2008-12-20 16:26
d
w f:documents and settingslenaApplication DataICQ
2008-12-09 17:02
d—h—w f:program filesInstallShield Installation Information
2008-11-26 18:12
d
w f:documents and settingslenaApplication DatauTorrent
2008-10-16 11:13 202,776 —-a-w f:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w f:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w f:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w f:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w f:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w f:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w f:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w f:windowssystem32wups.dll
2008-10-12 14:50 7,569,408 —-a-w f:windowsFontsSET27A.tmp
2008-10-12 14:32 720,896 —-a-w f:windowsFontsSETB9.tmp
.((((((((((((((((((((((((((((( snapshot@2008-12-30_22.31.04,84 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-10-26 03:24:58 40,128 —-a-w f:windowssystem32perfc009.dat
+ 2008-12-30 19:38:26 40,128 —-a-w f:windowssystem32perfc009.dat
— 2008-10-26 03:24:58 49,552 —-a-w f:windowssystem32perfc019.dat
+ 2008-12-30 19:38:26 49,552 —-a-w f:windowssystem32perfc019.dat
— 2008-10-26 03:24:58 311,740 —-a-w f:windowssystem32perfh009.dat
+ 2008-12-30 19:38:26 311,740 —-a-w f:windowssystem32perfh009.dat
— 2008-10-26 03:24:58 346,452 —-a-w f:windowssystem32perfh019.dat
+ 2008-12-30 19:38:26 346,452 —-a-w f:windowssystem32perfh019.dat
+ 2009-01-03 11:00:47 16,384 —-atw f:windowsTempPerflib_Perfdata_518.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}]
%SystemRoot%system32vmmreg32.dll [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»f:windowssystem32ctfmon.exe» [2004-08-18 15360]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Windows Help Service»=»f:windowsSYSTEM32winhelp32.exe» [BU][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowsCurrentversionpoliciesexplorerRun]
«1»=»f:windowssystem32winhelp32.exe» [BU][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=vmmreg32.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVIDEO]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R1 aswSP;avast! Self Protection;f:windowssystem32driversaswSP.sys [2008-07-06 111184]
R1 VIDEO;VIDEO;??f:windowsSYSTEM32VIDEO.sys []
R2 aswFsBlk;aswFsBlk;f:windowssystem32DRIVERSaswFsBlk.sys [2008-07-06 20560]
R2 ICQ Service;ICQ Service;f:program filesICQ6ToolbarICQ Service.exe [2008-12-09 222456]
S0 Winjp51;Winjp51;f:windowssystem32DriversWinjp51.sys []
S1 ethjpdjf;ethjpdjf;f:windowssystem32driversethjpdjf.sys [2008-09-08 133728][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6700da14-3aae-11dd-9d30-aaf9eb0e268c}]
ShellAutocommand — fun.xls.exe
ShellAutoRuncommand — f:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
mStart Page = hxxp://www.google.com
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 19:49:34
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
f:windowsvmmreg32.dll 18944 bytes executable
f:windowsSYSTEM32webminVIDEO.bkp 30080 bytes executable
f:windowsSYSTEM32webminvmmreg32.bkp 249856 bytes executable
f:windowsSYSTEM32webminVIDEO.bkp 30080 bytes executable
f:windowsSYSTEM32webminvmmreg32.bkp 249856 bytes executable
f:windowssystem32webmin
f:windowssystem32VIDEO.sys 30080 bytes executable
f:windowssystem32vmmreg32.dll 249856 bytes executablescan completed successfully
hidden files: 8**************************************************************************
.
Completion time: 2009-01-03 19:50:37
ComboFix-quarantined-files.txt 2009-01-03 16:50:31
ComboFix2.txt 2008-12-30 19:31:44Pre-Run: 18 708 070 400 байт свободно
Post-Run: 19,030,958,080 байт свободно143
Да, компьютер заражен более серьезно..это точно.((
Но та проблема, скоторой сюда обратилась решилась.
И перетаскивании значка программа выдает ошибку, что установка не выполнена.
Как это понимать…
И знаете, вот еще одна проблема — часто зависает explorer.ComboFix 08-12-29.02 — lena 2008-12-30 21:59:51.1 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.255.88 [GMT 3:00]
Running from: f:documents and settingslenaРабочий столComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081230-0] *On-access scanning disabled* (Outdated)
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Autorun.inf
f:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
f:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
f:windowssystem32clrs.tmp
f:windowssystem32DelSelf.bat
f:windowssystem32drvhive.ocx
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
f:windowssystem32winlogon.exe . . . is infected!!.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.2008-12-27 20:58 . 2008-12-27 20:58
d
F:_OTMoveIt
2008-12-27 17:25 . 2008-12-27 17:26d
F:rsit
2008-12-27 17:25 . 2008-12-27 21:23d
f:program filestrend micro
2008-12-26 10:04 . 2008-12-26 10:05 163,840 —a
f:windowswin32_fpc.dll
2008-12-20 22:22 . 2008-12-27 22:34dr
F:M A S H A
2008-12-13 16:09 . 2008-12-13 16:09d
f:program filesYandex
2008-12-13 16:09 . 2008-12-13 16:09d
f:documents and settingslenaApplication DataYandex
2008-12-09 20:02 . 2008-12-09 20:02d
f:program filesICQ6Toolbar
2008-12-09 20:02 . 2008-12-09 20:02d
f:documents and settingsAll UsersApplication DataICQ
2008-12-09 20:00 . 2008-12-09 20:06d
f:program filesICQ6.5
2008-11-01 23:16 . 2008-11-01 23:16d
f:documents and settingslenaApplication DataDivX.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 14:36
d
w f:program filesEnglishTr
2008-12-20 16:26
d
w f:documents and settingslenaApplication DataICQ
2008-12-09 17:02
d—h—w f:program filesInstallShield Installation Information
2008-11-26 18:12
d
w f:documents and settingslenaApplication DatauTorrent
2008-10-16 11:13 202,776 —-a-w f:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w f:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w f:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w f:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w f:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w f:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w f:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w f:windowssystem32wups.dll
2008-10-12 14:50 7,569,408 —-a-w f:windowsFontsSET27A.tmp
2008-10-12 14:32 720,896 —-a-w f:windowsFontsSETB9.tmp
2008-09-21 05:33 2,560 —-a-w f:windows_MSRSTRT.EXE
2008-09-16 00:14 524,288 —-a-w f:windowssystem32DivXsm.exe
2008-09-16 00:14 3,596,288 —-a-w f:windowssystem32qt-dx331.dll
2008-09-16 00:12 81,920 —-a-w f:windowssystem32dpl100.dll
2008-09-16 00:12 593,920 —-a-w f:windowssystem32dpuGUI11.dll
2008-09-16 00:12 57,344 —-a-w f:windowssystem32dpv11.dll
2008-09-16 00:12 53,248 —-a-w f:windowssystem32dpuGUI10.dll
2008-09-16 00:12 344,064 —-a-w f:windowssystem32dpus11.dll
2008-09-16 00:12 294,912 —-a-w f:windowssystem32dpu11.dll
2008-09-16 00:12 294,912 —-a-w f:windowssystem32dpu10.dll
2008-09-16 00:12 200,704 —-a-w f:windowssystem32ssldivx.dll
2008-09-16 00:12 196,608 —-a-w f:windowssystem32dtu100.dll
2008-09-16 00:12 1,044,480 —-a-w f:windowssystem32libdivx.dll
2008-09-16 00:11 823,296 —-a-w f:windowssystem32divx_xx0c.dll
2008-09-16 00:11 823,296 —-a-w f:windowssystem32divx_xx07.dll
2008-09-16 00:11 815,104 —-a-w f:windowssystem32divx_xx0a.dll
2008-09-16 00:11 802,816 —-a-w f:windowssystem32divx_xx11.dll
2008-09-16 00:11 683,520 —-a-w f:windowssystem32DivX.dll
2008-09-16 00:11 161,096 —-a-w f:windowssystem32DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 —-a-w f:windowssystem32DivXWMPExtType.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «f:program filesYandexYandexBarIEyndbar.dll» [2008-12-12 3133216][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»f:windowssystem32ctfmon.exe» [2004-08-18 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=vmmreg32.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVIDEO]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R1 aswSP;avast! Self Protection;f:windowssystem32driversaswSP.sys [2008-07-06 111184]
R1 VIDEO;VIDEO;??f:windowsSYSTEM32VIDEO.sys []
R2 aswFsBlk;aswFsBlk;f:windowssystem32DRIVERSaswFsBlk.sys [2008-07-06 20560]
R2 ICQ Service;ICQ Service;f:program filesICQ6ToolbarICQ Service.exe [2008-12-09 222456]
S0 Winjp51;Winjp51;f:windowssystem32DriversWinjp51.sys []
S1 ethjpdjf;ethjpdjf;f:windowssystem32driversethjpdjf.sys [2008-09-08 133728]*Newly Created Service* — CATCHME
*Newly Created Service* — PROCEXP90
.
— — — — ORPHANS REMOVED — — — —BHO-{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD} — %SystemRoot%system32vmmreg32.dll
HKCU-Run-Windows Help Service — f:windowsSYSTEM32winhelp32.exe
HKCU-RunOnce-Windows Help Service — f:windowsSYSTEM32winhelp32.exe
HKLM-Run-Windows Help Service — f:windowsSYSTEM32winhelp32.exe
HKLM-RunServices-Windows Help Service — f:windowsSYSTEM32winhelp32.exe
HKLM-RunServicesOnce-Windows Help Service — f:windowsSYSTEM32winhelp32.exe
HKU-Default-Run-Windows Help Service — f:windowsSYSTEM32winhelp32.exe
HKU-Default-RunOnce-Windows Help Service — f:windowsSYSTEM32winhelp32.exe
HKLM-Explorer_Run-1 — f:windowsSYSTEM32winhelp32.exe.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
mStart Page = hxxp://www.google.com
TCP: {55DD82DA-9A60-4718-BE6D-BB10019C4D60} = 213.234.192.7 85.21.192.5
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 22:30:15
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
f:windowsvmmreg32.dll 18944 bytes executable
f:windowsSYSTEM32webminVIDEO.bkp 30080 bytes executable
f:windowsSYSTEM32webminvmmreg32.bkp 249856 bytes executable
f:windowsSYSTEM32webminVIDEO.bkp 30080 bytes executable
f:windowsSYSTEM32webminvmmreg32.bkp 249856 bytes executable
f:windowssystem32webmin
f:windowssystem32VIDEO.sys 30080 bytes executable
f:windowssystem32vmmreg32.dll 249856 bytes executablescan completed successfully
hidden files: 8**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(636)
f:windowssystem32vmmreg32.dll— — — — — — — > ‘lsass.exe'(728)
f:windowssystem32vmmreg32.dll
.
Completion time: 2008-12-30 22:31:42
ComboFix-quarantined-files.txt 2008-12-30 19:31:39Pre-Run: 6 712 684 544 байт свободно
Post-Run: 19,272,458,240 байт свободно151
Все сделала.
Спасибо, что помогаете.Вот Лог от OTMoveIt3 by OldTimer:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service VIDEO .
========== REGISTRY ==========
Unable to delete registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}\ .
Unable to delete registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Windows Help Service .
Unable to delete registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\1 .
Unable to delete registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Windows Help Service .
Unable to delete registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce\Windows Help Service .
Unable to set value : HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows\»AppInit_DLLS»|»» /E!
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinCtrl32\ not found.
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVIDEO\ .
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVIDEO\ .
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2C\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{34edf592-3449-11dd-945c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{34edf593-3449-11dd-945c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6700da14-3aae-11dd-9d30-aaf9eb0e268c}\ not found.
========== FILES ==========
File/Folder F:WINDOWSsystem32vmmreg32.dll not found.
File/Folder F:WINDOWSSYSTEM32winhelp32.exe not found.
File/Folder F:WINDOWSSYSTEM32WinCtrl32.dll not found.
File/Folder F:WINDOWSSYSTEM32VIDEO.sys not found.
File/Folder F:fun.xls.exe not found.
========== COMMANDS ==========
File delete failed. F:DOCUME~1lenaLOCALS~1Temp~DF1A3.tmp scheduled to be deleted on reboot.
File delete failed. F:DOCUME~1lenaLOCALS~1Temp~DF1CA6.tmp scheduled to be deleted on reboot.
File delete failed. F:DOCUME~1lenaLOCALS~1Temp~DF2D8F.tmp scheduled to be deleted on reboot.
File delete failed. F:DOCUME~1lenaLOCALS~1Temp~DFB3BB.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. F:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. F:WINDOWStemp_avast4_Webshlock.txt scheduled to be deleted on reboot.
File delete failed. F:WINDOWStempPerflib_Perfdata_558.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.7.2 log created on 12272008_210909
Новый Лог от RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by lena at 2008-12-27 21:23:38
Microsoft Windows XP Home Edition Service Pack 2
System drive F: has 7 GB (8%) free of 84 GB
Total RAM: 255 MB (22% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:47, on 27.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
F:WINDOWSSystem32smss.exe
F:WINDOWSsystem32winlogon.exe
F:WINDOWSsystem32services.exe
F:WINDOWSsystem32lsass.exe
F:WINDOWSsystem32svchost.exe
F:WINDOWSSystem32svchost.exe
F:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
F:Program FilesAlwil SoftwareAvast4ashServ.exe
F:WINDOWSExplorer.EXE
F:WINDOWSsystem32ctfmon.exe
F:WINDOWSsystem32spoolsv.exe
F:Program FilesICQ6ToolbarICQ Service.exe
F:WINDOWSsystem32svchost.exe
F:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
F:Program FilesAlwil SoftwareAvast4ashWebSv.exe
F:WINDOWSsystem32CAP3RSK.EXE
F:WINDOWSSYSTEM32SPOOLDRIVERSW32X863CAP3SWK.EXE
F:WINDOWSsystem32wuauclt.exe
F:WINDOWSsystem32wuauclt.exe
F:WINDOWSsystem32NOTEPAD.EXE
F:Documents and SettingslenaРабочий столRSIT.exe
F:Program Filestrend microlena.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40488
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — F:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: myiebho — {7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD} — %SystemRoot%system32vmmreg32.dll (file missing)
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — F:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — F:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe
O4 — HKLM..RunServices: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe
O4 — HKLM..RunServicesOnce: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe
O4 — HKCU..Run: [CTFMON.EXE] F:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe
O4 — HKCU..RunOnce: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe
O4 — HKLM..PoliciesExplorerRun: [1] F:WINDOWSSYSTEM32winhelp32.exe
O4 — HKUSS-1-5-19..Run: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [Windows Help Service] F:WINDOWSSYSTEM32winhelp32.exe (User ‘Default user’)
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — F:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — F:Program FilesMessengermsmsgs.exe
O18 — Filter hijack: text/html — {53B95212-7D77-11D2-9F80-00104B107C97} — F:WINDOWSwin32_fpc.dll
O20 — AppInit_DLLs: vmmreg32.dll
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — F:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — F:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — F:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — F:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — F:WINDOWSsystem32services.exe
O23 — Service: ICQ Service — Unknown owner — F:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — F:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — F:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — F:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — F:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — F:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — F:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — F:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — F:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5147 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}]
Windows Update Monitor bar — F:WINDOWSsystem32vmmreg32.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — F:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — F:Program FilesYandexYandexBarIEyndbar.dll [2008-12-12 3133216][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Help Service»=F:WINDOWSSYSTEM32winhelp32.exe [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«1»=F:WINDOWSSYSTEM32winhelp32.exe [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=F:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«Windows Help Service»=F:WINDOWSSYSTEM32winhelp32.exe [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Windows Help Service»=F:WINDOWSSYSTEM32winhelp32.exe [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»vmmreg32.dll»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVIDEO]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVIDEO]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«F:WINDOWSexplorer.exe»=»F:WINDOWSexplorer.exe:*:Enabled:Windows Explorer»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2008-12-27 20:58:12 —-D—- F:_OTMoveIt
2008-12-27 20:54:06 —-RASHD—- F:autorun.inf
2008-12-27 17:25:26 —-D—- F:Program Filestrend micro
2008-12-27 17:25:25 —-D—- F:rsit
2008-12-26 10:04:35 —-A—- F:WINDOWSwin32_fpc.dll
2008-12-20 22:22:16 —-RD—- F:M A S H A
2008-12-13 16:09:04 —-D—- F:Program FilesYandex
2008-12-13 16:09:01 —-D—- F:Documents and SettingslenaApplication DataYandex
2008-12-09 20:02:32 —-D—- F:Program FilesICQ6Toolbar
2008-12-09 20:02:23 —-D—- F:Documents and SettingsAll UsersApplication DataICQ
2008-12-09 20:00:01 —-D—- F:Program FilesICQ6.5======List of files/folders modified in the last 1 months======
2008-12-27 21:23:39 —-D—- F:WINDOWSsystem32
2008-12-27 21:21:14 —-D—- F:WINDOWSTemp
2008-12-27 21:19:57 —-A—- F:WINDOWSSchedLgU.Txt
2008-12-27 20:58:20 —-D—- F:WINDOWSPrefetch
2008-12-27 17:36:13 —-D—- F:Program FilesEnglishTr
2008-12-27 17:25:26 —-RD—- F:Program Files
2008-12-27 01:24:58 —-D—- F:WINDOWSsystem32CatRoot2
2008-12-26 10:04:35 —-D—- F:WINDOWS
2008-12-20 19:26:00 —-D—- F:Documents and SettingslenaApplication DataICQ
2008-12-13 16:09:12 —-SD—- F:WINDOWSDownloaded Program Files
2008-12-09 20:02:23 —-HD—- F:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; F:WINDOWSsystem32driversAavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; F:WINDOWSsystem32driversaswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; F:WINDOWSsystem32driversaswTdi.sys [2008-11-26 50864]
R1 intelppm;Драйвер Intel процессора; F:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 VIDEO;VIDEO; ??F:WINDOWSSYSTEM32VIDEO.sys []
R2 aswFsBlk;aswFsBlk; F:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; F:WINDOWSsystem32driversaswMon2.sys [2008-11-26 94032]
R2 HASPNT;HaspNT; ??F:WINDOWSsystem32haspnt.sys []
R3 aswRdr;aswRdr; F:WINDOWSsystem32driversaswRdr.sys [2008-11-26 23152]
R3 cmpci;C-Media PCI Audio Driver (WDM); F:WINDOWSsystem32driverscmaudio.sys [2001-10-22 280846]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; F:WINDOWSsystem32driversMODEMCSA.sys [2001-08-18 16128]
R3 nv;nv; F:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; F:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 usbhub;USB2 концентратор; F:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-18 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; F:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-18 20480]
S1 ethjpdjf;ethjpdjf; F:WINDOWSsystem32driversethjpdjf.sys [2008-09-08 133728]
S3 usbprint;Класс принтеров Microsoft USB; F:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; F:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; F:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; F:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; F:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-11-26 155160]
R2 ICQ Service;ICQ Service; F:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R3 avast! Mail Scanner;avast! Mail Scanner; F:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; F:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-11-26 352920]
EOF
