Созданные ответы форума
-
Сообщения
-
Вроде неплохо) Но я так понимаю, что никакой антивирус не гарантирует ибежания подобных проблем?
ComboFix 09-02-24.02 — Наталия Новикова 2009-02-25 11:11:12.6 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.252 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаталия НовиковаРабочий столCFScript.txt
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.2009-02-21 16:14 . 2009-02-21 16:14
d—-c— c:program filesByte Software
2009-02-04 19:08 . 2009-02-04 19:08 107,888 —a—c— c:windowssystem32CmdLineExt.dll
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowssystem32AGEIA
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesCommon FilesWise Installation Wizard
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesAGEIA Technologies
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsAll Users.WINDOWSApplication DataActivision
2009-01-29 18:27 . 2009-01-29 18:27d—-c— c:program filesActivision
2009-01-29 16:20 . 2009-01-29 16:19 502,368 —a—c— c:windowssystem32driversamon.sys
2009-01-29 16:20 . 2009-01-29 16:19 274,432 —a—c— c:windowssystem32imon.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 07:01
dc—-w c:program filesCommon FilesInstallShield
2009-02-19 07:35
dc—-w c:program filestrend micro
2009-02-04 17:52
dc—-w c:program filesMalwarebytes’ Anti-Malware
2009-02-04 17:28
dc—-w c:program filesESET
2009-02-04 16:33
dc-h—w c:program filesInstallShield Installation Information
2009-01-20 15:06 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2009-01-20 15:06 103,736 -c—a-w c:windowssystem32PnkBstrB.exe
2009-01-19 20:41
dc—-w c:program filesReflexiveArcade
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2009-01-15 12:11
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataNero
2009-01-10 04:51
dc—-w c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 03:49
dc—-w c:program filesK-Lite Codec Pack
2008-12-29 20:08
dc—-w c:program filesEnigma Software Group
2008-12-29 16:58
dc—-w c:program filesCommon FilesDownload Manager
2008-12-29 15:01
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-28 20:07 0 -c—a-w c:windowssystem32driversae9fec7d.sys
2008-12-28 20:07 0 -c—a-w c:windowssystem32drivers346d0bc6.sys
2008-12-28 19:12
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-03 15:40 66,872 -c—a-w c:windowssystem32PnkBstrA.exe
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
.((((((((((((((((((((((((((((( snapshot_2009-02-04_20.30.16,64 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-01-09 20:49:03 188,200 -c—a-w c:windowssystem32FNTCACHE.DAT
+ 2009-02-19 15:12:50 192,976 -c—a-w c:windowssystem32FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-29 921600]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys —> c:windowssystem32driversmbamswissarmy.sys [?]
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windowssystem32imon.dll
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 11:13:19
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(632)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(688)
c:windowssystem32imon.dll
.
Completion time: 2009-02-25 11:14:31
ComboFix-quarantined-files.txt 2009-02-25 08:14:28
ComboFix2.txt 2009-02-15 16:37:53
ComboFix3.txt 2009-02-04 17:31:02
ComboFix4.txt 2009-01-21 05:07:52
ComboFix5.txt 2009-02-25 08:07:25Pre-Run: 3 500 556 288 байт свободно
Post-Run: 3,724,619,776 байт свободно121 — E O F — 2009-01-04 04:03:06
ComboFix 09-02-14.01 — Наталия Новикова 2009-02-15 19:30:30.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.249 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаталия НовиковаРабочий столCFScript.txt
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsНаталия НовиковаApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus 2009.lnk
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsНаталия НовиковаLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsLocalService.NT AUTHORITY.000Application Data638097440.exe
c:documents and settingsLocalService.NT AUTHORITY.000Application Data850119343.exe
c:windowssystem32win32x.exe
c:windowssystem32wpv201229976527.cpx
c:windowssystem32wpv401229732545.cpx
c:windowssystem32wpv981229732464.cpx.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_CBEVTSVC
Legacy_WIN32X
Service_CbEvtSvc((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.2009-02-05 19:39 . 2009-02-05 20:09
d—-c— c:documents and settingsНаталия НовиковаApplication DataTMNT
2009-02-04 19:08 . 2009-02-04 19:08 107,888 —a—c— c:windowssystem32CmdLineExt.dll
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowssystem32AGEIA
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesCommon FilesWise Installation Wizard
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesAGEIA Technologies
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsAll Users.WINDOWSApplication DataActivision
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsНаталия НовиковаApplication DataActivision
2009-01-29 18:27 . 2009-01-29 18:27d—-c— c:program filesActivision
2009-01-29 16:20 . 2009-01-29 16:19 502,368 —a—c— c:windowssystem32driversamon.sys
2009-01-29 16:20 . 2009-01-29 16:19 274,432 —a—c— c:windowssystem32imon.dll
2009-01-19 23:42 . 2009-01-19 23:42d—-c— C:GameRival
2009-01-19 23:41 . 2009-01-19 23:41d—-c— c:program filesReflexiveArcade
2009-01-15 15:11 . 2009-01-15 15:11d—-c— c:documents and settingsAll Users.WINDOWSApplication DataNero .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 17:52
dc—-w c:program filesMalwarebytes’ Anti-Malware
2009-02-04 17:28
dc—-w c:program filesESET
2009-02-04 16:33
dc-h—w c:program filesInstallShield Installation Information
2009-01-20 15:06 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2009-01-10 04:51
dc—-w c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 03:49
dc—-w c:program filesK-Lite Codec Pack
2009-01-09 20:52
dc—-w c:program filestrend micro
2008-12-29 20:08
dc—-w c:program filesEnigma Software Group
2008-12-29 16:58
dc—-w c:program filesCommon FilesDownload Manager
2008-12-29 15:01
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-28 20:07 0 -c—a-w c:windowssystem32driversae9fec7d.sys
2008-12-28 20:07 0 -c—a-w c:windowssystem32drivers346d0bc6.sys
2008-12-28 19:12
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
2008-11-24 16:04 606,848 -c—a-w c:windowsflashax.exe
2008-11-24 16:04 194,560 -c—a-w c:windowsASUS_Ai_Proactive_Screensaver (E).scr
2008-11-24 16:04 12,288 -c—a-w c:windowsimpborl.dll
.((((((((((((((((((((((((((((( snapshot_2009-02-04_20.30.16,64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-24 12:25:25 65,448 -c—a-w c:windowssystem32driverspe3ajzsb.sys
+ 2007-03-24 12:25:02 52,152 -c—a-w c:windowssystem32driversps6ajzsb.sys
+ 2007-03-24 12:25:46 407,208 -c—a-w c:windowssystem32pr2ajzsb.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-29 921600]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=R0 pe3ajzsb;TMNT.Teenage Mutant Ninja Turtles Environment Driver (pe3ajzsb);c:windowssystem32driverspe3ajzsb.sys [2007-03-24 65448]
R0 ps6ajzsb;TMNT.Teenage Mutant Ninja Turtles Synchronization Driver (ps6ajzsb);c:windowssystem32driversps6ajzsb.sys [2007-03-24 52152]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
S2 pr2ajzsb;TMNT.Teenage Mutant Ninja Turtles Drivers Auto Removal (pr2ajzsb);c:windowssystem32pr2ajzsb.exe svc —> c:windowssystem32pr2ajzsb.exe svc [?]
S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys —> c:windowssystem32driversmbamswissarmy.sys [?][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}]
ShellAutoRuncommand — H:
ShellopenCommand — rundll32.exe .\nsdll.dll,InstallM
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windowssystem32imon.dll
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 19:35:49
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(648)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(704)
c:windowssystem32imon.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesESETnod32krn.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32ufdsvc.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-15 19:37:51 — machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 16:37:48
ComboFix2.txt 2009-02-04 17:31:02
ComboFix3.txt 2009-01-21 05:07:52
ComboFix4.txt 2009-01-16 20:14:59
ComboFix5.txt 2009-02-15 16:27:55Pre-Run: 3 547 168 768 байт свободно
Post-Run: 3,799,842,816 байт свободно174 — E O F — 2009-01-04 04:03:06
ComboFix 09-01-15.01 — Наталия Новикова 2009-02-04 20:28:23.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.293 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Outdated)
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowsIE4 Error Log.txt
c:windowswiaserviv.log.
((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.2009-02-04 19:08 . 2009-02-04 19:08 107,888 —a—c— c:windowssystem32CmdLineExt.dll
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowssystem32AGEIA
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:windowsLastGood
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesCommon FilesWise Installation Wizard
2009-02-04 19:07 . 2009-02-04 19:07d—-c— c:program filesAGEIA Technologies
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsAll Users.WINDOWSApplication DataActivision
2009-01-29 18:39 . 2009-01-29 18:39d—-c— c:documents and settingsНаталия НовиковаApplication DataActivision
2009-01-29 18:27 . 2009-01-29 18:27d—-c— c:program filesActivision
2009-01-29 16:20 . 2009-01-29 16:19 502,368 —a—c— c:windowssystem32driversamon.sys
2009-01-29 16:20 . 2009-01-29 16:19 274,432 —a—c— c:windowssystem32imon.dll
2009-01-19 23:42 . 2009-01-19 23:42d—-c— C:GameRival
2009-01-19 23:41 . 2009-01-19 23:41d—-c— c:program filesReflexiveArcade
2009-01-15 15:11 . 2009-01-15 15:11d—-c— c:documents and settingsAll Users.WINDOWSApplication DataNero
2009-01-10 06:52 . 2009-01-10 07:51d—-c— c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 06:49 . 2009-01-10 06:49d—-c— c:program filesK-Lite Codec Pack
2009-01-10 06:49 . 2006-05-25 00:47 3,596,288 —a—c— c:windowssystem32qt-dx331.dll
2009-01-10 06:49 . 2006-06-21 12:42 1,044,480 —a—c— c:windowssystem32libdivx.dll
2009-01-10 06:49 . 2006-04-20 16:00 856,064 —a—c— c:windowssystem32xvidcore.dll
2009-01-10 06:49 . 2006-07-03 23:40 620,180 —a—c— c:windowssystem32divx.dll
2009-01-10 06:49 . 2006-08-22 21:53 594,450 —a—c— c:windowssystem32x264vfw.dll
2009-01-10 06:49 . 2006-02-27 15:30 217,088 —a—c— c:windowssystem32xvidvfw.dll
2009-01-10 06:49 . 2006-06-21 12:42 200,704 —a—c— c:windowssystem32ssldivx.dll
2009-01-10 06:49 . 2006-05-25 00:46 200,704 —a—c— c:windowssystem32dtu100.dll
2009-01-10 06:49 . 2006-05-13 23:16 118,784 —a—c— c:windowssystem32ac3acm.acm
2009-01-10 06:49 . 2006-04-08 03:13 90,112 —a—c— c:windowssystem32dpl100.dll
2009-01-10 06:49 . 2006-07-05 20:02 5,120 —a—c— c:windowssystem32ff_vfw.dll
2009-01-10 06:49 . 2005-02-24 18:56 547 —a—c— c:windowssystem32ff_vfw.dll.manifest
2009-01-09 23:39 . 2009-01-09 23:39d—-c— C:_OTMoveIt
2009-01-04 23:40 . 2009-01-04 23:41d—-c— C:rsit
2009-01-04 23:40 . 2009-01-09 23:52d—-c— c:program filestrend micro .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 17:28
dc—-w c:program filesESET
2009-02-04 16:33
dc-h—w c:program filesInstallShield Installation Information
2009-01-20 15:06 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2009-01-20 15:06 103,736 -c—a-w c:windowssystem32PnkBstrB.exe
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2009-01-01 17:15
dc—-w c:program filesMalwarebytes’ Anti-Malware
2008-12-30 07:15 32,824 -c—a-w c:documents and settingsLocalService.NT AUTHORITY.000Application Data638097440.exe
2008-12-29 20:08
dc—-w c:program filesEnigma Software Group
2008-12-29 16:58
dc—-w c:program filesCommon FilesDownload Manager
2008-12-29 15:01
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-28 20:07 0 -c—a-w c:windowssystem32driversae9fec7d.sys
2008-12-28 20:07 0 -c—a-w c:windowssystem32drivers346d0bc6.sys
2008-12-28 19:12
dc—-w c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-24 12:20 50,960 -c—a-w c:documents and settingsLocalService.NT AUTHORITY.000Application Data850119343.exe
2008-12-03 15:40 66,872 -c—a-w c:windowssystem32PnkBstrA.exe
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
2008-11-24 16:04 606,848 -c—a-w c:windowsflashax.exe
2008-11-24 16:04 194,560 -c—a-w c:windowsASUS_Ai_Proactive_Screensaver (E).scr
2008-11-24 16:04 12,288 -c—a-w c:windowsimpborl.dll
.((((((((((((((((((((((((((((( snapshot@2009-01-14_22.36.57,89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 16:03:07 68,608 -c—a-w c:windowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
+ 2009-02-04 16:03:16 72,192 -c—a-w c:windowsassemblyGAC_32ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
+ 2009-02-04 16:03:17 4,308,992 -c—a-w c:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
+ 2009-02-04 16:03:18 482,304 -c—a-w c:windowsassemblyGAC_32System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
+ 2009-02-04 16:03:13 2,878,976 -c—a-w c:windowsassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll
+ 2009-02-04 16:03:03 258,048 -c—a-w c:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
+ 2009-02-04 16:03:03 114,176 -c—a-w c:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
+ 2009-02-04 16:03:22 260,096 -c—a-w c:windowsassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
+ 2009-02-04 16:03:10 5,025,792 -c—a-w c:windowsassemblyGAC_32System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll
+ 2009-02-04 16:03:06 10,752 -c—a-w c:windowsassemblyGAC_MSILAccessibility2.0.0.0__b03f5f7f11d50a3aAccessibility.dll
+ 2009-02-04 16:03:03 503,808 -c—a-w c:windowsassemblyGAC_MSILAspNetMMCExt2.0.0.0__b03f5f7f11d50a3aAspNetMMCExt.dll
+ 2009-02-04 16:03:04 13,312 -c—a-w c:windowsassemblyGAC_MSILcscompmgd8.0.0.0__b03f5f7f11d50a3acscompmgd.dll
+ 2009-02-04 16:03:15 8,192 -c—a-w c:windowsassemblyGAC_MSILIEExecRemote2.0.0.0__b03f5f7f11d50a3aIEExecRemote.dll
+ 2009-02-04 16:03:15 36,864 -c—a-w c:windowsassemblyGAC_MSILIEHost2.0.0.0__b03f5f7f11d50a3aIEHost.dll
+ 2009-02-04 16:03:15 5,632 -c—a-w c:windowsassemblyGAC_MSILIIEHost2.0.0.0__b03f5f7f11d50a3aIIEHost.dll
+ 2009-02-04 16:03:05 413,696 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Engine2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Engine.dll
+ 2009-02-04 16:03:05 36,864 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Framework2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Framework.dll
+ 2009-02-04 16:03:05 647,168 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Tasks2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Tasks.dll
+ 2009-02-04 16:03:06 73,728 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Build.Utilities2.0.0.0__b03f5f7f11d50a3aMicrosoft.Build.Utilities.dll
+ 2009-02-04 16:03:04 745,472 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.JScript8.0.0.0__b03f5f7f11d50a3aMicrosoft.JScript.dll
+ 2009-02-04 16:03:24 110,592 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility.Data8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.Data.dll
+ 2009-02-04 16:03:24 372,736 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Compatibility8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Compatibility.dll
+ 2009-02-04 16:03:01 28,672 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.Vsa.dll
+ 2009-02-04 16:03:23 667,648 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.dll
+ 2009-02-04 16:03:25 5,632 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.VisualC8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualC.Dll
+ 2009-02-04 16:03:02 12,800 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Vsa.Vb.CodeDOMProcessor8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-02-04 16:03:02 32,768 -c—a-w c:windowsassemblyGAC_MSILMicrosoft.Vsa8.0.0.0__b03f5f7f11d50a3aMicrosoft.Vsa.dll
+ 2009-02-04 16:03:02 7,168 -c—a-w c:windowsassemblyGAC_MSILMicrosoft_VsaVb8.0.0.0__b03f5f7f11d50a3aMicrosoft_VsaVb.dll
+ 2009-02-04 16:03:20 110,592 -c—a-w c:windowsassemblyGAC_MSILsysglobl2.0.0.0__b03f5f7f11d50a3asysglobl.dll
+ 2009-02-04 16:03:07 81,920 -c—a-w c:windowsassemblyGAC_MSILSystem.Configuration.Install2.0.0.0__b03f5f7f11d50a3aSystem.Configuration.Install.dll
+ 2009-02-04 16:03:20 389,120 -c—a-w c:windowsassemblyGAC_MSILSystem.Configuration2.0.0.0__b03f5f7f11d50a3aSystem.configuration.dll
+ 2009-02-04 16:03:18 716,800 -c—a-w c:windowsassemblyGAC_MSILSystem.Data.SqlXml2.0.0.0__b77a5c561934e089System.Data.SqlXml.dll
+ 2009-02-04 16:03:04 884,736 -c—a-w c:windowsassemblyGAC_MSILSystem.Deployment2.0.0.0__b03f5f7f11d50a3aSystem.Deployment.dll
+ 2009-02-04 16:03:14 5,050,368 -c—a-w c:windowsassemblyGAC_MSILSystem.Design2.0.0.0__b03f5f7f11d50a3aSystem.Design.dll
+ 2009-02-04 16:03:08 188,416 -c—a-w c:windowsassemblyGAC_MSILSystem.DirectoryServices.Protocols2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.Protocols.dll
+ 2009-02-04 16:03:08 397,312 -c—a-w c:windowsassemblyGAC_MSILSystem.DirectoryServices2.0.0.0__b03f5f7f11d50a3aSystem.DirectoryServices.dll
+ 2009-02-04 16:03:09 81,920 -c—a-w c:windowsassemblyGAC_MSILSystem.Drawing.Design2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.Design.dll
+ 2009-02-04 16:03:22 700,416 -c—a-w c:windowsassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.dll
+ 2009-02-04 16:03:19 368,640 -c—a-w c:windowsassemblyGAC_MSILSystem.Management2.0.0.0__b03f5f7f11d50a3aSystem.Management.dll
+ 2009-02-04 16:03:22 258,048 -c—a-w c:windowsassemblyGAC_MSILSystem.Messaging2.0.0.0__b03f5f7f11d50a3aSystem.Messaging.dll
+ 2009-02-04 16:03:19 299,008 -c—a-w c:windowsassemblyGAC_MSILSystem.Runtime.Remoting2.0.0.0__b77a5c561934e089System.Runtime.Remoting.dll
+ 2009-02-04 16:03:19 131,072 -c—a-w c:windowsassemblyGAC_MSILSystem.Runtime.Serialization.Formatters.Soap2.0.0.0__b03f5f7f11d50a3aSystem.Runtime.Serialization.Formatters.Soap.dll
+ 2009-02-04 16:03:06 258,048 -c—a-w c:windowsassemblyGAC_MSILSystem.Security2.0.0.0__b03f5f7f11d50a3aSystem.Security.dll
+ 2009-02-04 16:03:09 114,688 -c—a-w c:windowsassemblyGAC_MSILSystem.ServiceProcess2.0.0.0__b03f5f7f11d50a3aSystem.ServiceProcess.dll
+ 2009-02-04 16:03:23 835,584 -c—a-w c:windowsassemblyGAC_MSILSystem.Web.Mobile2.0.0.0__b03f5f7f11d50a3aSystem.Web.Mobile.dll
+ 2009-02-04 16:03:10 86,016 -c—a-w c:windowsassemblyGAC_MSILSystem.Web.RegularExpressions2.0.0.0__b03f5f7f11d50a3aSystem.Web.RegularExpressions.dll
+ 2009-02-04 16:03:11 823,296 -c—a-w c:windowsassemblyGAC_MSILSystem.Web.Services2.0.0.0__b03f5f7f11d50a3aSystem.Web.Services.dll
+ 2009-02-04 16:03:11 5,316,608 -c—a-w c:windowsassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.dll
+ 2009-02-04 16:03:12 2,035,712 -c—a-w c:windowsassemblyGAC_MSILSystem.Xml2.0.0.0__b77a5c561934e089System.XML.dll
+ 2009-02-04 16:03:21 3,018,752 -c—a-w c:windowsassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.dll
+ 2009-02-04 16:19:29 26,624 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Accessibilityce97e30a1151174391787d49f570e207Accessibility.ni.dll
+ 2009-02-04 16:19:34 860,160 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32AspNetMMCExtee6bf282ef0e664f8541a2755af9859bAspNetMMCExt.ni.dll
+ 2009-02-04 16:19:35 237,568 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32CustomMarshalers8134401614e19b4a824218e529f986eaCustomMarshalers.ni.dll
+ 2009-02-04 16:19:34 15,360 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32dfsvcc3fdca1fcf8d9745a3e85c6c78438008dfsvc.ni.exe
+ 2009-02-04 16:19:38 880,640 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Eng#1e731cfc58a9bb429c2bc4fe23ea9346Microsoft.Build.Engine.ni.dll
+ 2009-02-04 16:19:38 81,920 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Fra#8252f72d077f2c4fadbf8f30a3117f10Microsoft.Build.Framework.ni.dll
+ 2009-02-04 16:19:43 1,691,648 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Tas#b24202b978c29d489319e716b18ec945Microsoft.Build.Tasks.ni.dll
+ 2009-02-04 16:19:45 163,840 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.Build.Uti#9d4d1ee605e16b40ad022090c08a64f1Microsoft.Build.Utilities.ni.dll
+ 2009-02-04 16:19:49 1,724,416 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.VisualBas#94d5d0de9dc52849ba272e6693298e79Microsoft.VisualBasic.ni.dll
+ 2009-02-04 16:04:02 11,415,552 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32mscorlib068c28baccba57429cb1517f69ed867bmscorlib.ni.dll
+ 2009-02-04 16:19:51 962,560 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Configuration0cb49a80e9e8654f830020b9c2c414b5System.Configuration.ni.dll
+ 2009-02-04 16:05:30 6,688,768 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Data81bdde0527c1d244b769dc8514f7271aSystem.Data.ni.dll
+ 2009-02-04 16:19:54 1,712,128 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Deployment9d0ee160b81b634094e4c8f826b79630System.Deployment.ni.dll
+ 2009-02-04 16:05:55 10,723,328 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Designa0fa8e633c28154ca0c00e9d86c3e825System.Design.ni.dll
+ 2009-02-04 16:19:56 1,220,608 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.DirectorySer#94fe140370e7a6429261df55acbb9a08System.DirectoryServices.ni.dll
+ 2009-02-04 16:19:58 512,000 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.DirectorySer#cbe4073b55eef94985758a955a17003cSystem.DirectoryServices.Protocols.ni.dll
+ 2009-02-04 16:04:30 229,376 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Drawing.Desi#4fc5f939ebb2644da1047318db09a9b6System.Drawing.Design.ni.dll
+ 2009-02-04 16:04:35 1,626,112 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Drawingbbc4e6248d9f8044acdfc93a183ae63fSystem.Drawing.ni.dll
+ 2009-02-04 16:20:00 659,456 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#14b65120f3fcb94a9507ae0c7190e17bSystem.EnterpriseServices.ni.dll
+ 2009-02-04 16:20:00 294,912 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.EnterpriseSe#14b65120f3fcb94a9507ae0c7190e17bSystem.EnterpriseServices.Wrapper.dll
+ 2009-02-04 16:20:01 729,088 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Security7beb54a54ce5dd40a86d980070c97e4eSystem.Security.ni.dll
+ 2009-02-04 16:20:03 684,032 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Transactionse6fcff4fa0c3ea4eaedd09daf92297d9System.Transactions.ni.dll
+ 2009-02-04 16:20:35 2,310,144 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Web.Mobilea0f849181ed9f64da8e8d2ec7350fc82System.Web.Mobile.ni.dll
+ 2009-02-04 16:20:37 237,568 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Web.RegularE#80796faa3ca63e47a4562c7e13665468System.Web.RegularExpressions.ni.dll
+ 2009-02-04 16:20:41 1,945,600 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Web.Servicesa4a06b5390d2e34c9429761d541abc8bSystem.Web.Services.ni.dll
+ 2009-02-04 16:20:29 11,808,768 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Weba14f6fb205f4b84dbfc18b198b95896eSystem.Web.ni.dll
+ 2009-02-04 16:05:00 13,107,200 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms4f34d50b320ed841b4dcdfd2ea882957System.Windows.Forms.ni.dll
+ 2009-02-04 16:05:14 5,640,192 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System.Xmlf78201119fb37940aaa3a5ce89855931System.Xml.ni.dll
+ 2009-02-04 16:04:26 8,093,696 -c—a-w c:windowsassemblyNativeImages_v2.0.50727_32System97498259280e884ca355004440b8a22cSystem.ni.dll
+ 2005-10-20 17:02:28 163,328 -c—a-w c:windowsERDNTsubsERDNT.EXE
+ 2009-01-15 12:15:01 25,214 -c—a-r c:windowsInstaller{99B2B571-53D7-47C3-835D-9A4EFF351049}ARPPRODUCTICON.exe
+ 2009-01-29 15:38:36 16,958 -c—a-r c:windowsInstaller{BDA6A019-2695-4AE1-88CE-EE7801BD41AA}ARPPRODUCTICON.exe
+ 2006-09-28 13:05:20 2,414,360 -c—a-w c:windowsLastGoodsystem32d3dx9_31.dll
+ 2007-04-04 15:53:42 81,768 -c—a-w c:windowsLastGoodsystem32xinput1_3.dll
+ 2005-09-23 04:28:52 72,704 -c—a-w c:windowsMicrosoft.NETFrameworkNETFXSBS10.exe
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_diasymreader.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_iehost.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_microsoft.jscript.dll
+ 2005-09-23 04:29:04 5,632 -c—a-w c:windowsMicrosoft.NETFrameworksbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_mscordbi.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_mscorrc.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_mscorsec.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_system.configuration.install.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_system.data.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_system.enterpriseservices.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_VsaVb7rt.dll
+ 2005-09-23 04:29:04 5,120 -c—a-w c:windowsMicrosoft.NETFrameworksbs_wminet_utils.dll
+ 2005-09-23 04:28:52 7,680 -c—a-w c:windowsMicrosoft.NETFrameworksbscmp10.dll
+ 2005-09-23 04:28:56 7,680 -c—a-w c:windowsMicrosoft.NETFrameworksbscmp20_mscorwks.dll
+ 2005-09-23 04:28:58 7,680 -c—a-w c:windowsMicrosoft.NETFrameworksbscmp20_perfcounter.dll
+ 2005-09-23 04:28:56 7,680 -c—a-w c:windowsMicrosoft.NETFrameworkSharedReg12.dll
+ 2005-09-23 04:28:36 18,944 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033alinkui.dll
+ 2005-09-23 04:28:42 136,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033cscompui.dll
+ 2005-09-23 04:28:44 4,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033CvtResUI.dll
+ 2005-09-23 04:29:04 183,808 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033vbc7ui.dll
+ 2005-09-23 04:28:28 208,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.507271033Vsavb7rtUI.dll
+ 2005-09-23 04:28:56 10,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Accessibility.dll
+ 2005-09-23 04:28:58 138,240 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727AdoNetDiag.dll
+ 2005-09-23 04:28:36 87,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727alink.dll
+ 2005-09-23 04:28:58 55,488 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727AppLaunch.exe
+ 2005-09-23 04:28:32 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_compiler.exe
+ 2005-09-23 04:28:32 10,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_filter.dll
+ 2005-09-23 04:28:32 8,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_isapi.dll
+ 2005-09-23 04:28:32 23,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Aspnet_perf.dll
+ 2005-09-23 04:28:32 70,656 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_rc.dll
+ 2005-09-23 04:28:32 13,824 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regbrowsers.exe
+ 2005-09-23 04:28:32 26,824 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe
+ 2005-09-23 04:28:32 106,496 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regsql.exe
+ 2005-09-23 04:28:32 29,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe
+ 2005-09-23 04:28:32 29,888 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_wp.exe
+ 2005-09-23 04:28:32 503,808 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727AspNetMMCExt.dll
+ 2005-09-23 04:28:56 106,496 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727CasPol.exe
+ 2005-09-23 04:28:56 88,576 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727CORPerfMonExt.dll
+ 2005-09-23 04:28:42 76,984 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727csc.exe
+ 2005-09-23 04:28:42 1,144,832 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727cscomp.dll
+ 2005-09-23 04:28:42 13,312 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727cscompmgd.dll
+ 2005-09-23 04:28:58 17,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Culture.dll
+ 2005-09-23 04:28:56 68,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727CustomMarshalers.dll
+ 2005-09-23 04:28:44 31,936 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727cvtres.exe
+ 2005-09-23 04:28:38 52,736 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727dfdll.dll
+ 2005-09-23 04:28:38 4,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727dfsvc.exe
+ 2005-09-23 04:29:12 547,840 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727diasymreader.dll
+ 2005-09-23 04:28:56 788,992 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727EventLogMessages.dll
+ 2005-09-23 04:28:50 9,216 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727fusion.dll
+ 2005-09-23 04:28:56 9,728 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IEExec.exe
+ 2005-09-23 04:28:56 8,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IEExecRemote.dll
+ 2005-09-23 04:28:56 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IEHost.dll
+ 2005-09-23 04:28:56 5,632 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727IIEHost.dll
+ 2005-09-23 04:28:56 224,952 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ilasm.exe
+ 2005-09-23 04:28:56 28,672 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727InstallUtil.exe
+ 2005-09-23 04:28:56 55,296 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727InstallUtilLib.dll
+ 2005-09-23 04:28:56 72,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ISymWrapper.dll
+ 2005-09-23 04:28:48 40,960 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727jsc.exe
+ 2005-09-23 04:01:16 609,472 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
+ 2005-09-23 03:29:48 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1025.dll
+ 2005-09-23 03:32:24 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1028.dll
+ 2005-09-23 03:34:10 82,944 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1029.dll
+ 2005-09-23 03:34:12 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1030.dll
+ 2005-09-23 03:34:44 85,504 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1031.dll
+ 2005-09-23 03:36:24 87,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1032.dll
+ 2005-09-23 00:46:14 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1033.dll
+ 2005-09-23 03:38:26 81,408 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1035.dll
+ 2005-09-23 03:38:52 86,016 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1036.dll
+ 2005-09-23 03:40:30 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1037.dll
+ 2005-09-23 03:40:32 83,968 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1038.dll
+ 2005-09-23 03:40:56 84,480 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1040.dll
+ 2005-09-23 03:42:58 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1041.dll
+ 2005-09-23 03:44:58 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1042.dll
+ 2005-09-23 03:46:38 83,456 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1043.dll
+ 2005-09-23 03:46:38 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1044.dll
+ 2005-09-23 03:46:40 83,456 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1045.dll
+ 2005-09-23 03:47:04 82,432 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1046.dll
+ 2005-09-23 03:47:30 82,432 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1049.dll
+ 2005-09-23 03:47:32 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1053.dll
+ 2005-09-23 03:47:32 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.1055.dll
+ 2005-09-23 03:30:18 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.2052.dll
+ 2005-09-23 03:47:06 84,480 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.2070.dll
+ 2005-09-23 03:29:50 80,896 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.3076.dll
+ 2005-09-23 03:36:48 85,504 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.res.3082.dll
+ 2005-09-23 04:57:06 245,408 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0unicows.dll
+ 2005-09-23 04:28:48 413,696 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Engine.dll
+ 2005-09-23 04:28:48 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Framework.dll
+ 2005-09-23 04:28:48 647,168 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Tasks.dll
+ 2005-09-23 04:28:48 73,728 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Build.Utilities.dll
+ 2005-09-23 04:28:48 745,472 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.JScript.dll
+ 2005-09-23 04:29:10 110,592 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 04:29:10 372,736 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 04:29:08 667,648 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.dll
+ 2005-09-23 04:28:30 28,672 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 04:29:10 5,632 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.VisualC.Dll
+ 2005-09-23 04:28:30 32,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Vsa.dll
+ 2005-09-23 04:28:30 12,800 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 04:28:30 7,168 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727Microsoft_VsaVb.dll
+ 2005-09-23 04:28:32 87,552 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727MmcAspExt.dll
+ 2005-09-23 04:28:48 69,632 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727MSBuild.exe
+ 2005-09-23 04:28:56 800,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscordacwks.dll
+ 2005-09-23 04:28:56 73,216 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscordbc.dll
+ 2005-09-23 04:28:56 288,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscordbi.dll
+ 2005-09-23 04:28:56 36,864 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorie.dll
+ 2005-09-23 04:28:56 326,144 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorjit.dll
+ 2005-09-23 04:28:56 81,408 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorld.dll
+ 2005-09-23 04:28:56 4,308,992 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorlib.dll
+ 2005-09-23 04:28:56 102,400 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorpe.dll
+ 2005-09-23 04:29:00 330,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorrc.dll
+ 2005-09-23 04:28:56 67,072 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsec.dll
+ 2005-09-23 04:28:50 9,216 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsn.dll
+ 2005-09-23 04:28:56 226,816 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsvc.dll
+ 2005-09-23 04:28:56 66,240 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
+ 2005-09-23 04:28:56 10,240 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscortim.dll
+ 2005-09-23 04:28:50 5,615,616 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
+ 2005-09-23 04:29:00 22,528 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727MUI0409mscorsecr.dll
+ 2005-09-23 04:28:56 96,440 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ngen.exe
+ 2005-09-23 04:28:56 14,848 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727normalization.dll
+ 2005-09-23 04:28:56 78,336 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727PerfCounter.dll
+ 2005-09-23 04:28:50 136,192 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727peverify.dll
+ 2005-09-23 04:28:56 53,248 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727RegAsm.exe
+ 2005-09-23 04:28:56 32,768 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727RegSvcs.exe
+ 2005-09-23 04:29:02 59,072 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727regtlibv12.exe
+ 2005-09-23 04:28:58 7,680 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727sbscmp20_mscorlib.dll
+ 2005-09-23 04:28:56 107,520 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727shfusion.dll
+ 2005-09-23 04:29:00 85,504 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727ShFusRes.dll
+ 2005-09-23 04:28:56 377,344 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727SOS.dll
+ 2005-09-23 04:28:56 110,592 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727sysglobl.dll
+ 2005-09-23 04:28:58 389,120 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.configuration.dll
+ 2005-09-23 04:28:56 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Configuration.Install.dll
+ 2005-09-23 04:28:56 2,878,976 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.dll
+ 2005-09-23 04:28:56 482,304 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.OracleClient.dll
+ 2005-09-23 04:28:56 716,800 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Data.SqlXml.dll
+ 2005-09-23 04:28:38 884,736 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Deployment.dll
+ 2005-09-23 04:28:56 5,050,368 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Design.dll
+ 2005-09-23 04:28:56 397,312 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.DirectoryServices.dll
+ 2005-09-23 04:28:56 188,416 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.DirectoryServices.Protocols.dll
+ 2005-09-23 04:28:56 3,018,752 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.dll
+ 2005-09-23 04:28:56 81,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Drawing.Design.dll
+ 2005-09-23 04:28:56 700,416 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Drawing.dll
+ 2005-09-23 04:28:56 258,048 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.dll
+ 2005-09-23 04:28:56 47,616 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.Thunk.dll
+ 2005-09-23 04:28:56 114,176 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 04:28:56 368,640 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Management.dll
+ 2005-09-23 04:28:56 258,048 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Messaging.dll
+ 2005-09-23 04:28:56 299,008 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Runtime.Remoting.dll
+ 2005-09-23 04:28:56 131,072 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 04:28:56 258,048 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Security.dll
+ 2005-09-23 04:28:56 114,688 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.ServiceProcess.dll
+ 2005-09-23 04:28:56 260,096 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Transactions.dll
+ 2005-09-23 04:28:56 5,025,792 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.dll
+ 2005-09-23 04:28:56 835,584 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.Mobile.dll
+ 2005-09-23 04:28:56 86,016 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.RegularExpressions.dll
+ 2005-09-23 04:28:56 823,296 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Web.Services.dll
+ 2005-09-23 04:28:56 5,316,608 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.Windows.Forms.dll
+ 2005-09-23 04:28:56 2,035,712 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727System.XML.dll
+ 2005-09-23 04:28:56 71,680 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727TLBREF.DLL
+ 2005-09-23 04:29:06 1,140,920 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727vbc.exe
+ 2005-09-23 04:28:30 1,306,624 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727VsaVb7rt.dll
+ 2005-09-23 04:28:32 298,496 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727webengine.dll
+ 2005-09-23 04:28:56 28,160 -c—a-w c:windowsMicrosoft.NETFrameworkv2.0.50727WMINet_Utils.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelFrench.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelGerman.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelJapanese.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelKorean.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelPortugese.dll
+ 2007-07-23 06:03:30 53,248 -c—a-w c:windowssystem32AgCPanelSimplifiedChinese.dll
+ 2007-07-23 06:03:32 53,248 -c—a-w c:windowssystem32AgCPanelSpanish.dll
+ 2007-07-23 06:03:32 53,248 -c—a-w c:windowssystem32AgCPanelSwedish.dll
+ 2007-07-23 06:03:32 53,248 -c—a-w c:windowssystem32AgCPanelTraditionalChinese.dll
+ 2007-07-24 05:20:06 207,405 -c—a-w c:windowssystem32AGEIAAG1011app.bin
+ 2007-05-16 05:42:42 122,249 -c—a-w c:windowssystem32AGEIAAG1011diag.bin
+ 2007-07-25 05:30:38 214,141 -c—a-w c:windowssystem32AGEIAAG1021app.bin
+ 2007-10-25 05:29:50 114,505 -c—a-w c:windowssystem32AGEIAAG1021diag.bin
+ 2005-09-23 04:28:38 83,456 -c—a-w c:windowssystem32dfshim.dll
— 2003-08-18 00:00:00 2,804,224 —-a-w c:windowssystem32dllcachemsi.dll
+ 2005-05-03 09:58:36 2,890,240 -c—a-w c:windowssystem32dllcachemsi.dll
— 2003-08-18 00:00:00 77,312 —-a-w c:windowssystem32dllcachemsiexec.exe
+ 2005-05-03 09:58:36 78,848 -c—a-w c:windowssystem32dllcachemsiexec.exe
— 2003-08-18 00:00:00 331,264 —-a-w c:windowssystem32dllcachemsihnd.dll
+ 2005-05-03 09:58:36 271,360 -c—a-w c:windowssystem32dllcachemsihnd.dll
— 2003-08-18 00:00:00 884,736 —-a-w c:windowssystem32dllcachemsimsg.dll
+ 2005-05-03 09:58:36 884,736 -c—a-w c:windowssystem32dllcachemsimsg.dll
— 2003-08-18 00:00:00 44,032 —-a-w c:windowssystem32dllcachemsisip.dll
+ 2005-05-03 09:58:36 15,360 -c—a-w c:windowssystem32dllcachemsisip.dll
+ 2005-08-15 08:08:26 5,888 -c—a-w c:windowssystem32driversimagedrv.sys
+ 2005-08-15 08:08:26 127,488 -c—a-w c:windowssystem32driversimagesrv.sys
+ 2007-09-13 04:43:00 120,320 -c—a-w c:windowssystem32DRVSTOREPhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4physX32.sys
+ 2004-07-26 13:16:10 1,568,768 -c—a-w c:windowssystem32imagX7.dll
+ 2004-07-26 13:16:10 476,320 -c—a-w c:windowssystem32imagXpr7.dll
+ 2004-07-26 13:16:10 262,144 -c—a-w c:windowssystem32imagXR7.dll
+ 2004-07-26 13:16:10 471,040 -c—a-w c:windowssystem32imagXRA7.dll
+ 2005-09-23 04:28:52 270,848 -c—a-w c:windowssystem32mscoree.dll
+ 2005-09-23 04:28:52 150,016 -c—a-w c:windowssystem32mscorier.dll
— 2003-08-18 00:00:00 2,804,224 —-a-w c:windowssystem32msi.dll
+ 2005-05-03 09:58:36 2,890,240 -c—a-w c:windowssystem32msi.dll
— 2003-08-18 00:00:00 77,312 —-a-w c:windowssystem32msiexec.exe
+ 2005-05-03 09:58:36 78,848 -c—a-w c:windowssystem32msiexec.exe
— 2003-08-18 00:00:00 331,264 —-a-w c:windowssystem32msihnd.dll
+ 2005-05-03 09:58:36 271,360 -c—a-w c:windowssystem32msihnd.dll
— 2003-08-18 00:00:00 884,736 —-a-w c:windowssystem32msimsg.dll
+ 2005-05-03 09:58:36 884,736 -c—a-w c:windowssystem32msimsg.dll
— 2003-08-18 00:00:00 44,032 —-a-w c:windowssystem32msisip.dll
+ 2005-05-03 09:58:36 15,360 -c—a-w c:windowssystem32msisip.dll
+ 2005-09-23 04:29:00 6,144 -c—a-w c:windowssystem32mui0409mscorees.dll
+ 2005-02-16 11:18:04 90,184 -c—a-w c:windowssystem32NeroCo.dll
+ 2005-09-23 04:28:56 32,768 -c—a-w c:windowssystem32netfxperf.dll
— 2008-12-19 15:43:02 51,260 —-a-w c:windowssystem32perfc009.dat
+ 2009-02-04 16:06:01 58,596 —-a-w c:windowssystem32perfc009.dat
— 2008-12-19 15:43:02 61,672 —-a-w c:windowssystem32perfc019.dat
+ 2009-02-04 16:06:01 70,134 —-a-w c:windowssystem32perfc019.dat
— 2008-12-19 15:43:02 336,916 —-a-w c:windowssystem32perfh009.dat
+ 2009-02-04 16:06:01 392,296 —-a-w c:windowssystem32perfh009.dat
— 2008-12-19 15:43:02 372,680 —-a-w c:windowssystem32perfh019.dat
+ 2009-02-04 16:06:01 432,488 —-a-w c:windowssystem32perfh019.dat
+ 2007-11-13 07:54:36 70,944 -c—a-w c:windowssystem32PhysXLoader.dll
+ 2004-07-09 05:43:56 364,544 -c—a-w c:windowssystem32TwnLib4.dll
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroBackItUp.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroMediaHome.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroShowTime.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroVision.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNRecode.exe
+ 2005-09-23 04:29:16 479,232 -c—a-w c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcm80.dll
+ 2005-09-23 04:29:16 548,864 -c—a-w c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcp80.dll
+ 2005-09-23 04:29:16 626,688 -c—a-w c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acdmsvcr80.dll
+ 2009-02-04 16:03:03 258,048 -c—a-w c:windowsWinSxSx86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790System.EnterpriseServices.dll
+ 2009-02-04 16:03:03 114,176 -c—a-w c:windowsWinSxSx86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790System.EnterpriseServices.Wrapper.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-29 921600]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=
«d:\Ник\Binaries\FFOW.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2008-12-30 38496]
S4 CbEvtSvc;CbEvtSvc;c:windowsSystem32CbEvtSvc.exe -k netsvcs —> c:windowsSystem32CbEvtSvc.exe -k netsvcs [?]— Other Services/Drivers In Memory —
*NewlyCreated* — CLR_OPTIMIZATION_V2.0.50727_32
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windowssystem32imon.dll
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 20:29:46
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(632)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(688)
c:windowssystem32imon.dll
.
Completion time: 2009-02-04 20:31:01
ComboFix-quarantined-files.txt 2009-02-04 17:30:58
ComboFix2.txt 2009-01-21 05:07:52
ComboFix3.txt 2009-01-16 20:14:59
ComboFix4.txt 2009-01-14 19:43:24Pre-Run: 3 253 170 176 байт свободно
Post-Run: 3,650,789,376 байт свободно461 — E O F — 2009-01-04 04:03:06
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!File «c:windowssystem32CbEvtSvc.exe» deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
ComboFix 09-01-15.01 — Наталия Новикова 2009-01-21 7:58:24.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.254 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаталия НовиковаРабочий столCFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32CbEvtSvc.exe
.
/wow section — STAGE 1/wow section — STAGE 10
/wow section — STAGE 20
/wow section — STAGE 30
/wow section — STAGE 40
/wow section — STAGE 50
FINDSTR: Ћвбгвбвўгов бва®ЄЁ Ї®ЁбЄ((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.2009-01-19 23:42 . 2009-01-19 23:42
d—-c— C:GameRival
2009-01-19 23:41 . 2009-01-19 23:41d—-c— c:program filesReflexiveArcade
2009-01-15 15:11 . 2009-01-15 15:11d—-c— c:documents and settingsAll Users.WINDOWSApplication DataNero
2009-01-10 06:52 . 2009-01-10 07:51d—-c— c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 06:49 . 2009-01-10 06:49d—-c— c:program filesK-Lite Codec Pack
2009-01-10 06:49 . 2006-05-25 00:47 3,596,288 —a—c— c:windowssystem32qt-dx331.dll
2009-01-10 06:49 . 2006-06-21 12:42 1,044,480 —a—c— c:windowssystem32libdivx.dll
2009-01-10 06:49 . 2006-04-20 16:00 856,064 —a—c— c:windowssystem32xvidcore.dll
2009-01-10 06:49 . 2006-07-03 23:40 620,180 —a—c— c:windowssystem32divx.dll
2009-01-10 06:49 . 2006-08-22 21:53 594,450 —a—c— c:windowssystem32x264vfw.dll
2009-01-10 06:49 . 2006-02-27 15:30 217,088 —a—c— c:windowssystem32xvidvfw.dll
2009-01-10 06:49 . 2006-06-21 12:42 200,704 —a—c— c:windowssystem32ssldivx.dll
2009-01-10 06:49 . 2006-05-25 00:46 200,704 —a—c— c:windowssystem32dtu100.dll
2009-01-10 06:49 . 2006-05-13 23:16 118,784 —a—c— c:windowssystem32ac3acm.acm
2009-01-10 06:49 . 2006-04-08 03:13 90,112 —a—c— c:windowssystem32dpl100.dll
2009-01-10 06:49 . 2006-07-05 20:02 5,120 —a—c— c:windowssystem32ff_vfw.dll
2009-01-10 06:49 . 2005-02-24 18:56 547 —a—c— c:windowssystem32ff_vfw.dll.manifest
2009-01-09 23:39 . 2009-01-09 23:39d—-c— C:_OTMoveIt
2009-01-04 23:40 . 2009-01-04 23:41d—-c— C:rsit
2009-01-04 23:40 . 2009-01-09 23:52d—-c— c:program filestrend micro
2008-12-30 20:42 . 2008-12-03 19:52 38,496 —a—c— c:windowssystem32driversmbamswissarmy.sys
2008-12-30 20:42 . 2008-12-03 19:52 15,504 —a—c— c:windowssystem32driversmbam.sys
2008-12-30 10:15 . 2008-12-30 10:15 32,824 —a—c— c:documents and settingsLocalService.NT AUTHORITY.000Application Data638097440.exe
2008-12-29 23:08 . 2008-12-29 23:08d—-c— c:program filesEnigma Software Group
2008-12-29 20:58 . 2009-01-01 20:15d—-c— c:program filesMalwarebytes’ Anti-Malware
2008-12-29 19:58 . 2008-12-29 19:58d—-c— c:program filesCommon FilesDownload Manager
2008-12-29 18:01 . 2008-12-29 18:01d—-c— c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 18:01 . 2008-12-29 18:01d—-c— c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-29 16:17 . 2008-08-14 16:47 2,138,112
c— c:windowssystem32dllcachentkrnlmp.exe
2008-12-29 16:17 . 2008-08-14 16:47 2,017,792
c— c:windowssystem32dllcachentkrpamp.exe
2008-12-29 10:40 . 2008-06-14 20:59 272,512
c— c:windowssystem32driversbthport.sys
2008-12-29 10:40 . 2008-06-14 20:59 272,512
c— c:windowssystem32dllcachebthport.sys
2008-12-28 22:12 . 2008-12-28 22:12d—-c— c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-25 21:22 . 2008-12-28 23:07 0 —a—c— c:windowssystem32driversae9fec7d.sys
2008-12-25 21:12 . 2008-12-25 21:12dr—c— c:documents and settingsLocalService.NT AUTHORITY.000Избранное
2008-12-24 15:47 . 2008-12-28 23:07 0 —a—c— c:windowssystem32drivers346d0bc6.sys
2008-12-24 15:20 . 2008-12-24 15:20 50,960 —a—c— c:documents and settingsLocalService.NT AUTHORITY.000Application Data850119343.exe
2008-12-23 01:26 . 2008-12-23 01:26 61,184 —a—c— c:windowssystem32wpv201229976527.cpx
2008-12-21 01:22 . 2008-12-21 01:22 74,240 —a—c— c:windowssystem32wpv401229732545.cpx
2008-12-21 01:22 . 2008-12-21 01:22 73,728 —a—c— c:windowssystem32wpv981229732464.cpx.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 15:06 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2009-01-20 15:06 103,736 -c—a-w c:windowssystem32PnkBstrB.exe
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2008-12-28 20:04
dc—-w c:program filesESET
2008-12-03 15:40 66,872 -c—a-w c:windowssystem32PnkBstrA.exe
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
2008-12-03 15:12
dc-h—w c:program filesInstallShield Installation Information
2008-12-03 14:17
dc—-w c:program filesAlwil Software
2008-11-25 21:29
dc—-w c:program filesDirectX
2008-11-25 21:29
dc—-w c:program filesCommon FilesInstallShield
2008-11-25 10:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataAhead
2008-11-25 09:16
dc—-w c:program filesNero
2008-11-24 16:15
dc—-w c:program filesAvRack
2008-11-24 16:12
dc—-w c:program filesASUS
2008-11-24 16:04 606,848 -c—a-w c:windowsflashax.exe
2008-11-24 16:04 194,560 -c—a-w c:windowsASUS_Ai_Proactive_Screensaver (E).scr
2008-11-24 16:04 12,288 -c—a-w c:windowsimpborl.dll
2008-11-24 15:08
dc—-w c:program filesGoogle
2008-11-24 14:59
dc—-w c:program filesATI Technologies
2008-11-24 14:54
dc—-w c:documents and settingsСтас и НаталиApplication DataATI
2008-11-24 14:54
dc—-w c:documents and settingsНаталия НовиковаApplication DataATI
2008-10-23 13:01 283,648 -c—a-w c:windowssystem32gdi32.dll
.((((((((((((((((((((((((((((( snapshot@2009-01-14_22.36.57,89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 -c—a-w c:windowsERDNTsubsERDNT.EXE
+ 2009-01-15 12:15:01 25,214 -c—a-r c:windowsInstaller{99B2B571-53D7-47C3-835D-9A4EFF351049}ARPPRODUCTICON.exe
+ 2005-08-15 08:08:26 5,888 -c—a-w c:windowssystem32driversimagedrv.sys
+ 2005-08-15 08:08:26 127,488 -c—a-w c:windowssystem32driversimagesrv.sys
+ 2004-07-26 13:16:10 1,568,768 -c—a-w c:windowssystem32imagX7.dll
+ 2004-07-26 13:16:10 476,320 -c—a-w c:windowssystem32imagXpr7.dll
+ 2004-07-26 13:16:10 262,144 -c—a-w c:windowssystem32imagXR7.dll
+ 2004-07-26 13:16:10 471,040 -c—a-w c:windowssystem32imagXRA7.dll
+ 2005-02-16 11:18:04 90,184 -c—a-w c:windowssystem32NeroCo.dll
+ 2004-07-09 05:43:56 364,544 -c—a-w c:windowssystem32TwnLib4.dll
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroBackItUp.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroMediaHome.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroShowTime.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroVision.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNRecode.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=
«d:\Half Life 2\hl2.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
R4 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2008-12-30 38496][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}]
ShellAutoRuncommand — H:
ShellopenCommand — rundll32.exe .\nsdll.dll,InstallM
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 08:00:59
Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:
ZwQuerySystemInformationscanning hidden processes …
c:windowssystem32CbEvtSvc.exe [1696] 0x818D5B28
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32CbEvtSvc.exe 61184 bytes executable
scan completed successfully
hidden files: 1**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(636)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-01-21 8:07:49
ComboFix-quarantined-files.txt 2009-01-21 05:07:43
ComboFix2.txt 2009-01-16 20:14:59
ComboFix3.txt 2009-01-14 19:43:24Pre-Run: 6 376 681 472 байт свободно
Post-Run: 6,649,503,744 байт свободно180 — E O F — 2009-01-04 04:03:06
ComboFix 09-01-15.01 — Наталия Новикова 2009-01-16 23:02:55.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.259 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаталия НовиковаРабочий столCFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32CbEvtSvc.exe
c:windowssystem32drivers346d0bc6.sys
c:windowssystem32driversae9fec7d.sys
.
/wow section — STAGE 1/wow section — STAGE 10
/wow section — STAGE 20
/wow section — STAGE 30
/wow section — STAGE 40
/wow section — STAGE 50
FINDSTR: Ћвбгвбвўгов бва®ЄЁ Ї®ЁбЄ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_346d0bc6
Service_ae9fec7d((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.2009-01-15 15:11 . 2009-01-15 15:11
d—-c— c:documents and settingsAll Users.WINDOWSApplication DataNero
2009-01-10 06:52 . 2009-01-10 07:51d—-c— c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 06:49 . 2009-01-10 06:49d—-c— c:program filesK-Lite Codec Pack
2009-01-10 06:49 . 2006-05-25 00:47 3,596,288 —a—c— c:windowssystem32qt-dx331.dll
2009-01-10 06:49 . 2006-06-21 12:42 1,044,480 —a—c— c:windowssystem32libdivx.dll
2009-01-10 06:49 . 2006-04-20 16:00 856,064 —a—c— c:windowssystem32xvidcore.dll
2009-01-10 06:49 . 2006-07-03 23:40 620,180 —a—c— c:windowssystem32divx.dll
2009-01-10 06:49 . 2006-08-22 21:53 594,450 —a—c— c:windowssystem32x264vfw.dll
2009-01-10 06:49 . 2006-02-27 15:30 217,088 —a—c— c:windowssystem32xvidvfw.dll
2009-01-10 06:49 . 2006-06-21 12:42 200,704 —a—c— c:windowssystem32ssldivx.dll
2009-01-10 06:49 . 2006-05-25 00:46 200,704 —a—c— c:windowssystem32dtu100.dll
2009-01-10 06:49 . 2006-05-13 23:16 118,784 —a—c— c:windowssystem32ac3acm.acm
2009-01-10 06:49 . 2006-04-08 03:13 90,112 —a—c— c:windowssystem32dpl100.dll
2009-01-10 06:49 . 2006-07-05 20:02 5,120 —a—c— c:windowssystem32ff_vfw.dll
2009-01-10 06:49 . 2005-02-24 18:56 547 —a—c— c:windowssystem32ff_vfw.dll.manifest
2009-01-09 23:39 . 2009-01-09 23:39d—-c— C:_OTMoveIt
2009-01-04 23:40 . 2009-01-04 23:41d—-c— C:rsit
2009-01-04 23:40 . 2009-01-09 23:52d—-c— c:program filestrend micro
2008-12-30 20:42 . 2008-12-03 19:52 38,496 —a—c— c:windowssystem32driversmbamswissarmy.sys
2008-12-30 20:42 . 2008-12-03 19:52 15,504 —a—c— c:windowssystem32driversmbam.sys
2008-12-30 10:15 . 2008-12-30 10:15 32,824 —a—c— c:documents and settingsLocalService.NT AUTHORITY.000Application Data638097440.exe
2008-12-29 23:08 . 2008-12-29 23:08d—-c— c:program filesEnigma Software Group
2008-12-29 20:58 . 2009-01-01 20:15d—-c— c:program filesMalwarebytes’ Anti-Malware
2008-12-29 19:58 . 2008-12-29 19:58d—-c— c:program filesCommon FilesDownload Manager
2008-12-29 18:01 . 2008-12-29 18:01d—-c— c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 18:01 . 2008-12-29 18:01d—-c— c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-29 16:17 . 2008-08-14 16:47 2,138,112
c— c:windowssystem32dllcachentkrnlmp.exe
2008-12-29 16:17 . 2008-08-14 16:47 2,017,792
c— c:windowssystem32dllcachentkrpamp.exe
2008-12-29 10:40 . 2008-06-14 20:59 272,512
c— c:windowssystem32driversbthport.sys
2008-12-29 10:40 . 2008-06-14 20:59 272,512
c— c:windowssystem32dllcachebthport.sys
2008-12-28 22:12 . 2008-12-28 22:12d—-c— c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-25 21:22 . 2008-12-28 23:07 0 —a—c— c:windowssystem32driversae9fec7d.sys
2008-12-25 21:12 . 2008-12-25 21:12dr—c— c:documents and settingsLocalService.NT AUTHORITY.000Избранное
2008-12-24 15:47 . 2008-12-28 23:07 0 —a—c— c:windowssystem32drivers346d0bc6.sys
2008-12-24 15:20 . 2008-12-24 15:20 50,960 —a—c— c:documents and settingsLocalService.NT AUTHORITY.000Application Data850119343.exe
2008-12-23 01:26 . 2008-12-23 01:26 61,184 —a—c— c:windowssystem32wpv201229976527.cpx
2008-12-21 01:22 . 2008-12-21 01:22 74,240 —a—c— c:windowssystem32wpv401229732545.cpx
2008-12-21 01:22 . 2008-12-21 01:22 73,728 —a—c— c:windowssystem32wpv981229732464.cpx.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 12:14
dc—-w c:program filesCommon FilesAhead
2008-12-31 14:04 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2008-12-28 20:04
dc—-w c:program filesESET
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
2008-12-03 15:12
dc-h—w c:program filesInstallShield Installation Information
2008-12-03 14:17
dc—-w c:program filesAlwil Software
2008-11-25 21:29
dc—-w c:program filesDirectX
2008-11-25 21:29
dc—-w c:program filesCommon FilesInstallShield
2008-11-25 10:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataAhead
2008-11-25 09:16
dc—-w c:program filesNero
2008-11-24 16:15
dc—-w c:program filesAvRack
2008-11-24 16:12
dc—-w c:program filesASUS
2008-11-24 16:04 606,848 -c—a-w c:windowsflashax.exe
2008-11-24 16:04 194,560 -c—a-w c:windowsASUS_Ai_Proactive_Screensaver (E).scr
2008-11-24 16:04 12,288 -c—a-w c:windowsimpborl.dll
2008-11-24 15:08
dc—-w c:program filesGoogle
2008-11-24 14:59
dc—-w c:program filesATI Technologies
2008-11-24 14:54
dc—-w c:documents and settingsСтас и НаталиApplication DataATI
2008-11-24 14:54
dc—-w c:documents and settingsНаталия НовиковаApplication DataATI
.((((((((((((((((((((((((((((( snapshot@2009-01-14_22.36.57,89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 -c—a-w c:windowsERDNTsubsERDNT.EXE
+ 2009-01-15 12:15:01 25,214 -c—a-r c:windowsInstaller{99B2B571-53D7-47C3-835D-9A4EFF351049}ARPPRODUCTICON.exe
+ 2005-08-15 08:08:26 5,888 -c—a-w c:windowssystem32driversimagedrv.sys
+ 2005-08-15 08:08:26 127,488 -c—a-w c:windowssystem32driversimagesrv.sys
+ 2004-07-26 13:16:10 1,568,768 -c—a-w c:windowssystem32imagX7.dll
+ 2004-07-26 13:16:10 476,320 -c—a-w c:windowssystem32imagXpr7.dll
+ 2004-07-26 13:16:10 262,144 -c—a-w c:windowssystem32imagXR7.dll
+ 2004-07-26 13:16:10 471,040 -c—a-w c:windowssystem32imagXRA7.dll
+ 2005-02-16 11:18:04 90,184 -c—a-w c:windowssystem32NeroCo.dll
+ 2004-07-09 05:43:56 364,544 -c—a-w c:windowssystem32TwnLib4.dll
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroBackItUp.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroMediaHome.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroShowTime.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNNeroVision.exe
+ 2006-07-14 13:29:44 966,656 -c—a-w c:windowsUNRecode.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=
«d:\Half Life 2\hl2.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
R4 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2008-12-30 38496]
.
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 23:07:09
Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:
ZwQuerySystemInformationscanning hidden processes …
c:windowssystem32CbEvtSvc.exe [1700] 0x818E04E0
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32CbEvtSvc.exe 61184 bytes executable
scan completed successfully
hidden files: 1**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(640)
c:windowssystem32Ati2evxx.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32ufdsvc.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-16 23:14:56 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 20:14:48
ComboFix2.txt 2009-01-14 19:43:24Pre-Run: 6 092 365 824 байт свободно
Post-Run: 6,562,045,952 байт свободно190 — E O F — 2009-01-04 04:03:06
ComboFix 09-01-13.04 — Наталия Новикова 2009-01-14 22:33:43.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.261 [GMT 3:00]
Running from: c:documents and settingsНаталия НовиковаРабочий столComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section — STAGE 1/wow section — STAGE 10
/wow section — STAGE 20
/wow section — STAGE 30
/wow section — STAGE 40
/wow section — STAGE 50
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.2009-01-10 06:52 . 2009-01-10 07:51
d—-c— c:documents and settingsНаталия НовиковаApplication DataMedia Player Classic
2009-01-10 06:49 . 2009-01-10 06:49d—-c— c:program filesK-Lite Codec Pack
2009-01-10 06:49 . 2006-05-25 00:47 3,596,288 —a—c— c:windowssystem32qt-dx331.dll
2009-01-10 06:49 . 2006-06-21 12:42 1,044,480 —a—c— c:windowssystem32libdivx.dll
2009-01-10 06:49 . 2006-04-20 16:00 856,064 —a—c— c:windowssystem32xvidcore.dll
2009-01-10 06:49 . 2006-07-03 23:40 620,180 —a—c— c:windowssystem32divx.dll
2009-01-10 06:49 . 2006-08-22 21:53 594,450 —a—c— c:windowssystem32x264vfw.dll
2009-01-10 06:49 . 2006-02-27 15:30 217,088 —a—c— c:windowssystem32xvidvfw.dll
2009-01-10 06:49 . 2006-06-21 12:42 200,704 —a—c— c:windowssystem32ssldivx.dll
2009-01-10 06:49 . 2006-05-25 00:46 200,704 —a—c— c:windowssystem32dtu100.dll
2009-01-10 06:49 . 2006-05-13 23:16 118,784 —a—c— c:windowssystem32ac3acm.acm
2009-01-10 06:49 . 2006-04-08 03:13 90,112 —a—c— c:windowssystem32dpl100.dll
2009-01-10 06:49 . 2006-07-05 20:02 5,120 —a—c— c:windowssystem32ff_vfw.dll
2009-01-10 06:49 . 2005-02-24 18:56 547 —a—c— c:windowssystem32ff_vfw.dll.manifest
2009-01-09 23:39 . 2009-01-09 23:39d—-c— C:_OTMoveIt
2009-01-04 23:40 . 2009-01-04 23:41d—-c— C:rsit
2009-01-04 23:40 . 2009-01-09 23:52d—-c— c:program filestrend micro
2008-12-30 20:42 . 2008-12-03 19:52 38,496 —a—c— c:windowssystem32driversmbamswissarmy.sys
2008-12-30 20:42 . 2008-12-03 19:52 15,504 —a—c— c:windowssystem32driversmbam.sys
2008-12-30 10:15 . 2008-12-30 10:15 32,824 —a—c— c:documents and settingsLocalService.NT AUTHORITY.000Application Data638097440.exe
2008-12-29 23:08 . 2008-12-29 23:08d—-c— c:program filesEnigma Software Group
2008-12-29 20:58 . 2009-01-01 20:15d—-c— c:program filesMalwarebytes’ Anti-Malware
2008-12-29 19:58 . 2008-12-29 19:58d—-c— c:program filesCommon FilesDownload Manager
2008-12-29 18:01 . 2008-12-29 18:01d—-c— c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 18:01 . 2008-12-29 18:01d—-c— c:documents and settingsНаталия НовиковаApplication DataMalwarebytes
2008-12-29 16:17 . 2008-08-14 16:47 2,138,112
c— c:windowssystem32dllcachentkrnlmp.exe
2008-12-29 16:17 . 2008-08-14 16:47 2,017,792
c— c:windowssystem32dllcachentkrpamp.exe
2008-12-29 10:40 . 2008-06-14 20:59 272,512
c— c:windowssystem32driversbthport.sys
2008-12-29 10:40 . 2008-06-14 20:59 272,512
c— c:windowssystem32dllcachebthport.sys
2008-12-28 22:12 . 2008-12-28 22:12d—-c— c:documents and settingsAll Users.WINDOWSApplication DataESET
2008-12-25 21:22 . 2008-12-28 23:07 0 —a—c— c:windowssystem32driversae9fec7d.sys
2008-12-25 21:12 . 2008-12-25 21:12dr—c— c:documents and settingsLocalService.NT AUTHORITY.000Избранное
2008-12-24 15:47 . 2008-12-28 23:07 0 —a—c— c:windowssystem32drivers346d0bc6.sys
2008-12-24 15:20 . 2008-12-24 15:20 50,960 —a—c— c:documents and settingsLocalService.NT AUTHORITY.000Application Data850119343.exe
2008-12-23 01:26 . 2008-12-23 01:26 61,184 —a—c— c:windowssystem32wpv201229976527.cpx
2008-12-21 01:22 . 2008-12-21 01:22 74,240 —a—c— c:windowssystem32wpv401229732545.cpx
2008-12-21 01:22 . 2008-12-21 01:22 73,728 —a—c— c:windowssystem32wpv981229732464.cpx.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 14:04 22,328 -c—a-w c:windowssystem32driversPnkBstrK.sys
2008-12-31 14:04 103,736 -c—a-w c:windowssystem32PnkBstrB.exe
2008-12-28 20:04
dc—-w c:program filesESET
2008-12-03 15:40 66,872 -c—a-w c:windowssystem32PnkBstrA.exe
2008-12-03 15:13 22,328 -c—a-w c:documents and settingsНаталия НовиковаApplication DataPnkBstrK.sys
2008-12-03 15:12
dc-h—w c:program filesInstallShield Installation Information
2008-12-03 14:17
dc—-w c:program filesAlwil Software
2008-12-03 14:11
dc—-w c:program filesCommon FilesAhead
2008-11-25 21:29
dc—-w c:program filesDirectX
2008-11-25 21:29
dc—-w c:program filesCommon FilesInstallShield
2008-11-25 10:01
dc—-w c:documents and settingsНаталия НовиковаApplication DataAhead
2008-11-25 09:16
dc—-w c:program filesNero
2008-11-24 16:15
dc—-w c:program filesAvRack
2008-11-24 16:12
dc—-w c:program filesASUS
2008-11-24 16:04 606,848 -c—a-w c:windowsflashax.exe
2008-11-24 16:04 194,560 -c—a-w c:windowsASUS_Ai_Proactive_Screensaver (E).scr
2008-11-24 16:04 12,288 -c—a-w c:windowsimpborl.dll
2008-11-24 15:08
dc—-w c:program filesGoogle
2008-11-24 14:59
dc—-w c:program filesATI Technologies
2008-11-24 14:54
dc—-w c:documents and settingsСтас и НаталиApplication DataATI
2008-11-24 14:54
dc—-w c:documents and settingsНаталия НовиковаApplication DataATI
2008-10-23 13:01 283,648 -c—a-w c:windowssystem32gdi32.dll
2008-10-16 11:13 202,776 -c—a-w c:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 -c—a-w c:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 -c—a-w c:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 -c—a-w c:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 -c—a-w c:windowssystem32cdm.dll
2008-10-16 11:09 51,224 -c—a-w c:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 11:08 34,328 -c—a-w c:windowssystem32wups.dll
2008-10-16 11:06 268,648 -c—a-w c:windowssystem32mucltui.dll
2008-10-16 11:06 208,744 -c—a-w c:windowssystem32muweb.dll
2008-10-16 10:39 659,968 -c—a-w c:windowssystem32wininet.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-07-12 106496]
«ASUS Probe»=»c:program filesASUSAsus ProbeAsusProb.exe» [2002-12-06 617984]
«DisableEHCI»=»c:windowsS4TSR.EXE» [2002-08-26 28672]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«SoundMan»=»SOUNDMAN.EXE» [2004-11-15 c:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2006-10-26 434528]c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\Games\iw3mp.exe»=
«d:\Half Life 2\hl2.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-10-13 35328]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [2003-08-18 12672]
R4 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
S1 346d0bc6;346d0bc6;c:windowssystem32drivers346d0bc6.sys [2008-12-24 0]
S1 ae9fec7d;ae9fec7d;c:windowssystem32driversae9fec7d.sys [2008-12-25 0]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2008-12-30 38496][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}]
ShellAutoRuncommand — H:
ShellopenCommand — rundll32.exe .\nsdll.dll,InstallM
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} — c:program filesCommon FilesAheadLibNMBgMonitor.exe
.
Supplementary Scan
.
uStart Page = http://www.yandex.ru/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689} = 62.112.106.130 195.34.31.50
.
.
File Associations
.
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 22:36:16
Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:
ZwQuerySystemInformationscanning hidden processes …
c:windowssystem32CbEvtSvc.exe [1704] 0x818CE020
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32CbEvtSvc.exe 61184 bytes executable
scan completed successfully
hidden files: 1**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(640)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-01-14 22:43:21
ComboFix-quarantined-files.txt 2009-01-14 19:43:14Pre-Run: 4 514 676 736 байт свободно
Post-Run: 5,507,395,584 байт свободно170 — E O F — 2009-01-04 04:03:06
Спасибо огромное, все работает хорошо, только программа Malwarebyres Anti-malware все равно выдает ошибку и закрывается на середине сканирования, обнаружив все-таки присутствие вирусов.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service win32x stopped successfully.
Service win32x deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6FF9CCE7-EE1B-47B5-A33B-D0519D922547}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\lsass driver deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\29800100628240979157008890236031 deleted successfully.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}\ deleted successfully.
========== FILES ==========
C:Program FilesAntivirus 2009 moved successfully.
LoadLibrary failed for C:WINDOWSsystem32shell31.dll
C:WINDOWSsystem32shell31.dll NOT unregistered.
File move failed. C:WINDOWSsystem32shell31.dll scheduled to be moved on reboot.
C:WINDOWSmsauc.exe moved successfully.
C:WINDOWSsystem32driverswin32x.sys moved successfully.
C:WINDOWSsystem32toylib.dll unregistered successfully.
C:WINDOWSsystem32toylib.dll moved successfully.
File/Folder C:WINDOWSsystem32digeste.dll not found.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01092009_233907
Files moved on Reboot…
LoadLibrary failed for C:WINDOWSsystem32shell31.dll
C:WINDOWSsystem32shell31.dll NOT unregistered.
C:WINDOWSsystem32shell31.dll moved successfully.Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Completed script processing.
*******************
Finished! Terminate.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Наталия Новикова at 2009-01-09 23:52:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (30%) free of 15 GB
Total RAM: 511 MB (54% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:23, on 09.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32ufdsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSS4TSR.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsНаталия НовиковаРабочий столRSIT.exe
C:Program Filestrend microНаталия Новикова.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 — HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 — HKLM..Run: [ASUS Probe] C:Program FilesASUSAsus ProbeAsusProb.exe
O4 — HKLM..Run: [DisableEHCI] C:WINDOWSS4TSR.EXE
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689}: NameServer = 62.112.106.130 195.34.31.50
O17 — HKLMSystemCS1ServicesTcpip..{4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689}: NameServer = 62.112.106.130 195.34.31.50
O23 — Service: ASP.NET State Service (aspnet_state) — Unknown owner — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: CbEvtSvc — Unknown owner — C:WINDOWSSystem32CbEvtSvc.exe
O23 — Service: Eset HTTP Server (ehttpsrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: UFD Command Service (UFDSVC) — Generic — C:WINDOWSsystem32ufdsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5102 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=C:WINDOWSSiSUSBrg.exe [2002-07-12 106496]
«ASUS Probe»=C:Program FilesASUSAsus ProbeAsusProb.exe [2002-12-06 617984]
«DisableEHCI»=C:WINDOWSS4TSR.EXE [2002-08-26 28672]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-11-15 77824]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2003-08-18 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []C:Documents and SettingsAll Users.WINDOWSГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-08-04 46080][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:GamesNHL08nhl2008.exe»=»D:GamesNHL08nhl2008.exe:*:Disabled:nhl2008»
«D:Program FilesGameSpy ArcadeAphex.exe»=»D:Program FilesGameSpy ArcadeAphex.exe:*:Enabled:GameSpy Arcade»
«C:Documents and SettingsНаталия НовиковаLocal SettingsTempusmtmigwiz.exe»=»C:Documents and SettingsНаталия НовиковаLocal SettingsTempusmtmigwiz.exe:*:Enabled:Мастер переноса файлов и параметров»
«C:Program FilesGameSpy ArcadeAphex.exe»=»C:Program FilesGameSpy ArcadeAphex.exe:*:Enabled:GameSpy Arcade»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«D:Gamesiw3mp.exe»=»D:Gamesiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«D:Half Life 2hl2.exe»=»D:Half Life 2hl2.exe:*:Enabled:hl2»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-01-09 23:48:49 —-AC—- C:avenger.txt
2009-01-09 23:39:07 —-DC—- C:_OTMoveIt
2009-01-04 23:40:47 —-DC—- C:Program Filestrend micro
2009-01-04 23:40:46 —-DC—- C:rsit
2008-12-30 10:01:45 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2008-12-30 10:01:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2008-12-30 10:01:26 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-30 10:01:13 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2008-12-30 10:00:53 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2008-12-30 10:00:43 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-30 10:00:33 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2008-12-30 10:00:24 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2008-12-30 10:00:10 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-30 09:59:57 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2008-12-30 09:59:46 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2008-12-30 09:59:35 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-30 09:59:26 —-HDC—- C:WINDOWS$NtUninstallKB923689$
2008-12-30 09:58:53 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-12-30 09:58:44 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-12-30 09:58:35 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-30 09:58:26 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-30 09:58:17 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-30 09:58:07 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-30 09:57:54 —-HDC—- C:WINDOWS$NtUninstallKB944338-v2$
2008-12-30 00:08:47 —-DC—- C:Avenger
2008-12-29 23:08:11 —-DC—- C:Program FilesEnigma Software Group
2008-12-29 20:58:37 —-DC—- C:Program FilesMalwarebytes’ Anti-Malware
2008-12-29 19:58:35 —-DC—- C:Program FilesCommon FilesDownload Manager
2008-12-29 18:01:10 —-DC—- C:Documents and SettingsНаталия НовиковаApplication DataMalwarebytes
2008-12-29 18:01:04 —-DC—- C:Documents and SettingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:52:58 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2008-12-29 15:52:47 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-29 15:52:16 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2008-12-29 15:51:53 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-29 15:51:32 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2008-12-29 15:51:08 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2008-12-29 15:50:41 —-HDC—- C:WINDOWS$NtUninstallKB929399$
2008-12-29 15:49:57 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-28 22:12:16 —-DC—- C:Documents and SettingsAll Users.WINDOWSApplication DataESET======List of files/folders modified in the last 1 months======
2009-01-09 23:52:00 —-DC—- C:WINDOWSTemp
2009-01-09 23:49:11 —-AC—- C:WINDOWSufdsvclog.txt
2009-01-09 23:48:49 —-DC—- C:WINDOWSsystem32drivers
2009-01-09 23:48:49 —-DC—- C:WINDOWSsystem32
2009-01-09 23:48:25 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-09 23:39:56 —-DC—- C:WINDOWSPrefetch
2009-01-09 23:39:13 —-DC—- C:WINDOWS
2009-01-09 23:39:08 —-RDC—- C:Program Files
2009-01-04 07:05:02 —-DC—- C:WINDOWSsystem32CatRoot
2009-01-04 07:03:06 —-HDC—- C:WINDOWSinf
2009-01-04 07:03:03 —-DC—- C:WINDOWSsystem32CatRoot2
2008-12-31 17:04:51 —-AC—- C:WINDOWSsystem32PnkBstrB.exe
2008-12-30 20:49:52 —-DC—- C:WINDOWSMinidump
2008-12-30 10:01:47 —-RSHDC—- C:WINDOWSsystem32dllcache
2008-12-30 10:01:41 —-AC—- C:WINDOWSimsins.BAK
2008-12-30 10:01:38 —-DC—- C:Program FilesMessenger
2008-12-30 10:01:35 —-HDC—- C:WINDOWS$hf_mig$
2008-12-29 22:48:45 —-DC—- C:WINDOWSsystem32CatRoot_bak
2008-12-29 19:58:35 —-DC—- C:Program FilesCommon Files
2008-12-29 15:52:21 —-DC—- C:Program FilesInternet Explorer
2008-12-29 10:09:06 —-DC—- C:WINDOWSAppPatch
2008-12-28 23:07:08 —-DC—- C:Program FilesWindows Media Player
2008-12-28 23:07:03 —-DC—- C:WINDOWSRegisteredPackages
2008-12-28 23:04:25 —-DC—- C:Program FilesESET
2008-12-28 22:17:46 —-SHDC—- C:WINDOWSInstaller
2008-12-28 22:17:33 —-SDC—- C:Documents and SettingsAll Users.WINDOWSApplication DataMicrosoft
2008-12-19 18:43:01 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-12 20:36:26 —-AC—- C:WINDOWSsystem32mshtml.dll
2008-12-10 02:24:37 —-AC—- C:WINDOWSsystem32MRT.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aslm75;aslm75; ??C:WINDOWSsystem32driversaslm75.sys []
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2003-08-18 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2003-08-18 14848]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-11-17 2297664]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-08-04 1273344]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2003-08-18 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2003-08-18 12160]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2003-08-18 12672]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2003-08-18 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2003-08-18 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2003-08-18 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2003-08-18 17024]
S1 346d0bc6;346d0bc6; C:WINDOWSSystem32drivers346d0bc6.sys []
S1 ae9fec7d;ae9fec7d; C:WINDOWSSystem32driversae9fec7d.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:WINDOWSsystem32DRIVERSR8139n51.SYS [2003-07-31 46976]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2003-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-08-04 380928]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-12-03 66872]
R2 UFDSVC;UFD Command Service; C:WINDOWSsystem32ufdsvc.exe [2006-08-02 77824]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 ehttpsrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe []
EOF
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Наталия Новикова at 2009-01-09 19:05:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (26%) free of 15 GB
Total RAM: 511 MB (50% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:41, on 09.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32ufdsvc.exe
C:WINDOWSS4TSR.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSmsauc.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAntivirus 2009av2009.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsНаталия НовиковаРабочий столRSIT.exe
C:Program Filestrend microНаталия Новикова.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: toylibP — {6FF9CCE7-EE1B-47B5-A33B-D0519D922547} — C:WINDOWSsystem32toylib.dll
O4 — HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 — HKLM..Run: [ASUS Probe] C:Program FilesASUSAsus ProbeAsusProb.exe
O4 — HKLM..Run: [DisableEHCI] C:WINDOWSS4TSR.EXE
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [lsass driver] C:WINDOWSmsauc.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [29800100628240979157008890236031] C:Program FilesAntivirus 2009av2009.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689}: NameServer = 62.112.106.130 195.34.31.50
O17 — HKLMSystemCS1ServicesTcpip..{4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689}: NameServer = 62.112.106.130 195.34.31.50
O23 — Service: ASP.NET State Service (aspnet_state) — Unknown owner — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: CbEvtSvc — Unknown owner — C:WINDOWSSystem32CbEvtSvc.exe
O23 — Service: Eset HTTP Server (ehttpsrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: UFD Command Service (UFDSVC) — Generic — C:WINDOWSsystem32ufdsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5323 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6FF9CCE7-EE1B-47B5-A33B-D0519D922547}]
AAC-SLS Video Feeder — C:WINDOWSsystem32toylib.dll [2008-12-05 315392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=C:WINDOWSSiSUSBrg.exe [2002-07-12 106496]
«ASUS Probe»=C:Program FilesASUSAsus ProbeAsusProb.exe [2002-12-06 617984]
«DisableEHCI»=C:WINDOWSS4TSR.EXE [2002-08-26 28672]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-11-15 77824]
«lsass driver»=C:WINDOWSmsauc.exe [2008-12-21 73728]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2003-08-18 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []
«29800100628240979157008890236031»=C:Program FilesAntivirus 2009av2009.exe [2008-12-25 1597440]C:Documents and SettingsAll Users.WINDOWSГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-08-04 46080][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:GamesNHL08nhl2008.exe»=»D:GamesNHL08nhl2008.exe:*:Disabled:nhl2008»
«D:Program FilesGameSpy ArcadeAphex.exe»=»D:Program FilesGameSpy ArcadeAphex.exe:*:Enabled:GameSpy Arcade»
«C:Documents and SettingsНаталия НовиковаLocal SettingsTempusmtmigwiz.exe»=»C:Documents and SettingsНаталия НовиковаLocal SettingsTempusmtmigwiz.exe:*:Enabled:Мастер переноса файлов и параметров»
«C:Program FilesGameSpy ArcadeAphex.exe»=»C:Program FilesGameSpy ArcadeAphex.exe:*:Enabled:GameSpy Arcade»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«D:Gamesiw3mp.exe»=»D:Gamesiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«D:Half Life 2hl2.exe»=»D:Half Life 2hl2.exe:*:Enabled:hl2»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}]
shellautoruncommand — H:
shellopencommand — rundll32.exe .\nsdll.dll,InstallM======List of files/folders created in the last 1 months======
2009-01-04 23:40:47 —-DC—- C:Program Filestrend micro
2009-01-04 23:40:46 —-DC—- C:rsit
2008-12-30 10:01:45 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2008-12-30 10:01:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2008-12-30 10:01:26 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-30 10:01:13 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2008-12-30 10:00:53 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2008-12-30 10:00:43 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-30 10:00:33 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2008-12-30 10:00:24 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2008-12-30 10:00:10 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-30 09:59:57 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2008-12-30 09:59:46 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2008-12-30 09:59:35 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-30 09:59:26 —-HDC—- C:WINDOWS$NtUninstallKB923689$
2008-12-30 09:58:53 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-12-30 09:58:44 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-12-30 09:58:35 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-30 09:58:26 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-30 09:58:17 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-30 09:58:07 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-30 09:57:54 —-HDC—- C:WINDOWS$NtUninstallKB944338-v2$
2008-12-30 00:08:47 —-DC—- C:Avenger
2008-12-30 00:08:47 —-AC—- C:avenger.txt
2008-12-29 23:08:11 —-DC—- C:Program FilesEnigma Software Group
2008-12-29 20:58:37 —-DC—- C:Program FilesMalwarebytes’ Anti-Malware
2008-12-29 19:58:35 —-DC—- C:Program FilesCommon FilesDownload Manager
2008-12-29 18:01:10 —-DC—- C:Documents and SettingsНаталия НовиковаApplication DataMalwarebytes
2008-12-29 18:01:04 —-DC—- C:Documents and SettingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:52:58 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2008-12-29 15:52:47 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-29 15:52:16 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2008-12-29 15:51:53 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-29 15:51:32 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2008-12-29 15:51:08 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2008-12-29 15:50:41 —-HDC—- C:WINDOWS$NtUninstallKB929399$
2008-12-29 15:49:57 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-28 22:12:16 —-DC—- C:Documents and SettingsAll Users.WINDOWSApplication DataESET
2008-12-25 20:14:01 —-DC—- C:Program FilesAntivirus 2009
2008-12-21 01:22:24 —-AC—- C:WINDOWSsystem32shell31.dll
2008-12-21 01:22:24 —-AC—- C:WINDOWSmsauc.exe======List of files/folders modified in the last 1 months======
2009-01-09 19:05:12 —-DC—- C:WINDOWSTemp
2009-01-09 18:32:43 —-AC—- C:WINDOWSufdsvclog.txt
2009-01-05 00:14:28 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-04 23:41:02 —-DC—- C:WINDOWSPrefetch
2009-01-04 23:40:47 —-RDC—- C:Program Files
2009-01-04 21:35:18 —-DC—- C:WINDOWS
2009-01-04 07:05:02 —-DC—- C:WINDOWSsystem32CatRoot
2009-01-04 07:03:06 —-HDC—- C:WINDOWSinf
2009-01-04 07:03:05 —-DC—- C:WINDOWSsystem32
2009-01-04 07:03:03 —-DC—- C:WINDOWSsystem32CatRoot2
2009-01-01 20:15:55 —-DC—- C:WINDOWSsystem32drivers
2008-12-31 17:04:51 —-AC—- C:WINDOWSsystem32PnkBstrB.exe
2008-12-30 20:49:52 —-DC—- C:WINDOWSMinidump
2008-12-30 10:01:47 —-RSHDC—- C:WINDOWSsystem32dllcache
2008-12-30 10:01:41 —-AC—- C:WINDOWSimsins.BAK
2008-12-30 10:01:38 —-DC—- C:Program FilesMessenger
2008-12-30 10:01:35 —-HDC—- C:WINDOWS$hf_mig$
2008-12-29 22:48:45 —-DC—- C:WINDOWSsystem32CatRoot_bak
2008-12-29 19:58:35 —-DC—- C:Program FilesCommon Files
2008-12-29 15:52:21 —-DC—- C:Program FilesInternet Explorer
2008-12-29 10:09:06 —-DC—- C:WINDOWSAppPatch
2008-12-28 23:07:08 —-DC—- C:Program FilesWindows Media Player
2008-12-28 23:07:03 —-DC—- C:WINDOWSRegisteredPackages
2008-12-28 23:04:25 —-DC—- C:Program FilesESET
2008-12-28 22:17:46 —-SHDC—- C:WINDOWSInstaller
2008-12-28 22:17:33 —-SDC—- C:Documents and SettingsAll Users.WINDOWSApplication DataMicrosoft
2008-12-19 18:43:01 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-12 20:36:26 —-AC—- C:WINDOWSsystem32mshtml.dll
2008-12-10 02:24:37 —-AC—- C:WINDOWSsystem32MRT.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aslm75;aslm75; ??C:WINDOWSsystem32driversaslm75.sys []
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2003-08-18 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2003-08-18 14848]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-11-17 2297664]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-08-04 1273344]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2003-08-18 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2003-08-18 12160]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2003-08-18 12672]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2003-08-18 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2003-08-18 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2003-08-18 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2003-08-18 17024]
S1 346d0bc6;346d0bc6; C:WINDOWSSystem32drivers346d0bc6.sys []
S1 ae9fec7d;ae9fec7d; C:WINDOWSSystem32driversae9fec7d.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:WINDOWSsystem32DRIVERSR8139n51.SYS [2003-07-31 46976]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 win32x;win32x; ??C:WINDOWSsystem32driverswin32x.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2003-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-08-04 380928]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-12-03 66872]
R2 UFDSVC;UFD Command Service; C:WINDOWSsystem32ufdsvc.exe [2006-08-02 77824]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 ehttpsrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe []
EOF
