ComboFix 08-12-07.01 - Administrator 2008-12-08 23:35:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.555 [GMT 3:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\wsnpoem c:\documents and settings\LocalService\Application Data\wsnpoem\audio.dll c:\documents and settings\NetworkService\Application Data\wsnpoem c:\documents and settings\NetworkService\Application Data\wsnpoem\audio.dll c:\program files\Gene6 FTP Server c:\program files\Gene6 FTP Server\Accounts\settings.ini c:\program files\Gene6 FTP Server\Accounts\test\settings.ini c:\program files\Gene6 FTP Server\Accounts\test\users\Anonymous.ini c:\program files\Gene6 FTP Server\Backup\Administrator.reg c:\program files\Gene6 FTP Server\Backup\RemoteAdmin\Remote.ini c:\program files\Gene6 FTP Server\Log\test-2008-04.log c:\program files\Gene6 FTP Server\registration-key.dat c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-08-04-03.log c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-08-04-07.log c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-08-04-08.log c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-08-04-10.log c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-08-04-13.log c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-08-04-16.log c:\program files\Gene6 FTP Server\RemoteAdmin\Remote.ini c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.crt c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.key c:\windows\system32\QgzMCg.syz c:\windows\system32\ssms.exe c:\windows\system32\wsnpoem c:\windows\system32\wsnpoem\audio.dll c:\windows\system32\wsnpoem\video.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LPTRDCSRV ((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 ))))))))))))))))))))))))))))))) . 2008-12-08 02:23 . 2008-12-08 02:23 d-------- c:\program files\Punto Switcher 2008-12-08 02:23 . 2008-12-08 02:23 d-------- c:\documents and settings\Administrator\Application Data\Yandex 2008-12-08 00:28 . 2008-12-08 00:28 74,816 --a------ c:\windows\system32\drivers\FILEM701.SYS 2008-12-07 21:05 . 2008-12-07 21:05 d-------- c:\program files\ESET 2008-12-07 20:26 . 2008-12-08 23:13 d-------- C:\antivir 2008-12-07 20:11 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\97352660.sys 2008-12-05 19:54 . 2008-12-05 19:55 d-------- c:\program files\I-Doser 2008-12-03 23:24 . 2008-12-03 23:24 d--hs---- c:\windows\ftpcache 2008-12-03 21:33 . 2008-12-03 21:37 d-------- c:\program files\TIOnline 2008-12-01 23:56 . 2008-12-01 23:56 d-------- c:\temp\lili 2008-12-01 11:41 . 2008-12-01 11:43 d-------- c:\documents and settings\Administrator\DoctorWeb 2008-11-29 16:08 . 2008-11-30 21:58 d-------- c:\program files\Semagic 2008-11-28 17:46 . 2008-11-28 17:46 d--h----- c:\windows\system32\GroupPolicy 2008-11-26 03:23 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll 2008-11-26 03:23 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll 2008-11-26 03:23 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax 2008-11-23 02:11 . 2008-11-23 02:11 27,136 --a------ c:\windows\system32\rem.exe 2008-11-19 13:32 . 2008-11-19 13:32 d-------- c:\program files\Data Realms 2008-11-16 00:04 . 2008-11-16 00:05 d-------- c:\program files\Hammerfall 2008-11-15 20:32 . 2008-08-07 11:24 359,040 --a------ c:\windows\system32\drivers\tcpip.copy 2008-11-12 20:26 . 2008-11-12 20:26 d-------- c:\documents and settings\Administrator\Application Data\Ashampoo 2008-11-12 20:25 . 2008-11-12 20:25 d-------- c:\program files\Ashampoo 2008-11-12 20:25 . 2008-11-12 20:25 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ashampoo 2008-11-12 20:18 . 2008-11-12 20:18 d-------- c:\program files\LSoft Technologies 2008-11-12 20:15 . 2008-11-12 20:15 d-------- c:\program files\ISO Commander 2008-11-12 12:59 . 2008-12-01 14:45 d--h----- c:\windows\$hf_mig$ 2008-11-11 19:17 . 2008-11-17 21:25 d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ESET 2008-11-11 04:49 . 2008-11-26 15:30 d-------- c:\program files\Turbogames.ru 2008-11-08 01:13 . 2008-12-08 03:22 d-------- C:\xoblite . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-08 20:41 656,969 ----a-w c:\windows\system32\drivers\kwflower.log 2008-12-08 20:41 380,157 ----a-w c:\windows\system32\drivers\kwfupper.log 2008-12-08 19:58 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2008-12-08 19:55 --------- d-----w c:\documents and settings\Administrator\Application Data\foobar2000 2008-12-08 14:26 --------- d-----w c:\program files\operausb950 2008-12-03 13:16 --------- d-----w c:\program files\VstPlugins 2008-11-25 12:39 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2008-11-20 02:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Tablet 2008-11-20 02:11 --------- d-----w c:\program files\Auto Cross Racing 2008-11-15 17:32 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys 2008-11-03 21:22 --------- d-----w c:\program files\PHP 2008-11-03 21:19 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2008-11-03 21:19 --------- d-----w c:\program files\WebMoney Agent 2008-11-03 21:19 --------- d-----w c:\program files\WebMoney 2008-10-20 16:53 --------- d-----w c:\program files\PHP5.2.6 2008-10-18 19:09 --------- d-----w c:\program files\WorldOfGoo 2008-10-18 19:09 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\2DBoy 2008-10-18 16:28 --------- d-----w c:\program files\Alcohol Soft 2008-10-18 16:18 716,272 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-15 13:55 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet 2008-05-07 19:40 4,798 ----a-w c:\documents and settings\Administrator\Application Data\setup.reg 2008-05-07 14:43 4,833 ----a-w c:\documents and settings\Administrator\Application Data\setup.bat 2008-05-04 06:54 1,940 ----a-w c:\documents and settings\Administrator\Application Data\lebendig.reg 2008-03-17 22:26 32 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2005-03-27 68096] "WrCtrl"="c:\program files\Kerio\WinRoute Firewall\wrctrl.exe" [2007-08-28 124776] "Punto Switcher"="c:\program files\Punto Switcher\punto.exe" [2008-10-16 735016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064] "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2007-12-16 693536] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-22 622653] Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-06-13 41041] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "Start_NotifyNewApps"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "Start_NotifyNewApps"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Shell"="c:\\blackbox\\blackbox.exe" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Create virtual drive for Denwer.lnk] backup=c:\windows\pss\Create virtual drive for Denwer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HyperSnap 6.lnk] backup=c:\windows\pss\HyperSnap 6.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^shup.lnk] backup=c:\windows\pss\shup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^userinit.exe] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\userinit.exe backup=c:\windows\pss\userinit.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BestCrypt Auto Open.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk backup=c:\windows\pss\BestCrypt Auto Open.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 16:40 1884160 c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup] --a------ 2004-02-25 08:49 294912 c:\program files\Jetico\BestCrypt\BCWipeTM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Master] --a------ 2008-07-01 16:24 3282432 c:\program files\Download Master\dmaster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-05-25 12:38 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-08-03 11:49 133104 c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2006-03-23 16:06 1398272 c:\program files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-26 14:42 267064 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] --a------ 2004-06-03 20:51 131072 c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2007-12-10 10:12 695808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader] --a------ 2008-01-31 13:08 229376 c:\progra~1\Phase One\Capture One PRO\DCIMImp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-26 04:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-07-01 19:46 25504040 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk] --a------ 2008-03-23 14:16 2105856 c:\program files\TopDesk\topdesk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2008-05-02 07:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmagent.exe] --a------ 2008-10-01 12:45 209376 c:\program files\WebMoney Agent\wmagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrCtrl] --a------ 2007-08-28 08:54 124776 c:\program files\Kerio\WinRoute Firewall\wrctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent [tfile.ru]\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Downloads\\Программы\\utorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:*:Disabled:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:*:Disabled:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:*:Disabled:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:*:Disabled:Adobe Version Cue CS3 Server "5999:UDP"= 5999:UDP:MaxiVista Server "5950:TCP"= 5950:TCP:MaxiVista Server R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\BC_BFish.sys [2002-08-16 12747] R1 BC_DES;BC_DES;c:\windows\system32\drivers\BC_DES.sys [2002-08-16 17991] R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\BC_Gost.sys [2002-08-16 14013] R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\BC_RIJN.sys [2002-08-16 43101] R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\BC_TFISH.sys [2002-08-16 31639] R1 bcbus;BestCrypt bus driver;c:\windows\system32\DRIVERS\bcbus.sys [2002-08-16 27631] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2002-08-16 8448] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\VD_FileDisk.sys [2008-02-04 15872] R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536] R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224] R2 MaxiDcom;MaxiDcom;c:\windows\system32\Drivers\MaxiDcom.SYS [2008-08-17 11360] R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys [2007-09-07 23552] R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776] R2 WinRoute;Kerio WinRoute Firewall;"c:\program files\Kerio\WinRoute Firewall\winroute.exe" [2007-08-28 5646184] R3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys [2007-08-28 99840] R3 kwfupper;Kerio WinRoute Firewall Driver - Upper Layer;c:\windows\system32\DRIVERS\kwfupper.sys [2007-08-28 123952] R3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys [2008-08-17 9952] R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584] S3 Apache2.2;Apache2.2;"c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [2008-06-13 24635] S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [] S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys [] S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys [] S3 GoogleDesktopManager-051608-133132;Диспетчер Google Desktop 5.7.805.16405;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-25 29744] S3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2007-08-28 65024] S3 MBLAUDRV;Mobiola Audio Service;c:\windows\system32\drivers\BTCamAudioDrv.sys [2008-03-26 13312] S3 PD100VID;Video Blaster WebCam 5 (WDM);c:\windows\system32\DRIVERS\PD100Vid.sys [2008-03-19 374200] S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys [] S3 ZD1211BU(3COM Corporation);3Com OfficeConnect Wireless 54Mbps 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211Bu.sys [2008-03-10 402944] S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSWAP.sys [2002-08-16 83456] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A7A75E37-429F-BD51-CE31-22AA38BE915D}] c:\windows\system32\ssms.exe Restart . Contents of the 'Scheduled Tasks' folder 2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-08-03 11:49] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE MSConfigStartUp-Administrator - c:\documents and settings\Administrator\Administrator.exe MSConfigStartUp-CTFMON - c:\windows\system32\ctfmon.exe MSConfigStartUp-mssrv32 - c:\windows\system32\mssrv32.exe MSConfigStartUp-partitionmagic8 - c:\windows\Twain_32.exe MSConfigStartUp-Punto Switcher - f:\!portable_app\punto_portable\ps.exe MSConfigStartUp-Samurize - c:\windows\system32\head-22-10-2.exe MSConfigStartUp-winlogon - c:\documents and settings\Administrator\svchost.exe MSConfigStartUp-[system] - c:\windows\system32\drivers\services.exe . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &Отправить на устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: &Экспорт в Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Copy to Semagic - c:\program files\Semagic\copy.htm IE: Semagic - c:\program files\Semagic\link.htm IE: Закачать ВСЕ при помощи Download Master - c:\program files\Download Master\dmieall.htm IE: Закачать при помощи Download Master - c:\program files\Download Master\dmie.htm IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\Download Master\dmaster.exe IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\Download Master\dmaster.exe - TCP: {631101F3-4158-40F2-8B51-D07C3512D132} = 77.40.0.2,77.40.0.3 FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ffiu4nnl.default\ FF -: plugin - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - c:\program files\operausb950\program\plugins\np-mswmp.dll FF -: plugin - c:\program files\operausb950\program\plugins\NP32DSW.DLL FF -: plugin - c:\program files\operausb950\program\plugins\npdm.dll FF -: plugin - c:\program files\operausb950\program\plugins\npdsplay.dll FF -: plugin - c:\program files\operausb950\program\plugins\nppdf32.dll FF -: plugin - c:\program files\operausb950\program\plugins\nppl3260.dll FF -: plugin - c:\program files\operausb950\program\plugins\nprpjplug.dll FF -: plugin - c:\program files\operausb950\program\plugins\NPSWF32.dll FF -: plugin - c:\program files\operausb950\program\plugins\npwmsdrm.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-08 23:42:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\snmp.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\blackbox\blackbox.exe c:\program files\UltraMon\UltraMonTaskbar.exe c:\windows\system32\rem.exe c:\progra~1\WIDCOMM\Bluetooth Software\BTStackServer.exe . ************************************************************************** . Completion time: 2008-12-08 23:44:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-08 20:44:51 Pre-Run: 12,504,047,616 bytes free Post-Run: 12,164,415,488 bytes free 328