ComboFix 08-12-23.01 - Admin 2008-12-23 22:20:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.1023.569 [GMT 3:00] Running from: e:\documents and settings\Admin\Рабочий стол\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\docume~1\Admin\LOCALS~1\Temp\tmp1.tmp e:\documents and settings\Admin\Local Settings\Temporary Internet Files\E100.GIF e:\documents and settings\Admin\Local Settings\Temporary Internet Files\E100_ENG_UM_OK.ZIP e:\documents and settings\Admin\Local Settings\Temporary Internet Files\head_firmware.inf e:\windows\system32\uninstall.exe . ((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 ))))))))))))))))))))))))))))))) . 2008-12-23 22:17 . 2008-12-23 22:17 d-------- e:\program files\Java 2008-12-23 22:17 . 2008-12-23 22:17 73,728 --a------ e:\windows\system32\javacpl.cpl 2008-12-23 22:14 . 2008-12-23 22:17 410,984 --a------ e:\windows\system32\deploytk.dll 2008-12-23 16:50 . 2008-12-23 16:50 d-------- e:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-23 15:23 . 2008-05-20 19:42 116,224 --a--c--- e:\windows\system32\dllcache\xrxwiadr.dll 2008-12-23 15:23 . 2001-08-18 06:37 99,865 --a--c--- e:\windows\system32\dllcache\xlog.exe 2008-12-23 15:23 . 2001-10-19 21:06 27,648 --a--c--- e:\windows\system32\dllcache\xrxftplt.exe 2008-12-23 15:23 . 2001-10-19 21:06 23,040 --a--c--- e:\windows\system32\dllcache\xrxwbtmp.dll 2008-12-23 15:23 . 2008-05-20 19:42 19,455 --a--c--- e:\windows\system32\dllcache\wvchntxx.sys 2008-12-23 15:23 . 2008-05-20 19:42 19,200 --a--c--- e:\windows\system32\dllcache\wstcodec.sys 2008-12-23 15:23 . 2008-05-20 19:42 18,944 --a--c--- e:\windows\system32\dllcache\xrxscnui.dll 2008-12-23 15:23 . 2001-08-17 20:11 16,970 --a--c--- e:\windows\system32\dllcache\xem336n5.sys 2008-12-23 15:23 . 2008-05-20 19:42 12,063 --a--c--- e:\windows\system32\dllcache\wsiintxx.sys 2008-12-23 15:23 . 2008-05-20 19:42 8,832 --a--c--- e:\windows\system32\dllcache\wmiacpi.sys 2008-12-23 15:23 . 2008-05-20 19:42 8,192 --a--c--- e:\windows\system32\dllcache\wshirda.dll 2008-12-23 15:23 . 2001-10-19 21:06 4,608 --a--c--- e:\windows\system32\dllcache\xrxflnch.exe 2008-12-23 15:21 . 2001-08-17 21:28 794,654 --a--c--- e:\windows\system32\dllcache\usr1801.sys 2008-12-23 15:20 . 2001-10-19 21:06 216,576 --a--c--- e:\windows\system32\dllcache\um34scan.dll 2008-12-23 15:19 . 2001-10-19 21:06 525,568 --a--c--- e:\windows\system32\dllcache\tridxp.dll 2008-12-23 15:18 . 2001-10-19 21:05 172,768 --a--c--- e:\windows\system32\dllcache\t2r4disp.dll 2008-12-23 15:17 . 2001-10-19 20:22 286,208 --a--c--- e:\windows\system32\dllcache\stlnata.sys 2008-12-23 15:16 . 2001-10-19 21:05 147,200 --a--c--- e:\windows\system32\dllcache\smidispb.dll 2008-12-23 15:15 . 2008-05-20 19:42 404,990 --a--c--- e:\windows\system32\dllcache\slntamr.sys 2008-12-23 15:14 . 2001-10-19 21:04 495,616 --a--c--- e:\windows\system32\dllcache\sblfx.dll 2008-12-23 15:13 . 2008-05-20 19:42 397,056 --a--c--- e:\windows\system32\dllcache\s3gnb.dll 2008-12-23 15:12 . 2001-10-19 20:37 899,402 --a--c--- e:\windows\system32\dllcache\r2mdkxga.sys 2008-12-23 15:11 . 2008-05-20 19:42 363,520 --a--c--- e:\windows\system32\dllcache\psisdecd.dll 2008-12-23 15:10 . 2001-08-17 22:05 351,616 --a--c--- e:\windows\system32\dllcache\ovcodek2.sys 2008-12-23 15:09 . 2008-05-20 19:42 4,274,816 --a--c--- e:\windows\system32\dllcache\nv4_disp.dll 2008-12-23 15:08 . 2008-05-20 19:42 1,737,856 --a--c--- e:\windows\system32\dllcache\mtxparhd.dll 2008-12-23 15:07 . 2008-05-20 19:42 1,309,184 --a--c--- e:\windows\system32\dllcache\mtlstrm.sys 2008-12-23 15:06 . 2001-08-17 21:28 802,683 --a--c--- e:\windows\system32\dllcache\ltsm.sys 2008-12-23 15:05 . 2008-05-20 19:42 254,464 --a--c--- e:\windows\system32\dllcache\kdsusd.dll 2008-12-23 15:04 . 2001-10-19 21:06 372,824 --a--c--- e:\windows\system32\dllcache\iconf32.dll 2008-12-23 15:03 . 2008-05-20 19:42 1,041,536 --a--c--- e:\windows\system32\dllcache\hsfdpsp2.sys 2008-12-23 15:02 . 2001-10-19 21:06 324,608 --a--c--- e:\windows\system32\dllcache\hpojwia.dll 2008-12-23 15:01 . 2001-10-19 21:05 1,733,120 --a--c--- e:\windows\system32\dllcache\g400d.dll 2008-12-23 15:00 . 2001-10-19 20:32 595,807 --a--c--- e:\windows\system32\dllcache\es56cvmp.sys 2008-12-23 14:59 . 2001-10-19 20:27 634,134 --a--c--- e:\windows\system32\dllcache\el656ct5.sys 2008-12-23 14:58 . 2001-08-17 20:14 952,007 --a--c--- e:\windows\system32\dllcache\diwan.sys 2008-12-23 14:57 . 2008-05-20 19:42 251,392 --a--c--- e:\windows\system32\dllcache\ctmasetp.dll 2008-12-23 14:56 . 2001-10-19 20:31 980,034 --a--c--- e:\windows\system32\dllcache\cicap.sys 2008-12-23 14:55 . 2001-08-17 21:28 871,388 --a--c--- e:\windows\system32\dllcache\bcmdm.sys 2008-12-23 14:54 . 2008-05-20 19:42 2,190,976 --a--c--- e:\windows\system32\dllcache\ntoskrnl.exe 2008-12-22 23:08 . 2008-12-22 23:08 d-------- e:\program files\Trend Micro 2008-12-22 23:08 . 2008-12-22 23:08 d-------- e:\documents and settings\Admin\DoctorWeb 2008-12-20 04:59 . 2008-12-20 05:49 64 --a------ e:\windows\tcw.ini 2008-12-18 00:18 . 2008-12-18 00:18 d-------- e:\documents and settings\Admin\Application Data\CPS Labs 2008-12-18 00:12 . 2008-12-18 00:12 d-------- e:\program files\iSpring Pro 3 2008-12-18 00:12 . 2008-12-18 00:12 d-------- e:\program files\Common Files\CPS Labs Ltd 2008-12-18 00:08 . 2008-12-18 00:08 d-------- e:\documents and settings\Admin\Application Data\TechSmith 2008-12-17 23:54 . 2008-12-17 23:54 d-------- e:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-12-17 23:04 . 2008-12-17 23:04 d-------- e:\program files\Big Fish Audio 2008-12-17 22:48 . 2008-12-17 23:35 d-------- e:\documents and settings\Admin\Application Data\Waves Preferences 2008-12-17 22:48 . 2008-12-17 22:48 d-------- e:\documents and settings\Admin\Application Data\Waves Audio 2008-12-17 22:48 . 2008-12-17 22:48 d-------- e:\documents and settings\Admin\Application Data\Waves 2008-12-17 22:44 . 2008-12-17 22:47 d-------- e:\program files\Waves 2008-12-16 23:07 . 2008-12-16 23:07 38 --a------ e:\windows\avisplitter.INI 2008-12-16 22:39 . 2008-12-16 22:40 d-------- e:\program files\Winamp 2008-12-16 22:39 . 2007-03-08 02:51 129,784 --------- e:\windows\system32\pxafs.dll 2008-12-16 22:39 . 2007-03-08 02:51 43,528 --------- e:\windows\system32\drivers\PxHelp20.sys 2008-12-16 22:39 . 2007-03-08 02:51 9,464 --------- e:\windows\system32\drivers\cdralw2k.sys 2008-12-16 22:39 . 2007-03-08 02:51 9,336 --------- e:\windows\system32\drivers\cdr4_xp.sys 2008-12-16 16:01 . 2008-12-16 16:01 d-------- e:\program files\Common Files\reFX 2008-12-14 22:41 . 2008-12-14 22:41 d-------- e:\documents and settings\All Users\Application Data\Acronis 2008-12-14 17:00 . 2008-12-14 17:00 d-------- e:\program files\Barbie(TM) 2008-12-14 16:14 . 2008-12-14 16:14 d-------- e:\program files\Common Files\Acronis 2008-12-14 16:14 . 2008-12-14 16:14 d-------- e:\program files\Acronis 2008-12-14 16:14 . 2008-12-14 16:14 217,664 --a------ e:\windows\system32\drivers\timntr.sys 2008-12-14 16:14 . 2008-12-14 16:14 96,032 --a------ e:\windows\system32\drivers\snapman.sys 2008-12-14 16:14 . 2008-12-14 16:14 30,080 --a------ e:\windows\system32\drivers\tifsfilt.sys 2008-12-14 13:52 . 2008-12-14 13:52 d-------- e:\documents and settings\Admin\Application Data\NetMedia Providers 2008-12-13 01:30 . 2008-12-13 01:30 d-------- e:\program files\HotCoffee Messenger 2008-12-13 01:28 . 2002-12-17 16:23 33,340 --------- e:\windows\system32\dbmsqlgc.dll 2008-12-13 01:28 . 2002-10-20 14:05 24,576 --------- e:\windows\system32\dbmsgnet.dll 2008-12-13 01:27 . 2008-12-13 01:27 d-------- e:\program files\Microsoft SQL Server 2008-12-13 01:27 . 2008-12-13 01:27 d-------- e:\documents and settings\All Users\Application Data\Sony 2008-12-13 01:23 . 2008-12-14 13:55 d-------- e:\documents and settings\Admin\Application Data\Publish Providers 2008-12-13 01:22 . 2008-12-14 14:32 d-------- e:\documents and settings\Admin\Application Data\Sony 2008-12-13 01:21 . 2008-12-13 01:24 d-------- e:\program files\Sony Setup 2008-12-13 01:21 . 2008-12-13 01:26 d-------- e:\program files\Sony 2008-12-13 00:43 . 2008-12-19 23:04 471 --a------ e:\windows\system32\Datei4 2008-12-13 00:43 . 2008-12-19 23:04 471 --a------ e:\windows\system32\Datei2 2008-12-13 00:43 . 2008-12-19 23:04 470 --a------ e:\windows\system32\Datei3 2008-12-13 00:43 . 2008-12-19 23:04 470 --a------ e:\windows\system32\Datei1 2008-12-13 00:43 . 2008-12-19 23:04 469 --a------ e:\windows\system32\Datei7 2008-12-13 00:43 . 2008-12-19 23:04 469 --a------ e:\windows\system32\Datei5 2008-12-13 00:43 . 2008-12-19 23:04 468 --a------ e:\windows\system32\Datei0 2008-12-13 00:43 . 2008-12-19 23:04 467 --a------ e:\windows\system32\Datei9 2008-12-13 00:43 . 2008-12-19 23:04 467 --a------ e:\windows\system32\Datei8 2008-12-13 00:43 . 2008-12-19 23:04 467 --a------ e:\windows\system32\Datei10 2008-12-13 00:43 . 2008-12-19 23:04 465 --a------ e:\windows\system32\Datei6 2008-12-13 00:42 . 2005-05-09 20:08 33,792 --a------ e:\windows\system32\drivers\cledx.sys 2008-12-13 00:41 . 2008-12-13 00:42 d-------- e:\program files\Syncrosoft 2008-12-13 00:41 . 2005-11-08 20:02 708,608 --a------ e:\windows\system32\SYNSOACC.dll 2008-12-13 00:41 . 2005-11-08 11:20 147,456 --a------ e:\windows\system32\SynsoLChk.dll 2008-12-13 00:41 . 2003-07-31 19:28 147,425 --a------ e:\windows\system32\SYNSOACC-Aide.chm 2008-12-13 00:41 . 2003-05-26 14:29 120,468 --a------ e:\windows\system32\SYNSOACC-Hilfe.chm 2008-12-13 00:41 . 2003-05-26 14:29 114,279 --a------ e:\windows\system32\SYNSOACC-Help.chm 2008-12-13 00:41 . 2005-11-03 17:14 45,056 --a------ e:\windows\system32\Synsopos.exe 2008-12-13 00:41 . 2005-11-03 12:17 16,896 --a------ e:\windows\system32\drivers\synasUSB.sys 2008-12-13 00:40 . 2008-12-13 00:40 d-------- e:\program files\Steinberg 2008-12-11 22:35 . 2008-12-11 22:35 d-------- e:\program files\M-Audio Fast Track 2008-12-11 22:35 . 2004-08-31 15:57 3,510,272 --a------ e:\windows\system32\MA010CPL.CPL 2008-12-11 22:35 . 2004-08-17 12:06 147,456 --a------ e:\windows\system32\MA010ASI.dll 2008-12-11 22:35 . 2004-08-26 18:58 61,440 --a------ e:\windows\system32\MA010TSK.exe 2008-12-11 22:35 . 2004-08-31 15:57 30,848 --a------ e:\windows\system32\drivers\MA763010.sys 2008-12-10 22:57 . 2008-12-23 22:20 d-------- e:\documents and settings\Admin\Application Data\uTorrent 2008-12-10 17:53 . 2008-12-10 17:53 d-------- e:\documents and settings\Admin\Application Data\Media Player Classic 2008-12-09 22:28 . 2008-12-09 22:28 d-------- e:\program files\ApexDC++ and 666 2008-12-08 15:57 . 2008-12-08 15:57 d-------- e:\program files\Новый Диск 2008-12-07 22:20 . 2008-12-13 01:29 d-------- e:\program files\QIP Infium 2008-12-07 17:33 . 2008-12-07 17:33 d-------- e:\program files\iriver 2008-12-05 14:07 . 2008-12-05 14:07 d-------- e:\program files\FileZilla Client 2008-12-05 14:07 . 2008-12-14 14:54 d-------- e:\documents and settings\Admin\Application Data\FileZilla 2008-12-04 23:07 . 2008-12-04 23:07 d-------- e:\documents and settings\All Users\Application Data\FLEXnet 2008-12-04 22:16 . 2008-12-17 22:32 d-------- e:\program files\VstPlugins 2008-12-04 22:16 . 2008-12-16 19:00 d-------- e:\program files\Common Files\Native Instruments 2008-12-04 22:16 . 2008-12-04 22:16 d-------- e:\program files\Common Files\Digidesign 2008-12-04 22:13 . 2008-12-04 22:13 d-------- e:\program files\ASIO4ALL v2 2008-12-04 22:12 . 2008-12-04 22:12 d-------- e:\program files\Outsim 2008-12-04 22:11 . 2008-12-04 22:13 d-------- e:\program files\Image-Line 2008-12-04 21:52 . 2008-12-04 21:52 d-------- e:\program files\JetAudio 2008-12-04 21:52 . 2008-12-11 22:35 d--h----- e:\program files\InstallShield Installation Information 2008-12-04 21:52 . 2008-12-04 21:52 d-------- e:\program files\Common Files\COWON . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-17 20:52 --------- d-----w e:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-17 19:33 --------- d-----w e:\program files\Common Files\InstallShield 2008-12-16 19:39 --------- d-----w e:\documents and settings\Admin\Application Data\Winamp 2008-12-10 19:58 --------- d-----w e:\program files\uTorrent 2008-12-04 16:42 --------- d-----w e:\program files\QIP 2008-11-30 19:26 --------- d-----w e:\program files\Common Files\Adobe 2008-11-26 20:53 --------- d-----w e:\program files\Radmin Viewer 3 2008-11-26 20:51 --------- d-----w e:\program files\Microsoft ActiveSync 2008-11-26 19:51 --------- d-----w e:\program files\UltraISO 2008-11-26 19:51 --------- d-----w e:\program files\LClock 2008-11-26 19:51 --------- d-----w e:\program files\KillSoft 2008-11-26 19:51 --------- d-----w e:\program files\Download Master 2008-11-26 19:51 --------- d-----w e:\program files\DAEMON Tools Lite 2008-11-26 19:51 --------- d-----w e:\program files\Common Files\EZB Systems 2008-11-26 19:51 --------- d-----w e:\documents and settings\Admin\Application Data\DAEMON Tools 2008-11-26 19:50 --------- d-----w e:\program files\Sun xVM VirtualBox 2008-11-26 19:50 --------- d-----w e:\program files\Common Files\Ahead 2008-11-26 19:50 --------- d-----w e:\program files\Ahead 2008-11-26 19:47 --------- d-----w e:\program files\RadminServerStop 2008-11-26 19:46 --------- d-----w e:\program files\Smart Install Maker 2008-11-26 19:46 --------- d-----w e:\program files\NeoSmart Technologies 2008-11-26 19:46 --------- d-----w e:\program files\LouderIt 2008-11-26 19:46 --------- d-----w e:\program files\FSImgViewer 2008-11-26 19:46 --------- d-----w e:\program files\Easy Gif Animator 2008-11-26 19:46 --------- d-----w e:\program files\Driver-soft 2008-11-26 19:46 --------- d-----w e:\program files\CPU-Z 2008-11-26 19:46 --------- d-----w e:\documents and settings\Admin\Application Data\FastStone 2008-11-26 19:44 --------- d-----w e:\program files\Bonjour 2008-11-26 19:41 --------- d-----w e:\program files\Common Files\Macrovision Shared 2008-11-26 19:39 --------- d-----w e:\program files\TechSmith 2008-11-26 19:39 --------- d-----w e:\program files\Common Files\Wise Installation Wizard 2008-11-26 19:39 --------- d-----w e:\documents and settings\All Users\Application Data\TechSmith 2008-11-26 19:38 --------- d-----w e:\program files\XPTweaker 2008-11-26 19:38 --------- d-----w e:\program files\Uninstall Tool 2008-11-26 19:38 --------- d-----w e:\program files\Regshot 2008-11-26 19:38 --------- d-----w e:\program files\OperaAC 2008-11-26 19:38 --------- d-----w e:\program files\Ccleaner 2008-11-26 19:37 --------- d-----w e:\program files\Common Files\Macromedia 2008-11-26 19:36 --------- d-----w e:\program files\Macromedia 2008-11-26 19:30 --------- d-----w e:\program files\Microsoft Works 2008-11-26 19:29 --------- d-----w e:\program files\Microsoft.NET 2008-11-26 19:26 --------- d-----w e:\program files\Punto Switcher 2008-11-26 19:26 --------- d-----w e:\program files\Foxit Reader 2008-11-26 19:19 --------- d-----w e:\program files\VistaDriveIcon 2008-11-26 19:19 --------- d-----w e:\program files\microsoft frontpage 2008-11-26 19:18 717,296 ----a-w e:\windows\system32\drivers\sptd.sys 2008-11-26 19:16 --------- d-----w e:\program files\Common Files\Java 2008-11-26 19:14 --------- d---a-w e:\program files\AmlMaple 2008-11-26 19:09 --------- d-----w e:\program files\Windows Media Connect 2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-05-20 30208] "Punto Switcher"="e:\program files\Punto Switcher\ps.exe" [2007-11-14 201728] "Download Master"="e:\program files\Download Master\dmaster.exe" [2008-01-26 3266560] "googletalk"="e:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184] "uTorrent"="e:\program files\uTorrent\utorrent.exe" [2008-12-10 270128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H2O"="e:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200] "avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 e:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-05-20 30208] "VistaIcon"="e:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IE7_011"="shell32" [X] "ZZZZ2_FirstLogonSetting"="advpack.dll" [2008-05-20 e:\windows\system32\advpack.dll] "IE7_012"="advpack.dll" [2008-05-20 e:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UpdatesOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\uTorrent\\utorrent.exe"= "e:\\Program Files\\ApexDC++ and 666\\ApexDC++\\ApexDC.exe"= "e:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "e:\\Program Files\\HotCoffee Messenger\\HotCoffee.exe"= "e:\\WINDOWS\\system32\\sessmgr.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 TTFixerService;NST ToolTipFixer;"e:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe" [2007-06-27 10240] R3 CLEDX;Team H2O CLEDX service;e:\windows\system32\DRIVERS\cledx.sys [2008-12-13 33792] R3 MA763010;M-Audio Fast Track;e:\windows\system32\drivers\MA763010.sys [2008-12-11 30848] S3 mirrorv3;mirrorv3;e:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328] *Newly Created Service* - WUAUSERV . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.kornet.ru uInternet Settings,ProxyOverride = *.local IE: &Экспорт в Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} - e:\program files\Download Master\dmaster.exe IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} - e:\program files\Download Master\dmaster.exe - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-23 22:25:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(936) e:\windows\system32\SETUPAPI.dll e:\windows\system32\Ati2evxx.dll e:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(996) e:\windows\system32\relog_ap.dll e:\windows\system32\setupapi.dll . ------------------------ Other Running Processes ------------------------ . e:\windows\system32\ati2evxx.exe e:\program files\Alwil Software\Avast4\aswUpdSv.exe e:\program files\Alwil Software\Avast4\ashServ.exe e:\windows\system32\ati2evxx.exe e:\program files\Common Files\Acronis\Schedule2\schedul2.exe e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe e:\program files\M-Audio Fast Track\GBInst.exe e:\program files\Java\jre6\bin\jqs.exe e:\windows\system32\HPZipm12.exe e:\program files\Alwil Software\Avast4\ashMaiSv.exe e:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2008-12-23 22:28:17 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-23 19:28:14 Pre-Run: 60 131 430 400 байт свободно Post-Run: 60,306,112,512 байт свободно 298