ComboFix 12-10-23.01 - Admin 23.10.2012 14:00:29.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1475 [GMT 4:00]
Running from: c:\documents and settings\Admin\¦рсюўшщ ёЄюы\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Персональный файервол ESET *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\documents and settings\Admin\Главное меню\Программы\Автозагрузка\YmK03KZB0PU.exe
c:\documents and settings\All Users\Application Data\IBank
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
C:\Documents
c:\windows\msmqinst.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ieunitdrf.inf
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Temp\tmp3.tmp
c:\windows\XSxS
E:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 09:50 . 2012-10-23 09:51 -------- d-----w- c:\program files\Google
2012-10-23 09:41 . 2012-09-24 19:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-23 09:11 . 2012-10-23 09:11 -------- d-----w- c:\documents and settings\Admin\Application Data\JavaFX Scene Builder
2012-10-23 09:10 . 2012-10-23 09:10 -------- d-----w- c:\program files\Common Files\Java
2012-10-23 09:00 . 2012-10-11 01:05 261600 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-10-23 09:00 . 2012-10-11 01:05 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-23 09:00 . 2012-10-11 01:05 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-23 09:00 . 2012-10-11 01:04 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-23 09:00 . 2012-10-11 01:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-10-23 09:00 . 2012-10-11 01:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-10-23 06:24 . 2012-10-23 06:24 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2012-10-23 06:24 . 2012-10-23 06:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-23 06:24 . 2012-10-23 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-23 06:24 . 2012-09-29 15:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-23 05:53 . 2012-10-23 05:54 -------- d-----w- C:\rsit
2012-10-23 05:53 . 2012-10-23 05:54 -------- d-----w- c:\program files\trend micro
2012-10-23 05:51 . 2012-10-23 05:51 -------- d-sh--w- c:\documents and settings\All Users\QhYxA2S6gBw
2012-10-23 05:15 . 2012-10-23 05:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-23 04:08 . 2012-10-23 04:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-21 10:27 . 2012-10-21 10:27 -------- d-----w- c:\documents and settings\Admin\Application Data\rokapublish
2012-10-18 13:13 . 2012-10-18 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarSouthpoint
2012-10-18 13:04 . 2012-10-18 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2012-10-18 12:35 . 2012-10-18 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Grey Alien Games
2012-10-18 09:06 . 2012-10-18 09:06 -------- d-----w- c:\program files\Наша Версия
2012-10-18 09:06 . 2012-10-18 13:16 -------- d-----w- c:\program files\Alawar Entertainment
2012-10-18 09:04 . 2012-10-18 09:04 -------- d-----w- c:\program files\Ancient Quest of Saqqarah
2012-10-18 09:03 . 2012-10-18 13:16 -------- d-----w- c:\program files\Abundante
2012-10-18 09:03 . 2012-10-18 09:03 -------- d-----w- c:\program files\ReflexiveArcade
2012-10-18 08:47 . 2012-10-18 08:47 -------- d-----w- c:\program files\Farm Tribe 2 Rus
2012-10-18 08:43 . 2012-10-18 08:43 -------- d-----w- c:\program files\COOLGAMES
2012-10-18 08:41 . 2012-10-18 08:42 -------- d-----w- c:\program files\Pirates of New Horizons - Planet Buster
2012-10-18 08:31 . 2012-10-18 08:31 -------- d-----w- c:\program files\game
2012-10-14 05:29 . 2012-10-14 05:29 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ESET
2012-10-14 05:29 . 2012-10-14 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\ESET
2012-10-14 05:28 . 2012-10-14 05:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-10-14 05:26 . 2012-10-14 05:26 -------- d-----w- c:\program files\ESET
2012-10-14 05:26 . 2012-10-14 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-10-14 05:24 . 2012-10-14 05:24 -------- d-----w- c:\program files\Mail.Ru
2012-10-11 13:46 . 2008-03-21 09:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-10-11 13:45 . 2012-10-11 13:45 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Huawei
2012-10-11 13:42 . 2012-10-11 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HiSuite
2012-10-11 13:42 . 2011-08-01 01:31 581192 ----a-w- c:\windows\system32\winusbcoinstaller.dll
2012-10-11 13:42 . 2011-08-01 01:31 1302600 ----a-w- c:\windows\system32\wudfupdate_01007.dll
2012-10-11 13:42 . 2011-08-01 01:31 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-10-11 13:42 . 2012-10-11 13:56 -------- d-----w- c:\program files\HiSuite
2012-10-11 11:22 . 2008-04-13 20:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-10-11 11:22 . 2008-04-13 20:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2012-10-11 11:19 . 2012-10-11 11:19 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Samsung
2012-10-11 11:18 . 2012-10-11 11:44 -------- d-----w- c:\documents and settings\Admin\Application Data\Samsung
2012-10-11 11:15 . 2012-10-11 11:25 -------- dc----w- c:\windows\system32\DRVSTORE
2012-10-11 11:14 . 2012-09-26 16:57 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-10-11 11:13 . 2012-10-11 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung
2012-10-11 11:05 . 2012-10-11 11:43 -------- d-----w- c:\program files\SAMSUNG
2012-10-11 11:04 . 2012-10-11 12:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-10-11 10:32 . 2012-10-11 10:35 -------- d-----w- C:\android-sdk
2012-10-11 10:30 . 2012-10-11 10:31 -------- d-----w- c:\documents and settings\Admin\.android
2012-10-11 10:30 . 2012-10-11 10:31 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Android
2012-10-10 14:27 . 2012-10-10 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-10-10 14:26 . 2012-10-10 14:26 -------- d-----w- c:\program files\Xenocode
2012-10-10 14:23 . 2012-10-10 14:25 -------- d-----w- c:\documents and settings\Admin\Application Data\DVDVideoSoft
2012-10-06 13:35 . 2012-10-10 13:30 -------- d-----w- C:\My downloads
2012-10-06 13:32 . 2012-10-06 13:32 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VKMusic 4
2012-10-06 13:32 . 2012-10-06 13:33 -------- d-----w- c:\program files\VKMusic 4
2012-10-05 13:47 . 2012-10-05 13:47 -------- d-----w- c:\documents and settings\Admin\Application Data\YoudaGames
2012-10-04 08:42 . 2012-10-22 14:48 -------- d-----w- c:\documents and settings\Admin\Application Data\AnvSoft
2012-10-03 16:15 . 2012-10-03 16:15 -------- d-----w- c:\program files\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 09:09 . 2012-05-25 18:45 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-23 09:09 . 2012-05-25 18:45 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-23 05:16 . 2011-08-10 20:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:05 . 2012-10-23 09:00 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-25 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2011-08-15 09:40 . 6941BC76E7DD739150D07CA54DBC1D87 . 1406976 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2010-04-12 . AFF794E22A94B50C1C039646977C05ED . 616448 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2011-08-15 . 2F61A23FD6AE38DE7F2896A18F8E4F58 . 648192 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2011-08-15 . A9A5E519D683C7567CC06BE600D623F9 . 929280 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2011-08-15 . 4EF89624E8428B8EC5D200524370A027 . 1061888 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
.
[-] 2011-08-15 . 09ECBA39AFFB03F5736192DA6EDF204F . 257024 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
.
[-] 2010-04-12 . E7ECD4FA070B0BEEA3C3C7115C5C2F17 . 632320 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2011-08-15 . 0A20E710200C82AA7F9D9BAF1B910090 . 1765888 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2011-08-15 . 669092DB173BBBA2C23B5D016DABCB05 . 219136 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2011-08-15 . 23559BD4E95879A34B9936EF67041BB9 . 1292288 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
.
[-] 2011-08-15 . 60B3FCC491EFF0DC7A86D2A420206F4F . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2011-08-15 . 4E905F8D5DD204EF0C4E0616DC91DDF5 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
.
[-] 2011-08-15 . 01AA7A93FCEF302CE7978562ABF0F3C2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2011-08-15 . 855C923613000B90FC0617F845FF9265 . 358912 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2011-08-23 . 9BB80F2D6C07F6642F36F4A27B670590 . 2031616 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2010-04-12 . 03C0AF39BCEF07EE95CB7216D9685E5C . 2149888 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2011-08-15 . 984CDCD67B841A3D4099752D657D60AE . 349696 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
[-] 2011-08-15 . 28DB0E75ACEC07983D05F2AA06AA1717 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2011-12-19 8856376]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2009-01-11 132096]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-12 880496]
"EVEREST AutoStart"="e:\торренты\EVEREST Ultimate Edition v5.50 Build 2242 Beta Multilingual\everest.exe" [2012-05-12 2487904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2011-08-15 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2009-01-11 132096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Z-Del_Mini1"="del" [X]
"Z-Del_Mini3"="reg add hkcu\Software\Microsoft\Internet Explorer\Toolbar" [X]
"Z-Del_Mini4"="reg add hkcu\Software\Microsoft\Internet Explorer\Toolbar" [X]
.
c:\documents and settings\Admin\Главное меню\Программы\Автозагрузка\
vw.lnk - c:\documents and settings\Admin\Мои документы\vw.exe [2012-4-8 1172992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
2012-10-11 13:42 547840 ----a-w- c:\program files\HiSuite\HiSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 05:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.03.2012 8:40 120152]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [04.04.2012 23:10 33824]
R2 am7pro;Art*Money*Pro7.37.2;c:\games\ArtMoney\am737.sys [04.04.2012 17:40 8192]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [07.03.2012 15:40 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [04.04.2012 13:22 2348352]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\торренты\EVEREST Ultimate Edition v5.50 Build 2242 Beta Multilingual\kerneld.wnt [12.05.2012 20:50 28272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [04.04.2012 16:43 123712]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 gupdate;Служба Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.10.2012 13:50 116648]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [15.04.2008 16:00 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04.04.2012 16:43 1691480]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 gupdatem;Служба Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.10.2012 13:50 116648]
S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?]
S3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 09:50]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 09:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://all.hopto.org
mStart Page = hxxp://all.hopto.org
TCP: Interfaces\{BCF05239-9E5F-484F-BDD9-8B927FF0663F}: NameServer = 213.177.96.1,213.177.97.1
TCP: Interfaces\{D97ABFA8-7A0B-42DC-A050-459F2D27A618}: NameServer = 88.147.129.15 88.147.128.17
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\gnr2720r.default\
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage - hxxp://firefox.yandex.ru/
FF - prefs.js: keyword.URL - hxxp://yandex.ru/yandsearch?clid=1864188-101&text=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-ITBar7Position - (no file)
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
Notify-WgaLogon - (no file)
AddRemove-HashTab - c:\windows\system32\ShellExt\htdel32.bat
AddRemove-ZP--LineageII - e:\games\4game\LineageII\4GameUninstaller.exe LineageII Frost\frostUpdater.exe system\l2.exe
AddRemove-ZP--PointBlank - e:\program files\4game\PointBlank\4GameUninstaller.exe PointBlank Frost\frostUpdater.exe
AddRemove-ZP-pts-LineageII PTS - e:\lineageii\4GameUninstaller.exe LineageII PTS pts Frost\frostUpdater.exe system\l2.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-Винодел - c:\program files\Винодел\Uninstall.exe
AddRemove-Русалочка и тайна древнего клада - c:\program files\GFI\Sea_Quest_2_rus\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-10-23 14:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-113007714-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,3e,09,c1,de,7c,58,45,9b,7b,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,3e,09,c1,de,7c,58,45,9b,7b,eb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1132)
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\cryptdll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
e:\c:\Documents and Settings\Admin\c:\windows\system32\svchost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-10-23 14:16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-23 10:16
.
Pre-Run: 49*945*026*560 байт свободно
Post-Run: 49*898*115*072 байт свободно
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU" /noexecute=optin /fastdetect
.
- - End Of File - - FDB6BB8688541DC0B9C84CF8E6647916