Re: Re: Помогите удалить isew32.exe

ComboFix 08-10-19.04 — ??? 2008-10-20 18:30:51.4 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1251.1.1049.18.855 [GMT 4:00]
Running from: C:Users???Desktopлечение компа от ОПОComboFix.exe
Command switches used :: C:Users???DesktopCFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 14:33 4,194,304 —sha-w C:Users???ntuser.dat
2008-10-20 14:33 4,194,304 —sha-w C:Users???ntuser.dat
2008-10-20 14:29 ——— dc—-w C:Users???AppDataRoaminguTorrent
2008-10-20 10:20 ——— dc—-w C:ProgramDataPrevxCSI
2008-10-20 10:14 25,400 -c—a-w C:Windowssystem32driverspxark.sys
2008-10-20 10:14 ——— dc—-w C:Program FilesPrevxCSI
2008-10-20 09:50 2,883,584 —sha-w C:Users???ntuser.dat
2008-10-20 09:50 2,883,584 —sha-w C:Users???ntuser.dat
2008-10-20 09:39 41,793 -c—a-w C:UsersAll UsersnvModes.dat
2008-10-20 09:39 41,793 -c—a-w C:ProgramDatanvModes.dat
2008-10-15 18:10 ——— dc—-w C:Users???AppDataRoamingACD Systems
2008-10-14 13:37 ——— dc—-w C:Users???AppDataRoamingSpyware Terminator
2008-10-12 17:11 ——— dc—-w C:Users???AppDataRoamingNokia Multimedia Player
2008-10-11 08:58 ——— dc—-w C:Users???AppDataRoamingAdobeUM
2008-10-09 07:53 ——— dc—-w C:Users???AppDataRoamingMozilla
2008-10-09 07:52 ——— dc—-w C:Users???AppDataRoamingThunderbird
2008-10-08 17:42 ——— dc—-w C:Users???AppDataRoamingThunderbird
2008-10-08 17:42 ——— dc—-w C:Users???AppDataRoamingMozilla
2008-10-08 17:42 ——— dc—-w C:Program FilesMozilla Thunderbird
2008-10-08 17:25 ——— dc—-w C:Users???AppDataRoamingThe Bat!
2008-10-08 17:16 ——— dc—-w C:Program FilesIObit
2008-10-08 15:01 ——— dc—-w C:Program FilesNew Directory
2008-10-07 12:37 ——— dc—-w C:Users???AppDataRoamingAdobe
2008-10-06 16:28 ——— dc—-w C:Program FilesWindows Sidebar
2008-10-06 16:28 ——— dc—-w C:Program FilesWindows Mail
2008-10-06 08:49 2,048 —-a-w C:WindowsSystem32tzres.dll
2008-10-06 08:48 ——— dc—-w C:Program FilesMSXML 4.0
2008-10-06 08:47 826,368 —-a-w C:WindowsSystem32wininet.dll
2008-10-06 08:47 803,328 —-a-w C:Windowssystem32driverstcpip.sys
2008-10-06 08:47 52,736 —-a-w C:WindowsAppPatchiebrshim.dll
2008-10-06 08:47 24,064 —-a-w C:WindowsSystem32netcfg.exe
2008-10-06 08:47 22,016 —-a-w C:WindowsSystem32netiougc.exe
2008-10-06 08:47 216,632 —-a-w C:Windowssystem32driversnetio.sys
2008-10-06 08:47 167,424 —-a-w C:WindowsSystem32tcpipcfg.dll
2008-10-06 08:46 56,320 —-a-w C:WindowsSystem32iesetup.dll
2008-10-06 08:46 29,184 -c—a-w C:Windowssystem32driversBTHUSB.SYS
2008-10-06 08:46 26,624 —-a-w C:WindowsSystem32ieUnatt.exe
2008-10-06 08:46 220,160 -c—a-w C:Windowssystem32driversbthport.sys
2008-10-06 08:46 2,027,008 —-a-w C:WindowsSystem32win32k.sys
2008-10-06 08:46 19,456 -c—a-w C:Windowssystem32driversbthenum.sys
2008-10-06 08:46 181,760 -c—a-w C:WindowsSystem32fsquirt.exe
2008-10-06 08:44 84,480 —-a-w C:WindowsSystem32INETRES.dll
2008-10-06 08:44 737,792 —-a-w C:WindowsSystem32inetcomm.dll
2008-10-06 08:44 1,327,104 —-a-w C:WindowsSystem32quartz.dll
2008-10-06 08:43 99,840 —-a-w C:WindowsSystem32poqexec.exe
2008-10-06 08:43 3,504,824 —-a-w C:WindowsSystem32ntkrnlpa.exe
2008-10-06 08:43 3,470,520 —-a-w C:WindowsSystem32ntoskrnl.exe
2008-10-06 08:11 53,448 —-a-w C:WindowsSystem32wuauclt.exe
2008-10-06 08:11 45,768 —-a-w C:WindowsSystem32wups2.dll
2008-10-06 08:11 1,811,656 —-a-w C:WindowsSystem32wuaueng.dll
2008-10-06 08:11 1,524,736 —-a-w C:WindowsSystem32wucltux.dll
2008-10-06 08:10 83,456 —-a-w C:WindowsSystem32wudriver.dll
2008-10-06 08:10 563,912 —-a-w C:WindowsSystem32wuapi.dll
2008-10-06 08:10 36,552 —-a-w C:WindowsSystem32wups.dll
2008-10-06 08:10 31,232 —-a-w C:WindowsSystem32wuapp.exe
2008-10-06 08:10 163,904 —-a-w C:WindowsSystem32wuwebv.dll
2008-09-28 09:53 ——— dc—-w C:Users???AppDataRoamingPLAux
2008-09-25 16:27 ——— dc—-w C:Program FilesPCGAME
2008-09-20 11:21 ——— dc—-w C:Program FilesP2P_Torrent
2008-09-20 11:21 ——— dc—-w C:Program FilesConduit
2008-09-19 18:33 ——— dc—-w C:Users???AppDataRoamingSPORE
2008-09-19 16:54 ——— dc—-w C:Program FilesElectronic Arts
2008-09-19 16:51 ——— dc-h—w C:Program FilesInstallShield Installation Information
2008-09-17 07:37 ——— dc—-w C:Users???AppDataRoamingDatalayer
2008-09-12 14:38 ——— dc—-w C:Users???AppDataRoamingDownload Master
2008-09-09 05:58 ——— dc—-w C:Users???AppDataRoamingMacromedia
2008-09-08 17:24 ——— dc—-w C:Users???AppDataRoamingOpera
2008-09-08 15:15 ——— dc—-w C:Program FilesQIP
2008-09-08 12:14 ——— dc—-w C:Program FilesOpera
2008-09-08 11:26 ——— dc—-w C:Program FilesuTorrent
2008-09-04 13:35 ——— dc—-w C:ProgramDataMicrosoft Help
2008-08-20 16:07 ——— dc—-w C:Users???AppDataRoamingBioshock
2008-08-20 10:32 ——— dc—-w C:ProgramDataNVIDIA
2008-08-20 08:48 ——— dc—-w C:Users???AppDataRoamingQIP
2008-08-19 17:36 12,931 -c—a-w C:Users???AppDataRoamingnvModes.dat
2008-08-13 10:01 12,978 -c—a-w C:Users???AppDataRoamingnvModes.dat
2007-10-23 17:58 174 —sha-w C:Program Filesdesktop.ini
2007-07-16 16:49 76 -csh—r C:WindowsCT4CET.bin
2007-09-22 18:18 16,384 —sha-w C:WindowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
2007-09-22 18:18 32,768 —sha-w C:WindowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
2007-09-22 18:18 16,384 —sha-w C:WindowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat
2008-05-02 09:27 281,532,192 —sha-w C:WindowsSystem32driversfidbox(108).dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-20_13.54.03.02 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-10-14 13:42:19 32,768 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-10-20 10:52:07 32,768 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
— 2008-10-14 13:42:19 32,768 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2008-10-20 10:52:07 32,768 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-10-14 13:42:19 32,768 —sha-w C:WindowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2008-10-20 10:52:07 32,768 —sha-w C:WindowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}»= «C:Program FilesP2P_TorrenttbP2P_.dll» [2008-08-20 1780248]

[HKEY_CLASSES_ROOTclsid{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2008-08-20 23:03 1780248 —a—c— C:Program FilesP2P_TorrenttbP2P_.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{bc4be15d-6a34-4356-9e97-79e43da32b1d}»= «C:Program FilesP2P_TorrenttbP2P_.dll» [2008-08-20 1780248]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}»= «C:Program FilesP2P_TorrenttbP2P_.dll» [2008-08-20 1780248]

[HKEY_CLASSES_ROOTclsid{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»C:Program FilesPunto Switcherps.exe» [2003-11-12 207872]
«ehTray.exe»=»C:WindowsehomeehTray.exe» [2006-11-02 125440]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-04-28 857648]
«SunJavaUpdateSched»=»C:Program FilesJavajre1.6.0_03binjusched.exe» [2007-09-25 132496]
«GrooveMonitor»=»C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe» [2007-08-24 33648]
«nod32kui»=»C:Program FilesEsetnod32kui.exe» [2008-07-06 949376]
«NvCplDaemon»=»C:Windowssystem32NvCpl.dll» [2008-06-09 13543968]
«NvMediaCenter»=»C:Windowssystem32NvMcTray.dll» [2008-06-09 92704]
«NVHotkey»=»C:Windowssystem32nvHotkey.dll» [2008-06-09 96800]
«MSConfig»=»C:Windowssystem32msconfig.exe» [2006-11-02 222208]
«SigmatelSysTrayApp»=»sttray.exe» [2007-03-07 C:Windowssttray.exe]

C:Users‘ и AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
‚л१Є нЄа ­ Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE [2007-08-24 101784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2006-07-14 13:46 45056 C:WindowsSystem32avldr.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@=»Service»

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma Loader.lnk
backup=C:WindowspssAdobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=C:WindowspssAdobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupBTTray.lnk
backup=C:WindowspssBTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupDigital Line Detect.lnk
backup=C:WindowspssDigital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
—a—c— 2007-10-23 14:18 202024 C:Program FilesCommon FilesNeroLibNMBgMonitor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBroadcom Wireless Manager UI]
—a—c— 2007-03-21 12:33 1548288 C:WindowsSystem32WLTRAY.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDevice Detector]
—a—c— 2003-11-26 19:54 217088 C:Program FilesCommon FilesACD SystemsENDevDetect.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
—a—c— 2007-07-20 18:47 3088384 C:Program FilesDownload Masterdmaster.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
—a—c— 2007-10-15 10:40 1077032 C:Program FilesNeroNero8InCDInCD.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]
—a—c— 2006-10-03 14:37 81920 C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
—a—— 2007-12-11 20:02 4855288 C:Program FilesMail.RuAgentmagent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a—c— 2007-03-01 14:57 153136 C:Program FilesCommon FilesNeroLibNeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOEM02Mon.exe]
—a—c— 2007-02-02 13:00 36864 C:WindowsOEM02Mon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCMService]
——c— 2007-04-16 19:10 184320 C:Program FilesDellMediaDirectPCMService.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
—a—c— 2006-06-15 13:36 229376 C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
—a—c— 2007-10-15 10:40 2045224 C:Program FilesNeroNero8InCDNBHGui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Defender]
—a—— 2007-07-17 04:28 1006264 C:Program FilesWindows DefenderMSASCui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2097062943-1352336681-2842851241-1000]
«EnableNotificationsRef»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{D1D2FA24-18A0-43EC-9F45-45F5F6626D21}»= C:Program FilesDellMediaDirectPowerCinema.exe:CyberLink PowerCinema
«{E460D5CE-9237-4061-946D-9942DFAA2102}»= C:Program FilesDellMediaDirectPCMService.exe:CyberLink PowerCinema Resident Program
«{7E26E12A-FC70-4210-B142-C11D0B34C149}»= C:Program FilesDellMediaDirectKernelDMPCLBrowserEngine.exe:Cyberlink Media Server Browser Engine
«{695642C4-FD67-4371-8F0E-E4C54A1856A9}»= C:Program FilesDellMediaDirectKernelDMSCLMSService.exe:CyberLink Media Server
«{580DB347-ADC0-4BAC-8CCF-C511826240A8}»= TCP:6004|C:Program FilesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{CC01159E-AA13-4A9B-AA93-8CD05AD89AEE}»= UDP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{B81FFACD-456B-4495-9BA8-A90386671FF4}»= TCP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{15D8AAE7-D412-4FBF-BB10-5D06F4CC71D5}»= UDP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{56DD8996-3749-442C-B6C1-D981EAC597D6}»= TCP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«TCP Query User{D1D6E9FE-05C4-409F-8B80-9E2F1EFCDF8E}C:\users\???\desktop\qip8010\qip.exe»= UDP:C:users???desktopqip8010qip.exe:qip.exe
«UDP Query User{D2137E2D-7D92-4FD3-8137-94953D0CE5C4}C:\users\???\desktop\qip8010\qip.exe»= TCP:C:users???desktopqip8010qip.exe:qip.exe
«TCP Query User{2FFFCE10-3AFE-4AC8-9E02-38FC4168F6D0}C:\users\???\documents\qip8010\qip.exe»= UDP:C:users???documentsqip8010qip.exe:qip.exe
«UDP Query User{4FFAC28C-04E3-4B30-8DCC-E48DBFDDD7CA}C:\users\???\documents\qip8010\qip.exe»= TCP:C:users???documentsqip8010qip.exe:qip.exe
«{F5631D7E-FB84-4DBD-9CF3-E9BE233DBBAA}»= UDP:C:Program FilesCyanideGameCenterGameCenter.exe:GameCenter
«{7F2759ED-CB94-436E-920C-9E431DE36DC2}»= TCP:C:Program FilesCyanideGameCenterGameCenter.exe:GameCenter
«TCP Query User{EC5F8311-8C63-48AC-8D05-B6188B211D26}C:\users\???\desktop\старый комп\игры\quake\ruake3.exe»= UDP:C:users???desktopстарый компигрыquakeruake3.exe:ruake3.exe
«UDP Query User{9CEFAFFD-DFE9-46E0-829F-C1400ACD7BE4}C:\users\???\desktop\старый комп\игры\quake\ruake3.exe»= TCP:C:users???desktopстарый компигрыquakeruake3.exe:ruake3.exe
«{F917EA36-0135-4902-BDAF-37B8B71E5BFF}»= UDP:C:Program FilesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{D04FCCBD-FB81-4BF6-A7C2-3BE9702A3D65}»= TCP:C:Program FilesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{AC45A810-3B52-40CD-81DE-E1E0A296561B}C:\program files\qip\qip.exe»= UDP:C:program filesqipqip.exe:Quiet Internet Pager
«UDP Query User{8D60217D-BA4E-4A56-AD2A-A05D7A58F1CD}C:\program files\qip\qip.exe»= TCP:C:program filesqipqip.exe:Quiet Internet Pager

[HKLM~servicessharedaccessparametersfirewallpolicyRestrictedServicesStaticSystem]
«DFSR-1″= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pxark;pxark;C:Windowssystem32driverspxark.sys [2008-10-20 25400]
R2 AmFSM;Panda Anti-Virus Filesystem Minifilter;C:Windowssystem32Driversamm8660.sys [2006-12-15 34816]
R2 CSIScanner;CSIScanner;C:Program FilesPrevxCSIprevxcsi.exe [2008-10-20 880696]
R2 PD91Agent;PD91Agent;C:Program FilesRaxcoPerfectDisk2008PD91Agent.exe [2008-02-28 668936]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:Windowssystem32DRIVERSOEM02Dev.sys [2007-03-20 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:Windowssystem32DRIVERSOEM02Vfx.sys [2007-03-06 7424]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:Windowssystem32DRIVERSAmps2prt.sys [2006-05-09 13824]
S3 btwaudio;Аудиоустройство Bluetooth;C:Windowssystem32driversbtwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT Service;C:Windowssystem32driversbtwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:Windowssystem32DRIVERSbtwrchid.sys [2006-11-07 16560]
S3 PD91Engine;PD91Engine;C:Program FilesRaxcoPerfectDisk2008PD91Engine.exe [2008-02-29 894216]
S4 PskSvcRetail;Panda PSK service;C:Program FilesPanda SoftwarePanda Antivirus 2007PskSvc.exe [ ]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1cb6193d-6bf4-11dc-a3a4-0019b97eb121}]
shellAutoRuncommand — G:USBNB.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2345bac5-482b-11dd-8f9c-0019b97eb121}]
shellAutoRuncommand — F:a3g3.bat
shellexploreCommand — F:a3g3.bat
shellopenCommand — F:a3g3.bat

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{af083a34-c012-11dc-b9ab-0019b97eb121}]
shellAutocommand — BootIO.exe
shellAutoRuncommand — C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BootIO.exe

*Newly Created Service* — CATCHME
*Newly Created Service* — PROCEXP90
*Newly Created Service* — PXARK
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 18:33:02
Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-20 18:34:42
ComboFix-quarantined-files.txt 2008-10-20 14:34:36
ComboFix2.txt 2008-10-20 09:55:01

Pre-Run: Не удается найти текст сообщения с номером 0x2379 в файле сообщений Application.
Post-Run: 17,298,210,816 байт свободно

252 — E O F — 2008-10-06 08:50:50