ComboFix 10-07-16.02 — User 19.07.10 0:26.1.2 — x86
Running from: D:ComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsAll UsersГлавное менюПрограммыnew
c:documents and settingsAll UsersГлавное менюПрограммыnew Uninstall PowerDVD.lnk
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:documents and settingsUserLocal SettingsApplication DataDownloaded Installations{5B00B6A7-3352-415F-A7C2-ABCCCEC5383E}
c:documents and settingsUserLocal SettingsApplication DataDownloaded Installations{5B00B6A7-3352-415F-A7C2-ABCCCEC5383E}1049.MST
c:documents and settingsUserLocal SettingsApplication DataDownloaded Installations{5B00B6A7-3352-415F-A7C2-ABCCCEC5383E}rserv33ru.msi
c:program filesMail.RuAgentMradllnewmrasearch.dll
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.
2010-07-18 15:17 . 2010-07-18 15:17
d
w- c:program filesAutocompletePro
2010-07-18 11:08 . 2010-07-18 11:08
d
w- c:program filesJRE
2010-07-18 09:35 . 2010-07-18 11:08
d
w- c:program filesOpenOffice.org 3
2010-07-17 12:44 . 2010-07-17 12:45
d
w- c:program filestrend micro
2010-07-17 12:44 . 2010-07-17 12:45
d
w- C:rsit
2010-07-05 08:35 . 2010-07-05 08:35
d
w- c:windowsSun
2010-06-25 06:07 . 2009-08-06 16:23 274288 —-a-w- c:windowssystem32mucltui.dll
2010-06-24 11:05 . 2010-07-18 15:15
d
w- C:VritualRoot
2010-06-24 07:57 . 2010-06-24 20:22
d
w- c:program files2IPStartGuard
2010-06-20 13:14 . 2010-06-20 13:15
d
w- c:documents and settingsAll UsersApplication DataCOMODO
2010-06-20 13:05 . 2010-06-20 13:05
d
w- c:program filesCOMODO
2010-06-20 12:57 . 2010-06-20 12:59
d
w- c:documents and settingsAll UsersApplication DataComodo Downloader
2010-06-19 08:30 . 2010-06-19 08:30
d
w- c:documents and settingsUserApplication DataRadmin
2010-06-19 08:14 . 2010-06-19 09:55
d
w- c:windowssystem32rserver30
2010-06-19 08:13 . 2010-07-18 21:29
d
w- c:documents and settingsUserLocal SettingsApplication DataDownloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 21:33 . 2010-01-05 12:34
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-07-18 15:32 . 2010-01-20 19:19 1 —-a-w- c:documents and settingsUserApplication DataOpenOffice.org3useruno_packagescachestamp.sys
2010-07-18 13:22 . 2010-01-05 12:25 48328 —-a-w- c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-17 08:43 . 2010-05-27 14:50
d
w- c:program filesRadioClicker LITE
2010-07-15 12:21 . 2010-05-25 18:38
d
w- c:documents and settingsUserApplication DataZoomBrowser EX
2010-07-15 11:20 . 2010-05-15 09:42 8704 —-a-r- c:documents and settingsUserApplication DataMicrosoftInstaller{ACA6DDDE-15E3-4DB9-94FB-B0FA8DCC6493}hh.exe
2010-07-15 11:20 . 2010-05-15 09:42 15086 —-a-r- c:documents and settingsUserApplication DataMicrosoftInstaller{ACA6DDDE-15E3-4DB9-94FB-B0FA8DCC6493}photoshedevrD.exe
2010-07-15 11:20 . 2010-05-15 09:42 15086 —-a-r- c:documents and settingsUserApplication DataMicrosoftInstaller{ACA6DDDE-15E3-4DB9-94FB-B0FA8DCC6493}photoshedevr.exe
2010-07-13 15:25 . 2010-01-24 08:54
d
w- c:documents and settingsUserApplication DataSkype
2010-07-13 13:01 . 2010-01-06 16:00
d
w- c:documents and settingsUserApplication DataskypePM
2010-07-11 12:18 . 2010-02-05 17:06
d
w- c:program filesDownload Master
2010-07-11 06:42 . 2010-05-25 18:21 501088 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-06-29 16:09 . 2010-01-29 17:47
d
w- c:program filesYandex
2010-06-29 16:09 . 2010-01-29 17:47
d
w- c:documents and settingsUserApplication DataYandex
2010-06-17 19:45 . 2010-06-17 19:45
d
w- c:program filesCommon FilesSkype
2010-06-15 14:15 . 2010-06-15 14:15 133648 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736mmpprtc.dll
2010-06-15 14:15 . 2010-06-15 14:15 133720 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736mmpprtc.dll
2010-06-14 14:31 . 2010-01-05 10:57 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-13 09:06 . 2010-06-13 09:06
d
w- c:program filesFeedReader30
2010-06-11 19:24 . 2010-06-11 19:24
d
w- c:documents and settingsUserApplication DataCANON INC
2010-06-04 08:55 . 2010-06-04 08:55 229312 —-a-w- c:windowssystem32driverscmdGuard.sys
2010-06-01 16:00 . 2010-06-01 16:00 278288 —-a-w- c:windowssystem32guard32.dll
2010-06-01 16:00 . 2010-06-01 16:00 87824 —-a-w- c:windowssystem32driversinspect.sys
2010-06-01 16:00 . 2010-06-01 16:00 25240 —-a-w- c:windowssystem32driverscmdhlp.sys
2010-06-01 16:00 . 2010-06-01 16:00 15464 —-a-w- c:windowssystem32driverscmderd.sys
2010-05-29 14:46 . 2010-01-05 11:41
d—h—w- c:program filesInstallShield Installation Information
2010-05-27 17:53 . 2010-05-27 17:53 503808 —-a-w- c:documents and settingsUserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-1fc0f992-nmsvcp71.dll
2010-05-27 17:53 . 2010-05-27 17:53 499712 —-a-w- c:documents and settingsUserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-1fc0f992-njmc.dll
2010-05-27 17:53 . 2010-05-27 17:53 348160 —-a-w- c:documents and settingsUserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-1fc0f992-nmsvcr71.dll
2010-05-27 17:53 . 2010-05-27 17:53 61440 —-a-w- c:documents and settingsUserApplication DataSunJavaDeploymentSystemCache6.0505535ab32-24378339-ndecora-sse.dll
2010-05-27 17:53 . 2010-05-27 17:53 12800 —-a-w- c:documents and settingsUserApplication DataSunJavaDeploymentSystemCache6.0505535ab32-24378339-ndecora-d3d.dll
2010-05-27 14:50 . 2010-05-27 14:50
d
w- c:documents and settingsUserApplication DataROALDevelopment
2010-05-25 19:06 . 2010-03-12 17:34
d
w- c:program filesCanon
2010-05-25 18:29 . 2010-05-25 18:29
d
w- c:documents and settingsAll UsersApplication DataZoomBrowser
2010-05-25 18:27 . 2008-04-15 11:00 540860 —-a-w- c:windowssystem32perfh019.dat
2010-05-25 18:27 . 2008-04-15 11:00 100270 —-a-w- c:windowssystem32perfc019.dat
2010-05-25 17:50 . 2010-05-25 17:50
d
w- c:program filesCommon FilesCanon
2010-05-06 18:00 . 2010-05-06 18:00 664 —-a-w- c:windowssystem32d3d9caps.dat
2010-05-06 10:35 . 2008-04-15 11:00 916480 —-a-w- c:windowssystem32wininet.dll
2010-05-05 16:21 . 2010-01-05 12:34 97549 —-a-w- c:windowssystem32driversklick.dat
2010-05-05 16:21 . 2010-01-05 12:34 113933 —-a-w- c:windowssystem32driversklin.dat
2010-05-02 08:09 . 2008-04-15 11:00 1851392 —-a-w- c:windowssystem32win32k.sys
2010-04-29 12:39 . 2010-04-23 16:24 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 12:39 . 2010-04-23 16:24 20952 —-a-w- c:windowssystem32driversmbam.sys
2010-04-20 05:32 . 2008-04-15 11:00 285696 —-a-w- c:windowssystem32atmfd.dll
2010-03-03 21:21 . 2010-01-05 12:34 3121696 —sha-w- c:windowssystem32driversfidbox.dat
2010-03-03 21:21 . 2010-01-05 12:34 598048 —sha-w- c:windowssystem32driversfidbox2.dat
.
Sigcheck
[-] 2009-11-26 . F5E8B729CE74757A6635FED21614DE50 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{1392b8d2-5c05-419f-a8f6-b9f15a596612}»= «c:program filesFreecordertbFre1.dll» [2010-06-24 2515552]
[HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-06-24 11:18 2515552 —-a-w- c:program filesFreecordertbFre1.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-02-16 8944968]
«{1392b8d2-5c05-419f-a8f6-b9f15a596612}»= «c:program filesFreecordertbFre1.dll» [2010-06-24 2515552]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-02-16 8944968]
«{1392B8D2-5C05-419F-A8F6-B9F15A596612}»= «c:program filesFreecordertbFre1.dll» [2010-06-24 2515552]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Advanced SystemCare 3″=»c:program filesIObitAdvanced SystemCare 3AWC.exe» [2010-07-02 2347216]
«feedreader.exe»=»c:program filesFeedReader30feedreader.exe» [2009-03-29 2058240]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=»RTHDCPL.EXE» [2009-03-27 17567744]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2009-07-02 98304]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2010avp.exe» [2009-10-20 340456]
«CNAP2 Launcher»=»c:windowsSystem32spoolDRIVERSW32X863CNAP2LAK.EXE» [2007-09-05 406944]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-06-20 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-06-09 976832]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«VMonitorVMUVC»=»c:program filesVimicro CorporationVMUVCVMonitor.exe» [2008-08-29 143360]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«WinPatrol»=»c:program filesBillP StudiosWinPatrolWinPatrol.exe» [2009-10-10 320832]
«COMODO Internet Security»=»c:program filesCOMODOCOMODO Internet Securitycfp.exe» [2010-06-01 2039240]
«WinPatrol [FREE Edition]»=»c:program filesBILLP STUDIOSWINPATROLWINPATROL.EXE» [2009-10-10 21:07 320832]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2010-03-03 8746680]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
R2 OAcat;Online Armor Helper Service;c:program filesTall EmuOnline ArmorOAcat.exe [x]
R2 SvcOnlineArmor;Online Armor;c:program filesTall EmuOnline Armoroasrv.exe [x]
R3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2008-08-05 1684736]
R4 sptd;sptd;c:windowssystem32Driverssptd.sys [2010-02-15 721904]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-10-14 36880]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32DRIVERScmdguard.sys [2010-06-04 229312]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32DRIVERScmdhlp.sys [2010-06-01 25240]
S1 OADevice;OADriver;c:windowssystem32driversOADriver.sys [2009-12-05 223312]
S1 OAmon;OAmon;c:windowssystem32driversOAmon.sys [2009-12-05 24656]
S1 OAnet;OAnet;c:windowssystem32driversOAnet.sys [2009-12-05 29776]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2009-09-14 32272]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32DRIVERSklmouflt.sys [2009-10-02 19472]
S3 VMUVC;Vimicro Camera Service VMUVC;c:windowssystem32DriversVMUVC.sys [2009-05-25 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:windowssystem32driversvvftUVC.sys [2008-07-01 398720]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 —-a-w- c:program filesCommon FilesLightScribeLSRunOnce.exe
.
Contents of the ‘Scheduled Tasks’ folder
2010-07-18 c:windowsTasksAWC AutoSweep.job
— c:program filesIObitAdvanced SystemCare 3AutoSweep.exe [2010-01-29 11:11]
2010-07-18 c:windowsTasksAWC Update.job
— c:program filesIObitAdvanced SystemCare 3IObitUpdate.exe [2010-01-29 13:18]
.
.
Supplementary Scan
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uInternet Settings,ProxyOverride =
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
TCP: {5CD64F32-A719-4DEC-9B36-5C2ADD9B10DD} = 192.168.1.1
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesirh4bpz2.default
FF — prefs.js: browser.search.defaulturl — hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://www.ukr.net/
FF — prefs.js: keyword.URL — hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF — component: c:program filesMozilla Firefoxextensionslinkfilter@kaspersky.rucomponentsKavLinkFilter.dll
FF — plugin: c:program filesMozilla FirefoxpluginsnpdeployJava1.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdm.dll
—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
— — — — ORPHANS REMOVED — — — —
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 00:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(828)
c:windowssystem32Ati2evxx.dll
— — — — — — — > ‘explorer.exe'(588)
c:windowssystem32WININET.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:windowssystem32wdfmgr.exe
c:program filesCanonCALCALMAIN.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowsRTHDCPL.EXE
c:program filesATI TechnologiesATI.ACECore-StaticMOM.exe
c:windowsSystem32spoolDRIVERSW32X863CNAP2RPK.EXE
c:windowsSystem32spoolDRIVERSW32X863CNAB8SWK.EXE
c:program filesATI TechnologiesATI.ACECore-Staticccc.exe
.
**************************************************************************
.
Completion time: 2010-07-19 00:36:06 — machine was rebooted
ComboFix-quarantined-files.txt 2010-07-18 21:36
Pre-Run: 43 095 175 168 байт свободно
Post-Run: 42 972 491 776 байт свободно
WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect /usepmtimer
— — End Of File — — 5D0E87EAF1713EBDEA8D5F930CBB911E
