ComboFix 09-12-24.02 - piterovdv 28.12.2009  10:22:08.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.959.445 [GMT 3:00]
Running from: c:\documents and settings\piterovdv\ \ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
[i] ADS - WINDOWS: deleted 0 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\piterovdv\Application Data\.#
c:\documents and settings\piterovdv\Application Data\.#\MBX@B8C@383240.###
c:\documents and settings\piterovdv\Application Data\.#\MBX@ECC@383240.###
c:\documents and settings\piterovdv\ 㬥\BackupRegistry(20090313).reg
c:\windows\system32\office.exe

----- BITS: Possible infected sites -----

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-28  )))))))))))))))))))))))))))))))
.

2009-12-28 07:14 . 2009-12-28 07:14	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\ABBYY
2009-12-28 07:03 . 2009-12-28 07:03	--------	d-----w-	c:\program files\Common Files\ABBYY
2009-12-28 07:02 . 2009-12-28 07:14	--------	d-----w-	c:\program files\ABBYY FineReader 9.0
2009-12-28 06:55 . 2009-12-28 06:56	--------	d-----w-	c:\program files\USB Safely Remove
2009-12-25 06:57 . 2009-12-25 06:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yandex
2009-12-25 06:57 . 2009-12-25 06:57	--------	d-----w-	c:\program files\Yandex
2009-12-25 06:57 . 2009-12-25 06:57	--------	d-----w-	c:\documents and settings\piterovdv\Local Settings\Application Data\Yandex
2009-12-24 13:25 . 2009-12-24 13:25	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\Malwarebytes
2009-12-24 13:25 . 2009-12-03 13:14	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 13:25 . 2009-12-24 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-24 13:25 . 2009-12-24 13:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-12-24 13:25 . 2009-12-03 13:13	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-12-24 12:45 . 2009-12-24 12:45	--------	d-----r-	c:\documents and settings\LocalService\
2009-12-24 11:58 . 2006-11-27 08:33	58368	----a-r-	c:\windows\system32\drivers\NVENETFD.sys
2009-12-24 11:58 . 2006-11-27 08:31	192512	----a-r-	c:\windows\system32\fdco1.dll
2009-12-24 11:58 . 2006-11-07 06:58	356352	----a-w-	c:\windows\system32\nvunrm.exe
2009-12-24 11:58 . 2006-11-07 06:58	35840	----a-r-	c:\windows\system32\nvconrm.dll
2009-12-24 11:58 . 2006-11-27 08:33	19968	----a-r-	c:\windows\system32\drivers\nvnetbus.sys
2009-12-24 11:58 . 2006-11-27 08:33	110592	----a-r-	c:\windows\system32\drivers\nvtcp.sys
2009-12-24 11:58 . 2006-11-27 08:33	895744	----a-r-	c:\windows\system32\drivers\nvnrm.sys
2009-12-24 11:58 . 2006-11-27 08:33	261632	----a-r-	c:\windows\system32\drivers\nvsnpu.sys
2009-12-24 11:58 . 2006-11-27 08:31	9216	----a-r-	c:\windows\system32\bdco1.dll
2009-12-24 11:54 . 2009-12-24 11:54	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\InstallShield

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 07:33 . 2009-05-04 08:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-28 07:33 . 2008-10-09 06:18	--------	d-----w-	c:\program files\SpeedFan
2009-12-28 07:16 . 2009-05-04 08:57	761888	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-12-28 07:16 . 2009-05-04 08:57	4732	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-12-28 07:16 . 2009-05-04 08:57	3695136	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-12-28 07:16 . 2009-05-04 08:57	30996	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-12-28 07:02 . 2008-05-30 08:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\ABBYY
2009-12-25 06:57 . 2009-02-11 07:05	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\DMCache
2009-12-24 13:44 . 2009-04-01 06:54	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\LockTime
2009-12-24 13:44 . 2009-04-01 07:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Locktime
2009-12-24 12:17 . 2009-01-12 07:13	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 11:57 . 2004-08-18 08:00	606188	----a-w-	c:\windows\system32\perfh019.dat
2009-12-24 11:57 . 2004-08-18 08:00	128240	----a-w-	c:\windows\system32\perfc019.dat
2009-12-24 11:55 . 2009-05-06 06:36	--------	d-----w-	c:\program files\Ashampoo
2009-12-24 11:55 . 2009-12-24 11:55	--------	d-----w-	c:\program files\ANI
2009-12-24 11:55 . 2009-12-24 11:55	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-24 11:55 . 2009-12-24 11:55	--------	d-----w-	c:\program files\D-Link
2009-11-24 07:02 . 2008-10-06 06:38	158272	----a-w-	c:\windows\system32\drivers\snapman.sys
2009-11-24 06:46 . 2009-11-24 06:46	160288	----a-w-	c:\windows\system32\drivers\afcdp.sys
2009-11-24 06:46 . 2009-09-23 05:59	--------	d-----w-	c:\program files\Common Files\Acronis
2009-11-24 06:46 . 2009-11-10 07:24	911680	----a-w-	c:\windows\system32\drivers\tdrpm258.sys
2009-11-24 06:46 . 2009-09-23 06:02	581984	----a-w-	c:\windows\system32\drivers\timntr.sys
2009-11-24 06:45 . 2009-11-09 06:40	--------	d-----w-	c:\program files\Acronis
2009-11-24 06:40 . 2009-11-24 06:40	--------	d-----w-	c:\program files\Xilisoft
2009-11-24 06:37 . 2009-11-24 06:37	--------	d-----w-	c:\program files\FreeTime
2009-11-23 12:09 . 2009-11-18 06:56	--------	d-----w-	c:\program files\cr2-00-66
2009-11-23 07:28 . 2009-02-11 07:05	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\IDM
2009-11-19 10:52 . 2009-11-19 07:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2009-11-19 10:50 . 2009-11-19 07:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2009-11-19 07:53 . 2009-11-19 07:53	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2009-11-19 07:53 . 2009-11-19 07:53	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-18 06:54 . 2009-11-18 06:54	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\Foxit
2009-11-18 06:54 . 2009-11-18 06:54	--------	d-----w-	c:\program files\Foxit Software
2009-11-16 08:18 . 2009-05-04 08:57	95259	----a-w-	c:\windows\system32\drivers\klick.dat
2009-11-16 08:18 . 2009-05-04 08:57	108059	----a-w-	c:\windows\system32\drivers\klin.dat
2009-11-12 13:20 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup13.dll
2009-11-12 13:20 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup12.dll
2009-11-12 13:20 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup11.dll
2009-11-12 13:20 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup10.dll
2009-11-12 13:20 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup9.dll
2009-11-12 13:19 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup8.dll
2009-11-12 12:58 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup7.dll
2009-11-12 12:01 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup6.dll
2009-11-12 12:00 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup5.dll
2009-11-12 12:00 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup4.dll
2009-11-12 10:36 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup3.dll
2009-11-12 10:33 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup2.dll
2009-11-12 10:32 . 2004-08-18 08:00	22840832	----a-w-	c:\windows\system32\shell32 Backup1.dll
2009-11-12 06:28 . 2008-12-08 11:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\USBSRService
2009-11-11 12:57 . 2008-12-08 11:45	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\USBSafelyRemove
2009-11-11 12:56 . 2009-08-07 05:58	--------	d-----w-	c:\program files\ABBYY PDF Transformer 2.0
2009-11-11 12:56 . 2009-02-11 07:05	--------	d-----w-	c:\program files\Internet Download Manager
2009-11-11 12:56 . 2009-02-03 13:20	--------	d-----w-	c:\program files\7-Zip
2009-11-11 12:56 . 2008-10-10 04:57	--------	d-----w-	c:\program files\Total Commander
2009-11-11 12:56 . 2008-12-10 12:49	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\TeleMessage
2009-11-11 12:56 . 2008-12-15 07:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-11 12:29 . 2008-05-28 07:34	--------	d-----w-	c:\program files\QIP Infium
2009-11-11 12:21 . 2009-05-06 06:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\ashampoo
2009-11-11 10:44 . 2009-11-11 10:44	--------	d-----w-	c:\program files\Microsoft ActiveSync
2009-11-10 13:58 . 2009-11-10 12:38	--------	d-----w-	c:\program files\STDU Viewer
2009-11-10 12:40 . 2008-08-19 10:32	--------	d-----w-	c:\program files\Common Files\Adobe
2009-11-10 12:38 . 2009-11-10 12:38	--------	d-----w-	c:\program files\Common Files\STDUtility
2009-11-09 06:34 . 2009-11-09 06:34	--------	d-----w-	c:\program files\Almeza
2009-11-09 06:32 . 2009-11-09 06:32	--------	d-----w-	c:\program files\Paint.NET
2009-11-06 06:16 . 2008-10-29 06:24	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-11-06 06:13 . 2009-11-06 06:13	152576	----a-w-	c:\documents and settings\piterovdv\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-30 11:19 . 2009-10-30 11:18	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-10-30 09:23 . 2004-08-18 08:00	4952	--sha-r-	C:\bootfont.bin
2009-10-30 06:37 . 2009-10-30 06:37	--------	d-----w-	c:\program files\Paragon Software
2009-10-29 13:04 . 2009-05-06 06:36	--------	d-----w-	c:\documents and settings\piterovdv\Application Data\Ashampoo
2009-10-27 18:00 . 2009-10-30 11:18	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-10-27 15:47 . 2009-06-19 18:09	214368	----a-w-	c:\windows\system32\snapapi.dll
2009-10-27 08:40 . 2009-04-28 05:45	198064	----a-w-	c:\documents and settings\piterovdv\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-10-15 06:07 . 2004-08-18 08:00	1571840	----a-w-	c:\windows\system32\SfcFiles.dll
2009-10-14 12:01 . 2009-10-06 05:17	118000	----a-w-	c:\program files\mozilla firefox\components\qippipe.dll
2008-03-28 17:51 . 2008-05-19 09:32	47616	----a-w-	c:\program files\mozilla firefox\plugins\RapidShareOCR.dll
.

------- Sigcheck -------

[7] 2008-04-14 . E464083934A22C7E0EDE8A8FFA90D26C . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . F052E275784F8EC6BCF54C53D6C7548D . 653312 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . F052E275784F8EC6BCF54C53D6C7548D . 653312 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2009-08-04 . 857A19FD538AC8647C6E4EF17C9B426E . 2190976 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . FA00515BCBAC59E1989C60A421410659 . 2149888 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FA00515BCBAC59E1989C60A421410659 . 2149888 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2008-04-14 . DBD9F0B1A0D346EBBCF20940B86941C5 . 2190848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2008-04-14 . EE19232FAB499123386F6EA905157426 . 631808 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . EE19232FAB499123386F6EA905157426 . 631808 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[7] 2008-04-14 . A9CDF92EA1CFFB67448EF26F5DF21A6F . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2009-08-29 . 75FBA6C8E25A433103D60ED9C76D7661 . 972288 . . [8.00.6001.18828] . . c:\windows\system32\wininet.dll
[-] 2009-08-29 . 75FBA6C8E25A433103D60ED9C76D7661 . 972288 . . [8.00.6001.18828] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-07-03 . 9650B4C3CF00F00F1A09FB2FEB48E065 . 971264 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-05-13 . C2767C63EB04EDEE491990E070B2D69E . 971264 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-03-08 . 831710A866483D4BE0ACAFDB85EDC9D0 . 970752 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-12-20 . BBBACC79C7BD81EF0E0282A6CCAE7F25 . 826368 . . [7.00.6000.16791] . . c:\windows\ie8\wininet.dll
[7] 2008-10-16 . 7788802C3680CE99F6853CC6BCBC8D20 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-08-26 . A3F25D886D15B636E3473BB7E29157DF . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . FD2D7FD2A9EEDFC42A55E49711FECC76 . 882688 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-04-23 . B1D68565F47E0B2037EF92A49F6367FA . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-04-14 . BD953FC6D28126E19882944944E39904 . 666624 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2008-03-01 . 094F3167C8D6489A56F85BE5481875E0 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-03-01 . 094F3167C8D6489A56F85BE5481875E0 . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\915bb699170393fc1b0935573e38fd33\SP2GDR\wininet.dll
[7] 2008-03-01 . F7B6F2689C6B30996A645EAE37B600A4 . 827392 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\915bb699170393fc1b0935573e38fd33\SP2QFE\wininet.dll
[7] 2007-12-07 . 5E9F3C136DF59B7F98C2B128810B709B . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2007-12-07 . 5E9F3C136DF59B7F98C2B128810B709B . 824832 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\a049f6990cfe3f967161f089d6c20585\SP2GDR\wininet.dll
[7] 2007-12-07 . 72CB53167F0C022DC21448B73F46ED82 . 825344 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\a049f6990cfe3f967161f089d6c20585\SP2QFE\wininet.dll
[7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2004-09-29 . 4F2A388323FA5721796939A9CEB429EA . 657408 . . [6.00.2900.2518] . . c:\windows\ie7\wininet.dll

[-] 2008-04-14 . 75140FBC3C0BDC62A5225767845A31E5 . 2460160 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 847C01CA71883702CC7445364DD9D097 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 75140FBC3C0BDC62A5225767845A31E5 . 2460160 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2009-10-15 . F7A155DBEA48003A0D3B55039901191B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\SfcFiles.dll
[-] 2009-10-15 . F7A155DBEA48003A0D3B55039901191B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[7] 2008-04-14 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[7] 2008-04-14 . B5DC70BB43A14093E00C5A735CC5DFD4 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2009-08-04 . 4FE1A1DB24F8CAD0AB15BCB9FAA82ADA . 2067840 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 560D2DF9B13C819D4C9F48F7820BBA47 . 2028544 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 560D2DF9B13C819D4C9F48F7820BBA47 . 2028544 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2008-04-14 . B732BB0B17FE6547FC1F5C770549391E . 2067712 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-13 68856]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-06-16 1434384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-04 206088]
"VistaDrv"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2009-01-11 132096]
"Windows Sidebar"="c:\program files\WINDOWS SIDEBAR\sidebar.exe" [2009-06-07 1280512]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SpeedFan"="c:\program files\SpeedFan\speedfan.exe" [2009-08-09 3986552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2009-09-22 2114752]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 108G DWA-520"="c:\program files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe" [2007-08-29 1671168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 37376]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2009-01-11 132096]

c:\documents and settings\piterovdv\ \ணࠬ\⮧㧪\
Create virtual drive for Denwer.lnk - c:\denwer\denwer\Boot.exe [2009-9-24 6656]
Punto Switcher.lnk - c:\program files\Yandex\Punto Switcher\punto.exe [2009-12-25 831272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^PC Alert 4.lnk]
backup=c:\windows\pss\PC Alert 4.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)
"ASTSRV"=2 (0x2)
"astcc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Russian\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 16:29 33808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.05.2008 13:20 717296]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [10.11.2009 10:24 911680]
R2 ABBYY.Licensing.FineReader.Corporate.9.0;ABBYY FineReader 9.0 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe [27.10.2008 16:03 759072]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [24.11.2009 9:46 2480048]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [28.12.2009 9:56 213776]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [24.12.2009 14:55 547744]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [24.11.2009 9:46 160288]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [24.12.2009 14:55 57376]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 17:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 16:06 24592]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.11.2008 10:12 1684736]
S3 data;data;\??\c:\sysprep\SAN\data.sys --> c:\sysprep\SAN\data.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [22.09.2009 8:37 9216]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\D-Link Wireless 108G DWA-520\JSWUtil\jswpsapi.exe [24.12.2009 14:55 352338]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [02.10.2002 8:57 13532]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [24.01.2005 14:09 26505]
S4 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [25.03.2009 9:43 57344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b7b5457-a581-11dd-bb40-0014d14be5bc}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8169c8c2-2fe3-11de-a690-0014d14be5bc}]
\Shell\AutoRun\command - F:\
\Shell\open\Command - rundll32.exe .\\cocui.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8169ca3f-2fe3-11de-a690-0014d14be5bc}]
\Shell\AutoRun\command - autorungf.exe -flash

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afc7435a-b149-11dd-bb4e-0014d14be5bc}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\KESHA.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &  Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE:   - - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE:  FLV     IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE:      IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE:    IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: {8F1FEDE5-32C4-4CA8-B86A-2831E1D5AE49} = 192.168.1.2,217.150.193.194
FF - ProfilePath - c:\documents and settings\piterovdv\Application Data\Mozilla\Firefox\Profiles\4xbk6gdj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ru/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?query=
FF - component: c:\documents and settings\piterovdv\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 10:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1400)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1508)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\program files\Yandex\Punto Switcher\pshook.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2009-12-28  10:37:30 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-28 07:37

Pre-Run: 44570542080  
Post-Run: 44507287552  

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
;timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Rus" /fastdetect /usepmtimer

- - End Of File - - D377908D2978411D07F37D4B086693A5
