ComboFix 08-12-15.08 -  2008-12-16 22:04:30.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1251.1.1049.18.1022.563 [GMT 5:00]
Running from: c:\documents and settings\\ \ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msssc.dll

.
(((((((((((((((((((((((((   Files Created from 2008-11-16 to 2008-12-16  )))))))))))))))))))))))))))))))
.

2008-12-16 21:21 . 2008-12-16 21:21	11,264	--a------	c:\windows\system32\drivers\uzi2mtmy.sys
2008-12-15 23:43 . 2008-12-15 23:43	584,192	--a--c---	c:\windows\system32\dllcache\user32.dll
2008-12-15 23:42 . 2008-12-15 23:42	<DIR>	d--------	c:\windows\ERUNT
2008-12-15 23:42 . 2008-12-16 21:52	<DIR>	d--------	C:\SDFix
2008-12-14 19:27 . 2008-12-14 19:27	<DIR>	d--------	c:\program files\AnswerWorks 4.0
2008-12-14 19:26 . 2008-12-14 19:46	<DIR>	d--------	c:\program files\AutoCAD 2007
2008-12-14 19:26 . 2008-12-14 19:29	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Autodesk
2008-12-14 19:26 . 2008-12-14 19:30	<DIR>	d--------	c:\documents and settings\\Application Data\Autodesk
2008-12-14 19:24 . 2008-12-14 19:24	<DIR>	d--------	c:\program files\Autodesk
2008-12-14 19:23 . 2008-12-14 19:23	<DIR>	d--------	c:\program files\Autodesk Deployment Wizard
2008-12-14 19:21 . 2004-10-21 17:38	126,976	--a------	c:\temp\MediaBrowser.exe
2008-12-14 19:21 . 2005-12-15 21:30	53,248	--a------	c:\temp\Setup.exe
2008-12-14 19:20 . 2006-03-26 21:56	<DIR>	d--------	c:\temp\MediaBrowser
2008-12-14 19:20 . 2006-03-26 21:53	<DIR>	d--------	c:\temp\Bin
2008-12-14 18:34 . 2008-12-14 19:28	<DIR>	d--------	c:\program files\Common Files\Autodesk Shared
2008-12-14 13:43 . 2008-12-14 13:43	<DIR>	d--------	c:\program files\FL
2008-12-09 22:06 . 2008-12-09 22:06	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Mathematica
2008-12-09 22:06 . 2008-12-09 22:06	<DIR>	d--------	c:\documents and settings\\Application Data\Mathematica
2008-12-09 22:04 . 2008-12-09 22:04	<DIR>	d--------	c:\program files\Wolfram Research
2008-12-09 22:04 . 2008-12-09 22:04	<DIR>	d--------	c:\documents and settings\\WINDOWS
2008-12-09 22:04 . 2008-12-09 22:04	<DIR>	d--------	c:\documents and settings\\WINDOWS
2008-12-09 22:04 . 1996-11-05 16:13	299,008	--a------	c:\windows\uninst.exe
2008-11-29 01:27 . 2008-11-29 01:27	<DIR>	d--------	c:\program files\WMV9_VCM
2008-11-25 23:32 . 2008-12-14 19:23	<DIR>	d--------	C:\Temp
2008-11-25 23:30 . 2008-11-25 23:30	<DIR>	d--------	c:\documents and settings\\Application Data\Thinstall
2008-11-25 23:30 . 2008-11-25 23:30	<DIR>	d--------	c:\documents and settings\\Application Data\Seven Zip
2008-11-25 11:13 . 2008-12-16 20:59	<DIR>	d--------	c:\documents and settings\\Application Data\skypePM
2008-11-25 11:13 . 2008-11-25 11:13	56	--ah-----	c:\windows\system32\ezsidmv.dat
2008-11-24 00:53 . 2001-09-19 10:47	765,952	-ra------	c:\windows\system\crlds3d.dll
2008-11-24 00:52 . 2008-11-24 00:52	<DIR>	d--h-----	c:\program files\InstallShield Installation Information
2008-11-24 00:52 . 2008-11-24 00:52	<DIR>	d--------	c:\program files\Analog Devices
2008-11-24 00:52 . 2001-09-11 15:20	1,285,632	---------	c:\windows\system32\SMMedia.dll
2008-11-24 00:52 . 2005-05-04 09:20	53,248	---------	c:\windows\system32\wdmioctl.dll
2008-11-24 00:52 . 2005-09-26 16:20	49,152	--a------	c:\windows\system32\DSndUp.exe
2008-11-24 00:52 . 2002-04-17 15:05	45,056	---------	c:\windows\system32\CleanUp.exe
2008-11-22 19:26 . 2008-11-22 19:26	<DIR>	d--------	c:\windows\system32\Pointdev
2008-11-22 19:26 . 2008-11-22 19:26	126	--a------	c:\windows\ODBC.INI
2008-11-22 19:25 . 2008-11-22 19:25	0	--a------	c:\windows\WinHDM.INI
2008-11-20 04:36 . 2008-11-20 04:36	<DIR>	d--------	c:\documents and settings\\DoctorWeb
2008-11-20 04:36 . 2008-11-20 04:36	<DIR>	d--------	c:\documents and settings\\DoctorWeb
2008-11-20 04:08 . 2008-11-20 04:08	<DIR>	d--------	c:\documents and settings\\Application Data\Apple Computer
2008-11-20 04:00 . 2008-11-20 14:13	<DIR>	d--------	C:\OperaAC
2008-11-17 01:49 . 2008-11-17 01:49	<DIR>	d--------	c:\documents and settings\\Application Data\Media Player Classic
2008-11-17 00:21 . 2008-11-17 00:21	<DIR>	d--------	c:\windows\Sun
2008-11-16 16:35 . 2008-11-26 00:27	38	--a------	c:\windows\avisplitter.INI
2008-11-16 15:46 . 2008-11-16 15:46	0	--a------	c:\windows\nsreg.dat
2008-11-16 02:10 . 2008-11-16 02:10	107,888	--a------	c:\windows\system32\CmdLineExt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 16:46	---------	d-----w	c:\documents and settings\\Application Data\uTorrent
2008-12-16 16:02	---------	d-----w	c:\documents and settings\\Application Data\Skype
2008-12-14 13:40	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 11:21	---------	d-----w	c:\program files\Common Files\InstallShield
2008-11-22 16:01	---------	d-----w	c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-20 08:47	---------	d-----w	c:\program files\Common Files\ACD Systems
2008-11-20 08:20	---------	d-----w	c:\documents and settings\\Application Data\DAEMON Tools
2008-11-16 10:49	---------	d-----w	c:\program files\Opera
2008-11-14 10:29	---------	d-----w	c:\program files\HP
2008-11-14 10:29	---------	d-----w	c:\program files\Common Files\HP
2008-11-14 10:29	---------	d-----w	c:\documents and settings\All Users\Application Data\HP
2008-11-14 10:27	---------	d-----w	c:\program files\Hewlett-Packard
2008-11-14 10:26	---------	d-----w	c:\program files\Common Files\Hewlett-Packard
2008-11-14 10:18	---------	d-----w	c:\documents and settings\\Application Data\HP
2008-11-14 09:36	---------	d-----w	c:\documents and settings\\Application Data\PRMT
2008-11-13 15:34	---------	d-----w	c:\program files\Winamp
2008-11-12 22:32	---------	d-----w	c:\program files\uTorrent
2008-11-12 22:24	---------	d-----w	c:\documents and settings\\Application Data\ACD Systems
2008-11-12 22:23	---------	d-----w	c:\documents and settings\\Application Data\ChemTable Software
2008-11-12 22:17	---------	d-----w	c:\program files\Your Uninstaller 2008
2008-11-12 22:14	---------	d-----w	c:\program files\Total Commander
2008-11-12 22:10	---------	d-----w	c:\documents and settings\\Application Data\URSoft
2008-11-12 22:07	---------	d-----w	c:\documents and settings\\Application Data\Auslogics
2008-11-12 22:02	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 22:01	---------	d-----w	c:\program files\Microsoft.NET
2008-11-12 22:01	---------	d-----w	c:\program files\Microsoft Works
2008-11-12 21:58	---------	d-----w	c:\program files\Foxit Software
2008-11-12 21:57	---------	d-----w	c:\program files\PRMT8
2008-11-12 21:56	---------	d-----w	c:\documents and settings\All Users\Application Data\PRMT
2008-11-12 21:55	---------	d-----w	c:\program files\Winnydows
2008-11-12 21:55	---------	d-----w	c:\program files\K-Lite Codec Pack
2008-11-12 21:55	---------	d-----w	c:\program files\AviSynth 2.5
2008-11-12 21:54	---------	d-----w	c:\program files\Common Files\Adobe
2008-11-12 21:50	---------	d-----w	c:\program files\Common Files\Macrovision Shared
2008-11-12 21:49	---------	d-----w	c:\program files\Windows Sidebar
2008-11-12 21:49	---------	d-----w	c:\program files\Skype
2008-11-12 21:49	---------	d-----w	c:\program files\My Company Name
2008-11-12 21:49	---------	d-----w	c:\program files\Common Files\Skype
2008-11-12 21:49	---------	d-----w	c:\documents and settings\All Users\Application Data\Skype
2008-11-12 21:48	---------	d-----w	c:\program files\AnVir Task Manager
2008-11-12 21:46	---------	d-----w	c:\documents and settings\All Users\Application Data\ESET
2008-11-12 21:45	---------	d-----w	c:\program files\Reg Organizer
2008-11-12 21:45	---------	d-----w	c:\program files\Nero
2008-11-12 21:45	---------	d-----w	c:\program files\Eset
2008-11-12 21:45	---------	d-----w	c:\program files\DAEMON Tools Lite
2008-11-12 21:45	---------	d-----w	c:\program files\Common Files\Nero
2008-11-12 21:45	---------	d-----w	c:\program files\Auslogics
2008-11-12 21:07	---------	d-----w	c:\program files\Reference Assemblies
2008-11-12 21:07	---------	d-----w	c:\program files\MSBuild
2008-11-12 20:56	---------	d-----w	c:\program files\VistaDriveIcon
2008-11-12 20:56	---------	d-----w	c:\program files\microsoft frontpage
2008-11-12 20:55	717,296	----a-w	c:\windows\system32\drivers\sptd.sys
2008-11-12 20:55	---------	d-----w	c:\program files\Java
2008-11-12 20:55	---------	d-----w	c:\program files\Common Files\Java
2008-11-12 20:53	---------	d-----w	c:\program files\Windows Media Connect 2
.

(((((((((((((((((((((((((((((   snapshot_2008-12-07_23.59.39,84   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-10 12:19:22	53,248	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-12-14 14:24:38	53,248	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-03-10 12:19:22	12,800	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-12-14 14:24:39	12,800	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-03-10 12:19:22	473,600	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-12-14 14:24:39	473,600	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-03-10 12:19:18	577,024	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-14 14:24:39	577,024	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-10 12:19:22	145,920	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-12-14 14:24:39	145,920	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-03-10 12:19:22	159,232	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-12-14 14:24:39	159,232	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-03-10 12:19:22	364,544	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-12-14 14:24:39	364,544	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-03-10 12:19:22	178,176	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-12-14 14:24:40	178,176	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-03-10 12:19:22	223,232	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-12-14 14:24:38	223,232	----a-w	c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-12-14 14:26:20	820,984	----a-w	c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop.Common\17.0.54.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.Common.dll
+ 2008-12-14 14:26:21	145,144	----a-w	c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop\17.0.54.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.dll
+ 2006-03-04 23:19:46	114,280	----a-w	c:\windows\Downloaded Program Files\IDropENU.dll
+ 2008-08-07 10:27:04	163,328	----a-w	c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-15 18:42:53	3,297,280	----a-w	c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-12-15 18:42:53	258,048	----a-w	c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 10:27:04	163,328	----a-w	c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-15 18:42:43	3,297,280	----a-w	c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-12-15 18:42:43	258,048	----a-w	c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2000-08-31 05:00:00	89,504	----a-w	c:\windows\fdsv.exe
+ 2000-08-31 03:00:00	89,504	----a-w	c:\windows\fdsv.exe
- 2000-08-31 05:00:00	80,412	----a-w	c:\windows\grep.exe
+ 2000-08-31 03:00:00	80,412	----a-w	c:\windows\grep.exe
+ 2006-03-04 23:58:16	23,656	----a-w	c:\windows\Installer\{04AE4390-AC57-44A1-9165-FAF5C6BFB14E}\CustomRes.dll
+ 2008-12-14 14:23:41	458,752	----a-r	c:\windows\Installer\{04AE4390-AC57-44A1-9165-FAF5C6BFB14E}\DeployWiz.exe
+ 2008-12-14 14:28:18	73,728	----a-r	c:\windows\Installer\{5783F2D7-5001-0409-0002-0060B0CE6BBA}\Acad162_icon.exe
+ 2006-03-04 23:58:16	23,656	----a-w	c:\windows\Installer\{5783F2D7-5001-0409-0002-0060B0CE6BBA}\CustomRes.dll
+ 2006-03-04 23:58:08	267,880	----a-w	c:\windows\Installer\{5783F2D7-5001-0409-0002-0060B0CE6BBA}\InstBasicUI.dll
+ 2006-03-04 23:58:16	304,744	----a-w	c:\windows\Installer\{5783F2D7-5001-0409-0002-0060B0CE6BBA}\InstRes.dll
+ 2008-12-14 14:28:18	34,304	----a-r	c:\windows\Installer\{5783F2D7-5001-0409-0002-0060B0CE6BBA}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2000-08-31 05:00:00	98,816	----a-w	c:\windows\sed.exe
+ 2000-08-31 03:00:00	98,816	----a-w	c:\windows\sed.exe
- 2000-08-31 05:00:00	136,704	----a-w	c:\windows\SWSC.exe
+ 2000-08-31 03:00:00	136,704	----a-w	c:\windows\SWSC.exe
- 2000-08-31 05:00:00	212,480	----a-w	c:\windows\SWXCACLS.exe
+ 2000-08-31 03:00:00	212,480	----a-w	c:\windows\SWXCACLS.exe
+ 2006-03-04 22:55:56	177,768	----a-w	c:\windows\system32\AcSignExt.dll
+ 2006-03-04 23:17:28	15,976	----a-w	c:\windows\system32\AcSignExtRes.dll
+ 2006-03-04 22:55:56	185,448	----a-w	c:\windows\system32\AcSignIcon.dll
+ 2006-03-04 22:55:58	303,208	----a-w	c:\windows\system32\AcSignOpt.exe
- 2008-12-07 14:48:37	1,448,696	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2008-12-15 04:25:19	1,528,104	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2005-08-27 08:38:58	128,648	----a-w	c:\windows\system32\Macromed\Flash\GetFlash.exe
- 2006-07-24 07:50:38	125,744	----a-w	c:\windows\system32\MSSTDFMT.DLL
+ 2000-04-03 15:05:58	118,784	----a-w	c:\windows\system32\msstdfmt.dll
- 2000-08-31 05:00:00	49,152	----a-w	c:\windows\VFIND.exe
+ 2000-08-31 03:00:00	49,152	----a-w	c:\windows\VFIND.exe
+ 2008-12-14 14:27:29	1,233,920	----a-w	c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
- 2000-08-31 05:00:00	68,096	----a-w	c:\windows\zip.exe
+ 2000-08-31 03:00:00	68,096	----a-w	c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-06-25 17408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-02-27 1254912]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2008-11-14 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-06-25 17408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7_012"="advpack.dll" [2008-03-03 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\ \ணࠬ\⮧㧪\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost

R0 pe3amvnc;Korsari - Gorod poteryannih korabley Environment Driver (pe3amvnc);c:\windows\system32\drivers\pe3amvnc.sys [2007-11-05 65200]
R0 pf2amvnc;Korsari - Gorod poteryannih korabley File System Driver (pf2amvnc);c:\windows\system32\drivers\pf2amvnc.sys [2007-11-05 83632]
R0 ps7amvnc;Korsari - Gorod poteryannih korabley Synchronization Driver (ps7amvnc);c:\windows\system32\drivers\ps7amvnc.sys [2007-11-05 68792]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 uzi2mtmy;AVZ-RK Kernel Driver;\??\c:\windows\system32\Drivers\uzi2mtmy.sys [2008-12-16 11264]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-03-13 472320]
S2 pr2amvnc;Korsari - Gorod poteryannih korabley Drivers Auto Removal (pr2amvnc);c:\windows\system32\pr2amvnc.exe svc []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar]
c:\windows\system32\hidec /W c:\program files\Windows Sidebar\VAIO\Tools\REGTLIB.EXE "c:\program files\Windows Sidebar\sidebar.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"c:\program files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"c:\program files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:\program files\Windows Sidebar\VAIO\.\vshellext.dll
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &  Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A91B6F6A-9BE8-4FFC-B8AA-6733C7493DE1} = 87.224.197.1,87.224.213.1
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\dmej0hx0.default\
FF - prefs.js: browser.search.selectedEngine - Википедия (ru)
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 22:05:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
Completion time: 2008-12-16 22:06:00
ComboFix-quarantined-files.txt  2008-12-16 17:05:50
ComboFix2.txt  2008-12-07 19:01:19
ComboFix3.txt  2008-11-22 14:33:42
ComboFix4.txt  2008-11-21 14:43:48

Pre-Run: 7407554560  
Post-Run: 7,401,844,736  

280
