[Sober]

My case with malware is like this
I did almost all as. I have downloaded and started SDFix and ComboFix. They have fulfilled well.
What to me to do further?
Whether it is necessary for me to load the program Malwarebytes' Anti-Malware ?

Is my operation system clear now?

Sorry for bad English

CDFix Report


SDFix: Version 1.240
Run by Froggy-user on 14.12.2008 at 09:46

Microsoft Windows XP [‚ҐабЁп 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
TDSSserv.sys

Path :
\systemroot\system32\drivers\TDSSpqlt.sys

TDSSserv.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\system32\geBqPJAP.dll - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\ALFMH.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\BVIKZ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\CAECI.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\CFPIU.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\CJLAE.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\DZQZC.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\EAZCU.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\EDZTC.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\EFVOL.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\EIJJY.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\ESXJQ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\FEUSY.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\FGWQV.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\FLQPH.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\FXTFO.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\GGORG.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\GJVFX.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\GRXLN.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\IGCII.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\IHPCX.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\IKPRT.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\IKXJJ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\IOLEJ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\IQGNF.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\JTOPW.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\KSETY.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\LPXEH.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\LVSWF.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\MAHTU.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\MBICZ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\MFRET.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\MUBMP.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\ORBHJ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\PCHKS.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\PGJCC.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\QJNVV.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\QXWMK.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\RGJYK.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\RIBFQ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\RMKPK.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\RTHRD.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\RVLKG.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\TGOIF.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\UFZWN.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\VZPNA.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\WZVIZ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\XAGAO.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\XRFLQ.EXE - Deleted
C:\DOCUME~1\FROGGY~1\COOKIES\ZPNZE.EXE - Deleted
C:\DOCUME~1\FROGGY~1\LOCALS~1\Temp\pwrmgr.exe.bat - Deleted
C:\DOCUME~1\FROGGY~1\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\FROGGY~1\LOCALS~1\Temp\windfr.exe.bat - Deleted
C:\DOCUME~1\FROGGY~1\LOCALS~1\Temp\pwrmgr.exe - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\k.txt - Deleted
C:\WINDOWS\system32\drivers\TDSSpqlt.sys - Deleted
C:\WINDOWS\system32\TDSSxfum.dll - Deleted
C:\WINDOWS\system32\TDSSlxwp.dll - Deleted
C:\WINDOWS\system32\TDSSosvd.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSOSVD.dat - Deleted
C:\WINDOWS\system32\TDSStkdu.log - Deleted
C:\WINDOWS\SYSTEM32\TDSSTKDU.log - Deleted


Could Not Remove C:\WINDOWS\system32\smwin32.dll

Folder C:\Program Files\TS-2009 - Removed
Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 21:55:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"!\0045\4B\0045\0042\4>\49\4 ?0\0044\0040\4?\4B\0045\4@\4 ?1?3?9?4?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0004\0"
"\24\4@\0040\49\0042\0045\4@\4 ?A\0045\4@\0042\0045\4@\0040\4 ?4\4>\4A\4B\4C\4?\0040\4 ?:\4 ?;\4>\4:\0040\4;\4L\4=\4>\49\4 ?A\0045\4B\48\4 ?B?l?u?e?t?o?o?t?h?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"!\0045\4B\0045\0042\4>\49\4 ?0\0044\0040\4?\4B\0045\4@\4 ?1?3?9?4?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0004\0"
"\24\4@\0040\49\0042\0045\4@\4 ?A\0045\4@\0042\0045\4@\0040\4 ?4\4>\4A\4B\4C\4?\0040\4 ?:\4 ?;\4>\4:\0040\4;\4L\4=\4>\49\4 ?A\0045\4B\48\4 ?B?l?u?e?t?o?o?t?h?"=str(7):"1\0"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"\37\4>\0044\0042\48\0046\4=\0040\4O\4 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\0045\4;\0040\4O\4"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
" \4C\4:\48\4 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
" \4C\4:\48\4 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\24\48\4=\4>\0047\0040\0042\4@\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"\22\4 ?A\4B\0040\4@\4>\4<\4 ?A\4B\48\4;\0045\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\24\48\4@\48\0046\0045\4@\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"#\0042\0045\4;\48\4G\0045\4=\4=\0040\4O\4"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\22\0040\4@\48\0040\4F\48\48\4"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\4@\4>\4=\0047\4>\0042\0040\4O\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"'\0045\4@\4=\0040\4O\4 ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"'\0045\4@\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"'\0045\4@\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\30\0043\4@\4K\4"="!B0=40@B=K5\3@K"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ad-Aware 2008\\ad_aware_2008_portable_7.1.0.1\\App\\AdAware\\Ad-Aware.exe"="C:\\Program Files\\Ad-Aware 2008\\ad_aware_2008_portable_7.1.0.1\\App\\AdAware\\Ad-Aware.exe:*:Enabled:AdAware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ad-Aware 2008\\ad_aware_2008_portable_7.1.0.1\\App\\AdAware\\Ad-Aware.exe"="C:\\Program Files\\Ad-Aware 2008\\ad_aware_2008_portable_7.1.0.1\\App\\AdAware\\Ad-Aware.exe:*:Enabled:AdAware"

Remaining Files :

C:\WINDOWS\default.htm Found
C:\WINDOWS\system32\smwin32.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!



ComboFix Report
ComboFix 08-12-09.03 - Froggy-user 2008-12-14 22:01:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1613 [GMT 5:00]
Running from: c:\documents and settings\Froggy-user\Рабочий стол\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\default.htm
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\_000870_.tmp.dll
c:\windows\system32\akbuumpv.dll
c:\windows\system32\auesqrmq.ini
c:\windows\system32\auytgehi.ini
c:\windows\system32\bjrnqnja.ini
c:\windows\system32\bnhggxko.ini
c:\windows\system32\cduosniw.ini
c:\windows\system32\cspjyeoe.ini
c:\windows\system32\ddfkthfy.ini
c:\windows\system32\Desktop_.ini
c:\windows\system32\dlujsaey.ini
c:\windows\system32\ejvtuyse.ini
c:\windows\system32\fcrkthbt.ini
c:\windows\system32\frmylvay.ini
c:\windows\system32\getfn32.dll
c:\windows\system32\GgOVEfhk.ini
c:\windows\system32\GgOVEfhk.ini2
c:\windows\system32\gvcpxkuk.ini
c:\windows\system32\hbwjuwfk.ini
c:\windows\system32\hgGwXppp.dll
c:\windows\system32\ijtpamwg.ini
c:\windows\system32\invsisyo.ini
c:\windows\system32\ixyrwxkf.ini
c:\windows\system32\khfCtrPi.dll
c:\windows\system32\khfEVOgG.dll
c:\windows\system32\kqynhvap.ini
c:\windows\system32\ljlljjxu.dll
c:\windows\system32\lmtceinn.ini
c:\windows\system32\lrjkwugi.ini
c:\windows\system32\ltbynowo.ini
c:\windows\system32\lumquypm.dll
c:\windows\system32\lvgfmjyi.ini
c:\windows\system32\mcdlkvku.ini
c:\windows\system32\mcsbqing.ini
c:\windows\system32\mpyuqmul.ini
c:\windows\system32\mumwijjt.ini
c:\windows\system32\mwmjlotb.ini
c:\windows\system32\nnnNeBtS.dll
c:\windows\system32\nvdxviyy.ini
c:\windows\system32\olvsmsde.ini
c:\windows\system32\owkpppwy.ini
c:\windows\system32\oysisvni.dll
c:\windows\system32\pavhnyqk.dll
c:\windows\system32\pfqtxqui.ini
c:\windows\system32\pgivaujc.ini
c:\windows\system32\ppruodlf.ini
c:\windows\system32\qmfbkwdp.ini
c:\windows\system32\qutcunil.ini
c:\windows\system32\rmboohif.ini
c:\windows\system32\rsdsbhcc.ini
c:\windows\system32\ruaofynu.ini
c:\windows\system32\rxddbmem.ini
c:\windows\system32\rxgqexnh.ini
c:\windows\system32\smwin32.dll
c:\windows\system32\sowwekwb.ini
c:\windows\system32\syophucu.ini
c:\windows\system32\uaxfwauv.ini
c:\windows\system32\ueevgdft.ini
c:\windows\system32\ueqanaem.ini
c:\windows\system32\uesiuqcr.exe
c:\windows\system32\uxjjlljl.ini
c:\windows\system32\vpmuubka.ini
c:\windows\system32\vuawfxau.dll
c:\windows\system32\vyjwpgdh.ini
c:\windows\system32\wtxxhqxt.dll
c:\windows\system32\xgugiklf.ini
c:\windows\system32\xmqswnes.ini
c:\windows\system32\yfdcwmqc.ini
c:\windows\system32\yfhtkfdd.dll
c:\windows\system32\yuyhnogd.ini
c:\windows\system32\yyfgwtfw.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_DRIVER_INTERFACE


((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-14 21:47 . 2008-12-14 21:47 60,506 --a------ c:\documents and settings\Froggy-user\catchme.zip
2008-12-14 21:43 . 2008-12-14 21:43 <DIR> d-------- c:\windows\ERUNT
2008-12-14 21:13 . 2008-12-14 21:56 <DIR> d-------- C:\SDFix
2008-12-14 21:10 . 2008-12-14 21:10 <DIR> d-------- c:\program files\Trend Micro
2008-12-11 00:38 . 2008-12-11 00:38 11,264 --a------ c:\windows\system32\drivers\uzezmza0.sys
2008-12-10 23:48 . 2008-12-10 23:48 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-10 23:27 . 2008-12-10 23:27 <DIR> d-------- c:\program files\AVZ4
2008-12-10 22:06 . 2008-12-10 23:10 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-12-10 22:00 . 2008-12-10 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-10 20:18 . 2008-12-10 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\LavasoftBackup
2008-12-09 23:51 . 2001-10-20 17:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-12-09 23:50 . 2001-10-20 17:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-12-09 23:49 . 2004-08-17 17:04 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-12-09 23:47 . 2008-12-09 23:47 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-09 23:47 . 2008-12-09 23:47 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-09 23:47 . 2008-12-09 23:47 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-09 23:47 . 2008-12-09 23:47 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-09 23:47 . 2008-12-09 23:47 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-09 23:47 . 2008-12-09 23:47 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-09 22:23 . 2008-12-09 22:23 <DIR> d-------- c:\documents and settings\Администратор\Application Data\Media Player Classic
2008-12-09 22:15 . 2008-12-09 22:15 <DIR> d-------- c:\documents and settings\Администратор\Application Data\DivX
2008-12-09 21:53 . 2008-12-09 21:53 <DIR> d-------- c:\program files\Lavasoft
2008-12-09 21:46 . 2008-12-09 21:46 <DIR> d-------- c:\program files\2gis
2008-12-09 21:46 . 2008-12-09 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\2GIS
2008-12-09 20:27 . 2008-12-08 22:50 <DIR> d--h----- c:\documents and settings\Администратор\Шаблоны
2008-12-09 20:27 . 2008-12-08 22:50 <DIR> d--h----- c:\documents and settings\Администратор\Шаблоны
2008-12-09 20:27 . 2008-04-05 18:57 <DIR> d-------- c:\documents and settings\Администратор\Рабочий стол
2008-12-09 20:27 . 2008-04-05 18:57 <DIR> d-------- c:\documents and settings\Администратор\Рабочий стол
2008-12-09 20:27 . 2008-04-05 18:57 <DIR> d-------- c:\documents and settings\Администратор\Мои документы
2008-12-09 20:27 . 2008-04-05 18:57 <DIR> d-------- c:\documents and settings\Администратор\Мои документы
2008-12-09 20:27 . 2008-04-05 18:57 <DIR> dr------- c:\documents and settings\Администратор\Главное меню
2008-12-09 20:27 . 2008-04-05 18:57 <DIR> dr------- c:\documents and settings\Администратор\Главное меню
2008-12-09 20:27 . 2008-12-09 22:30 <DIR> d-------- c:\documents and settings\Администратор\Избранное
2008-12-09 20:27 . 2008-12-09 22:30 <DIR> d-------- c:\documents and settings\Администратор\Избранное
2008-12-09 20:27 . 2008-12-09 22:26 <DIR> d-------- c:\documents and settings\Администратор
2008-12-09 19:14 . 2008-12-09 19:14 91,700 --a------ c:\windows\system32\drivers\klin.dat
2008-12-09 19:14 . 2008-12-09 19:14 85,860 --a------ c:\windows\system32\drivers\klick.dat
2008-12-09 19:10 . 2008-12-09 19:10 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-09 19:10 . 2008-12-14 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-09 19:10 . 2008-12-14 22:08 879,904 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-09 19:10 . 2008-12-14 22:07 54,048 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-09 19:10 . 2008-12-14 22:06 13,880 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-09 19:10 . 2008-12-14 22:06 7,136 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-09 19:08 . 2008-12-09 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-08 22:50 . 2004-08-17 16:54 14,043 -ra------ c:\windows\SET7F.tmp
2008-12-08 22:49 . 2004-08-17 16:54 1,086,058 -ra------ c:\windows\SET73.tmp
2008-12-08 22:49 . 2004-08-17 16:57 1,014,193 -ra------ c:\windows\SET70.tmp
2008-12-08 22:48 . 2008-12-08 22:48 <DIR> d---s---- c:\windows\system32\config\systemprofile\History
2008-12-06 23:05 . 2008-12-06 23:05 106,496 --a------ c:\windows\system32\ipdll.dll
2008-12-06 23:05 . 2008-12-06 23:05 57,344 --a------ c:\windows\system32\svchоst.exe
2008-12-06 23:05 . 2008-12-06 23:05 46,080 --a------ c:\windows\system32\bits.dll
2008-11-26 21:31 . 2008-11-26 21:31 <DIR> d-------- c:\documents and settings\Froggy-user\Application Data\ESET
2008-11-26 17:48 . 2008-11-26 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-26 00:22 . 2008-11-26 17:41 <DIR> d-------- c:\program files\PC Protection Center 2008
2008-11-17 20:09 . 2008-11-17 20:31 <DIR> d-------- C:\Новая папка
2008-11-17 17:39 . 2008-11-17 16:09 172,032 --a------ c:\windows\vbernwafxfk.dll
2008-11-17 17:39 . 2008-11-17 16:09 151,552 --a------ c:\windows\kopnvqat.dll
2008-11-17 17:39 . 2008-11-17 16:09 135,168 --a------ c:\windows\faxtsbpv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 17:05 --------- d-----w c:\program files\jv16 PowerTools
2008-12-02 17:09 --------- d-----w c:\documents and settings\Froggy-user\Application Data\Ahead
2008-11-26 15:47 --------- d-----w c:\program files\ESET
2008-11-11 19:39 --------- d-----w c:\program files\awz
2008-11-10 16:20 --------- d-----w c:\documents and settings\Froggy-user\Application Data\Canon
2008-10-28 07:21 1,233,920 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 13:21 78,910 ----a-w c:\program files\2410232.jpg
2008-08-22 19:35 6,907,758 ----a-w c:\program files\2gisPerm8.exe
2008-08-19 21:30 9,390,936 ----a-w c:\program files\winamp5541_full_emusic-7plus_ru-ru.exe
2008-08-02 16:27 1,495,112 ----a-w c:\program files\install_flash_player.exe
2008-08-02 16:20 1,377,264 ----a-w c:\program files\YandexOnlineSetup.exe
2008-06-14 18:27 144,920,878 ----a-r c:\program files\business_card_by_theslam.rar
2008-06-07 12:58 1,785,480 ----a-w c:\program files\setup_punto_switcher_2963.exe
2008-04-13 17:43 2,047,832 ----a-w c:\program files\qip8050.exe
2008-04-13 17:04 1,506,352 ----a-w c:\program files\qip8050.rar
2006-12-06 14:30 2,461,180 ----a-w c:\windows\inf\SET1F7.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46E0A068-CF0A-4C6D-BC8D-0CA4CCB5697F}]
2008-11-17 16:09 172032 --a------ c:\windows\vbernwafxfk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"Punto Switcher"="c:\program files\Punto Switcher\ps.exe" [2008-05-30 722112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-23 827392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8433664]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 227856]
"nwiz"="nwiz.exe" [2007-07-23 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-23 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\ѓ« ў®Ґ ¬Ґо\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kopnvqat"= {FA839F42-A27D-48A2-A9D0-79C600B40DD8} - c:\windows\kopnvqat.dll [2008-11-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingvo Launcher]
--a------ 2004-10-09 17:17 110592 c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\LvAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LingvoTraining]
--a------ 2004-10-09 17:23 1159168 c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Tutor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-17 15:17 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-07-23 22:11 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
--a------ 2002-06-03 10:38 49152 c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yupdate!]
--a------ 2008-05-14 15:25 460040 c:\program files\Common Files\Yandex\Yupdate\yupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-07-23 22:12 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 uzezmza0;AVZ-RK Kernel Driver;\??\c:\windows\system32\Drivers\uzezmza0.sys [2008-12-11 11264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0970beb0-82dd-11dd-bb24-001c26e25fc8}]
\Shell\AutoRun\command - tio8x6.cmd
\Shell\explore\Command - tio8x6.cmd
\Shell\open\Command - tio8x6.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1347a9e4-823d-11dd-bb21-001b384fa0ff}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1347a9e6-823d-11dd-bb21-001b384fa0ff}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16e47699-a447-11dd-bb86-001c26e25fc8}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5190e65a-032e-11dd-ba08-001c269608ab}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6705e1df-3316-11dd-baa2-001c26e25fc8}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{795e4a42-c079-11dd-bbd0-001b384fa0ff}]
\Shell\AutoRun\command - tio8x6.cmd
\Shell\explore\Command - tio8x6.cmd
\Shell\open\Command - tio8x6.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d89c018-030a-11dd-ba04-001b384fa0ff}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95a4e7b2-a73e-11dd-bb89-001c26e25fc8}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b8ed9a-8324-11dd-bb26-001c26e25fc8}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b8ed9b-8324-11dd-bb26-001c26e25fc8}]
\Shell\AutoRun\command - G:\a3g3.bat
\Shell\explore\Command - G:\a3g3.bat
\Shell\open\Command - G:\a3g3.bat
.
- - - - ORPHANS REMOVED - - - -

BHO-{6C6FE55F-67CF-465B-B1EF-45835495F179} - c:\windows\system32\khfEVOgG.dll
HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
SSODL-tslmavew-{8FB84E99-D3E7-4777-8C64-D17678487C4B} - (no file)
MSConfigStartUp-5c473880 - c:\windows\system32\oysisvni.dll
MSConfigStartUp-TotalSecure2009 - c:\program files\TS-2009\scan.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 22:08:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1308)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1364)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(4000)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\Msi.dll
c:\program files\Common Files\Microsoft Shared\Web Components\10\1049\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1049\OWCI11.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\docume~1\FROGGY~1\LOCALS~1\temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-14 22:11:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-14 17:11:43

Pre-Run: 2 692 145 152 байт свободно
Post-Run: 2,581,860,352 байт свободно

[Advertisements]

my last logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51, on 15.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\FROGGY~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WRL Advisor - {46E0A068-CF0A-4C6D-BC8D-0CA4CCB5697F} - C:\WINDOWS\vbernwafxfk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: PROMT - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121708 serial=DR12CUB-3258082-RKB lang=EN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\ps.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with Lingvo - res://C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Перевести - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Настройка перевода - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E7714E-0644-4AEB-A0FC-DA9FDCF09DD3}: NameServer = 212.33.224.131 212.33.225.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E7714E-0644-4AEB-A0FC-DA9FDCF09DD3}: NameServer = 212.33.224.131 212.33.225.211
O21 - SSODL: kopnvqat - {FA839F42-A27D-48A2-A9D0-79C600B40DD8} - C:\WINDOWS\kopnvqat.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Ad-Aware 2008\ad_aware_2008_portable_7.1.0.1\App\AdAware\aawservice.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7329 bytes

[Sober]

my last logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51, on 15.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\FROGGY~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WRL Advisor - {46E0A068-CF0A-4C6D-BC8D-0CA4CCB5697F} - C:\WINDOWS\vbernwafxfk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: PROMT - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121708 serial=DR12CUB-3258082-RKB lang=EN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\ps.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with Lingvo - res://C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Перевести - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Настройка перевода - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E7714E-0644-4AEB-A0FC-DA9FDCF09DD3}: NameServer = 212.33.224.131 212.33.225.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E7714E-0644-4AEB-A0FC-DA9FDCF09DD3}: NameServer = 212.33.224.131 212.33.225.211
O21 - SSODL: kopnvqat - {FA839F42-A27D-48A2-A9D0-79C600B40DD8} - C:\WINDOWS\kopnvqat.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Ad-Aware 2008\ad_aware_2008_portable_7.1.0.1\App\AdAware\aawservice.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7329 bytes