dumpz.orgComboFix 09-05-14.05 - Я 15.05.2009 14:48.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1251.7.1049.18.2047.1616 [GMT 4:00]
Running from: c:\documents and settings\Я\Мои документы\Загрузки\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2009-04-15 to 2009-05-15  )))))))))))))))))))))))))))))))
.

2009-05-15 10:35 . 2009-05-15 10:35	--------	d--h--w	c:\windows\$hf_mig$
2009-05-15 10:29 . 2008-10-16 10:06	268648	----a-w	c:\windows\system32\mucltui.dll
2009-05-14 19:25 . 2009-05-14 19:25	--------	d-----w	c:\documents and settings\Я\Local Settings\Application Data\Identities
2009-05-14 18:49 . 2009-05-14 18:49	--------	d-----w	c:\documents and settings\Я\Local Settings\Application Data\ESET
2009-05-14 18:10 . 2009-05-14 18:10	--------	d-----w	c:\program files\ESET
2009-05-13 17:06 . 2009-05-13 17:06	--------	d-----w	c:\program files\Mozilla Firefox 3.5 Beta 4
2009-05-13 15:56 . 2009-05-13 15:56	--------	d-----w	c:\program files\SiteAccess
2009-05-13 14:53 . 2009-05-13 14:53	--------	d-----w	c:\documents and settings\Я\Application Data\Yandex
2009-05-13 14:53 . 2009-05-13 14:53	0	----a-w	c:\windows\nsreg.dat
2009-05-13 14:53 . 2009-05-13 14:53	--------	d-----w	c:\documents and settings\Я\Local Settings\Application Data\Mozilla
2009-05-13 14:31 . 2009-05-13 14:31	--------	d-----w	c:\documents and settings\All Users\Application Data\Macrovision
2009-05-13 14:31 . 2009-05-13 14:31	--------	d-----w	c:\program files\Common Files\Adobe Systems Shared
2009-05-13 14:31 . 2009-05-13 14:31	--------	d-----w	c:\program files\Common Files\Adobe
2009-05-13 14:23 . 2009-05-13 14:23	--------	d-----w	c:\program files\RadioClicker LITE
2009-05-07 20:46 . 2009-05-07 20:46	--------	d-----w	c:\documents and settings\Я\Application Data\ROALDevelopment
2009-05-07 20:12 . 2009-05-07 20:13	--------	d-----w	c:\documents and settings\Я\Application Data\Sonic Foundry
2009-05-07 20:12 . 2009-05-07 20:12	--------	d-----w	c:\program files\Sonic Foundry
2009-05-07 20:12 . 2001-10-19 10:40	665424	----a-w	c:\windows\system32\wmv8dmoe.dll
2009-05-07 20:12 . 2001-10-19 10:40	438608	----a-w	c:\windows\system32\wmv8dmod.dll
2009-05-07 20:12 . 2001-10-19 10:39	572752	----a-w	c:\windows\system32\wmvdmoe.dll
2009-05-07 20:12 . 2001-10-19 10:40	1683792	----a-w	c:\windows\system32\wmvcore2.dll
2009-05-07 20:09 . 2003-10-01 13:44	31744	----a-w	c:\windows\system32\drivers\IcdSX.sys
2009-05-07 20:09 . 2009-05-07 20:09	--------	d-----w	c:\program files\SONY
2009-05-07 20:08 . 2009-05-07 20:08	--------	d-----w	c:\program files\MOBILedit!
2009-05-07 20:07 . 2007-02-22 06:15	12288	----a-w	c:\windows\system32\drivers\nmwcdcj.sys
2009-05-07 20:07 . 2007-02-22 06:15	12288	----a-w	c:\windows\system32\drivers\nmwcdcm.sys
2009-05-07 20:07 . 2007-02-22 06:15	8320	----a-w	c:\windows\system32\drivers\nmwcdc.sys
2009-05-07 20:07 . 2007-02-22 06:15	65536	----a-w	c:\windows\system32\nmwcdcocls.dll
2009-05-07 20:07 . 2007-02-22 06:15	137216	----a-w	c:\windows\system32\drivers\nmwcd.sys
2009-05-07 20:07 . 2007-02-22 06:15	90624	----a-w	c:\windows\system32\nmwcdcls.dll
2009-05-07 20:07 . 2009-05-07 20:07	--------	d-----w	c:\program files\Nokia
2009-05-07 20:04 . 2009-05-07 20:04	--------	d-----w	c:\documents and settings\All Users\Application Data\ESET
2009-05-06 13:22 . 2009-05-06 13:22	--------	d-----w	c:\documents and settings\Я\Local Settings\Application Data\Ahead
2009-05-06 13:21 . 2009-05-06 13:21	--------	d-----w	c:\documents and settings\Я\Application Data\Ahead
2009-05-06 13:21 . 2009-05-06 13:21	--------	d-----w	c:\program files\Common Files\Ahead
2009-05-06 13:21 . 2009-05-06 13:21	--------	d-----w	c:\program files\Nero
2009-05-05 14:02 . 2009-05-05 14:02	--------	d-----w	c:\program files\Microsoft Works
2009-05-05 14:01 . 2009-05-05 14:01	--------	d-----w	c:\documents and settings\Я\Local Settings\Application Data\Microsoft Help
2009-05-05 14:01 . 2009-05-05 14:01	--------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-05 13:59 . 1999-11-10 08:05	86016	----a-w	c:\windows\unvise32qt.exe
2009-05-05 13:58 . 2009-05-05 13:59	--------	d-----w	c:\windows\system32\QuickTime
2009-05-05 13:58 . 2009-05-05 13:59	--------	d-----w	c:\program files\QuickTime
2009-05-05 13:58 . 2009-05-05 13:58	--------	d-----w	c:\documents and settings\All Users\Application Data\QuickTime
2009-05-05 13:58 . 2008-07-31 22:17	9200	------w	c:\windows\system32\drivers\cdralw2k.sys
2009-05-05 13:58 . 2008-07-31 22:17	9072	------w	c:\windows\system32\drivers\cdr4_xp.sys
2009-05-05 13:58 . 2009-05-05 13:58	--------	d-----w	c:\documents and settings\Я\Local Settings\Application Data\Google
2009-05-05 13:58 . 2009-05-05 13:58	--------	d-----w	c:\windows\system32\IOSUBSYS
2009-05-05 13:58 . 2009-05-05 13:58	--------	d-----w	c:\program files\Google
2009-05-05 13:55 . 2009-05-05 13:55	--------	d-----w	c:\program files\Winamp
2009-05-05 13:54 . 2009-05-05 13:54	--------	d-----w	c:\documents and settings\Я\Application Data\ACD Systems
2009-05-05 13:53 . 2009-05-05 13:53	--------	d-----w	c:\documents and settings\Я\Local Settings\Application Data\ACD Systems
2009-05-05 13:53 . 2009-05-05 13:53	--------	d-----w	c:\program files\Common Files\ACD Systems
2009-05-05 13:53 . 2009-05-05 13:53	10368	----a-w	c:\windows\system32\drivers\pfc.sys
2009-05-05 13:47 . 2009-05-05 13:47	--------	d-----w	c:\windows\Downloaded Installations
2009-05-05 13:33 . 2009-05-05 13:33	--------	d-----w	c:\documents and settings\Я\Application Data\CyberLink
2009-05-05 13:31 . 2009-05-05 13:31	--------	d-----w	c:\documents and settings\All Users\Application Data\CyberLink
2009-05-05 13:31 . 2009-05-05 13:31	--------	d-----w	c:\program files\CyberLink
2009-05-05 13:24 . 2008-12-03 07:35	16176	------w	c:\windows\system32\drivers\NVXBAR.SYS
2009-05-05 13:24 . 2008-12-03 07:35	141246	------w	c:\windows\system32\drivers\NVCAP.SYS
2009-05-05 13:23 . 2009-05-05 13:23	--------	d-----w	c:\windows\system32\AGEIA
2009-05-05 13:23 . 2009-05-05 13:23	--------	d-----w	c:\program files\AGEIA Technologies
2009-05-05 13:22 . 2009-05-05 13:22	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-05-05 13:22 . 2009-05-05 13:22	--------	d-----w	c:\windows\nview
2009-05-05 13:22 . 2008-12-03 07:35	453152	----a-w	c:\windows\system32\nvudisp.exe
2009-05-05 13:20 . 2009-05-05 13:20	--------	d-----w	c:\windows\Logs
2009-05-05 13:20 . 2007-03-16 06:11	12256	----a-w	c:\windows\system32\drivers\TBPanel.sys
2009-05-05 13:20 . 2009-05-05 13:20	--------	d-----w	c:\program files\Vtune
2009-05-05 13:13 . 2009-05-05 13:13	--------	d-----w	c:\program files\VIA
2009-05-05 13:13 . 2007-04-11 07:35	331184	------w	c:\windows\system32\difxapi.dll
2009-05-05 13:13 . 2009-05-05 13:13	--------	d-----w	c:\program files\Common Files\InstallShield
2009-05-05 13:13 . 2008-06-25 16:47	36864	----a-r	c:\windows\system32\drivers\l1e51x86.sys
2009-05-05 13:13 . 2009-05-05 13:13	--------	d-----w	c:\windows\system32\Atheros_L1e
2009-05-05 13:13 . 2009-05-05 13:13	--------	d--h--w	c:\program files\InstallShield Installation Information
2009-05-05 13:11 . 2009-05-05 13:11	--------	d-----w	c:\windows\system32\DRVSTORE
2009-05-05 13:11 . 2009-05-05 13:11	--------	d-----w	c:\program files\Intel
2009-05-05 13:10 . 2009-05-05 13:10	--------	d-----w	C:\Intel
2009-05-05 13:10 . 2004-08-13 10:56	5810	----a-r	c:\windows\system32\drivers\ASACPI.sys
2009-05-05 13:09 . 2007-12-28 07:22	10296	----a-w	c:\windows\system32\drivers\ASUSHWIO.SYS
2009-05-03 06:38 . 2009-05-03 06:38	--------	d-sh--w	C:\Recycled
2009-05-03 06:28 . 2008-01-28 08:26	26496	----a-w	c:\windows\system32\dllcache\usbstor.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 20:46 . 1979-12-31 20:00	72344	----a-w	c:\windows\system32\perfc019.dat
2009-05-07 20:46 . 1979-12-31 20:00	438852	----a-w	c:\windows\system32\perfh019.dat
2009-04-30 19:38 . 2009-04-30 19:38	--------	d-----w	c:\program files\microsoft frontpage
2009-04-30 19:38 . 2009-04-30 19:38	--------	d-----w	c:\program files\MSXML 6.0
2009-04-30 19:38 . 2009-04-30 19:38	--------	d-----w	c:\program files\MSXML 4.0
2009-04-30 19:38 . 2009-04-30 19:38	--------	d-----w	c:\program files\msi InstallSource MSXML
2009-04-30 19:36 . 2009-04-30 19:36	22564	----a-w	c:\windows\system32\emptyregdb.dat
2009-04-13 12:14 . 2009-04-13 12:14	39424	----a-w	c:\windows\system32\SiteAccess.dll
2009-03-19 07:45 . 2008-08-18 09:27	93848	----a-w	c:\windows\system32\drivers\epfwtdir.sys
2009-03-19 07:44 . 2009-03-19 07:44	107256	----a-w	c:\windows\system32\drivers\ehdrv.sys
2009-03-19 07:41 . 2008-08-18 09:18	113960	----a-w	c:\windows\system32\drivers\eamon.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-12-03 2158592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-05 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\SiteAccess.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.03.2009 11:44 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.08.2008 13:27 93848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19.03.2009 11:44 731840]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [05.05.2009 17:13 36864]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05.05.2009 17:14 238080]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [08.05.2009 0:09 31744]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {719BE3BB-046A-41B4-A868-8B3555E92C63} = 195.98.64.65,195.98.64.66
TCP: {FB4776BB-EF70-4416-B9C5-6E2CF57E7AF5} = 195.98.64.65 195.98.64.66
FF - ProfilePath - c:\documents and settings\Я\Application Data\Mozilla\Firefox\Profiles\tdjybhw9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 14:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-15 14:49
ComboFix-quarantined-files.txt  2009-05-15 10:49

Pre-Run: 7 837 417 472 байт свободно
Post-Run: 7 834 771 456 байт свободно

182