Re: Re: PC DEFENDER

[Аноним]

скачала, следовала инструкциям.
значит так, во время выполнения вылезло окно .что прекращена работа PEV.cfxxe

log.txt

ComboFix 10-08-05.07 — Админ 06.08.2010 19:45:32.1.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.2037.1297 [GMT 4:00]
Running from: c:usersАдминDesktopComboFix.exe
SP: Защитник Windows *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesDef Group
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:program filesWebMoney Advisor
c:program filesWebMoney Advisorwmadvisor.dll
c:programdatahpe957B.dll
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:usersАдминAppDataRoaminggamedel.exe
c:usersАдминAppDataRoamingMicrosoftInternet ExplorerqiPSearchbar.dll
c:usersАдминFavoritesASCIIaas_en.exe
c:usersАдминFavoritesBluesoleil_3.2_VoIP_Multilingual_070421instmsia.exe
c:usersАдминFavoritesBluesoleil_3.2_VoIP_Multilingual_070421instmsiw.exe
c:usersАдминFavoritesBluesoleil_3.2_VoIP_Multilingual_070421setup.exe
c:usersАдминFavoritesProgram FilesCoding Workshopcwtone.exe
c:usersАдминFavoritesProgram FilesCoding Workshopgnmid4cw.exe
c:usersАдминFavoritesProgram FilesCoding WorkshopUNWISE.EXE
c:usersАдминFavoritesProgrammesAdobe Acrobat Reader 6.0.2AdbeRdr602_rus_full.exe
c:usersАдминFavoritesProgrammesCoding Workshop Ringtone Converter 4.5.1setup.exe
c:usersАдминFavoritesProgrammesCssMagicV1.8.exe
c:usersАдминFavoritesProgrammesCursorManiaSetup2.1.50.3-3.exe
c:usersАдминFavoritesProgrammesExpress2.exe
c:usersАдминFavoritesProgrammesflashpaste_pro_4.0_rus.exe
c:usersАдминFavoritesProgrammeshddinsp.exe
c:usersАдминFavoritesProgrammeshidownload.exe
c:usersАдминFavoritesProgrammesinstall_flash_player.exe
c:usersАдминFavoritesProgrammesIvPropisec_Setup.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media EditionCommonMicrosoft SharedMicrosoft Plus!MPAProductActivation.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionAlarm ClockAlarmClock.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionAnalog RecorderAnalogRecorder.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionAudio ConverterAudioConverter.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionCDLMCDLM.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionDancerDancer.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionParty Modepartymode.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionPhotoStoryPhotoStory.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionSync & GoSyncAndGo.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionTour.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionWMP9RedistMPSetupXP.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! Digital Media EditionSetup 2.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPCD Label MakerCDPrint.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPCommonMicrosoft SharedMicrosoft Plus!PlusApp.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPCommonMicrosoft SharedMicrosoft Plus!RegWiz.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPCommonMicrosoft SharedSpeechsapisvr.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPGamesHyperBowlHyperbowl.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPGamesRussian SquareRussSqr.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPGamesThe Labyrinth Plus! EditionTheLabyrinth.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPinstmsia.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPinstmsiw.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPMP3 Audio ConverterAudioConverter.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPPersonal DJPersonDJ.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPsetup.exe
c:usersАдминFavoritesProgrammesMicrosoft Plus! for Windows XPVoice CommandMpSpeak.exe
c:usersАдминFavoritesProgrammesMMPoly.exe
c:usersАдминFavoritesProgrammesMobile Music Polyphonicmobile-music-polyphonic.exe
c:usersАдминFavoritesProgrammesmyproxy-лекарство.exe
c:usersАдминFavoritesProgrammesmyproxy_4.exe
c:usersАдминFavoritesProgrammeso90w_8238.exe
c:usersАдминFavoritesProgrammesoffice2007Enterprise.WWose.exe
c:usersАдминFavoritesProgrammesoffice2007Office.ru-ruDW20.EXE
c:usersАдминFavoritesProgrammesoffice2007Office.ru-rudwtrig20.exe
c:usersАдминFavoritesProgrammesoffice2007setup.exe
c:usersАдминFavoritesProgrammesow32ruru850.exe
c:usersАдминFavoritesProgrammesSAFlashPlayer5.exe
c:usersАдминFavoritesProgrammesSAFlashPlayer6.exe
c:usersАдминFavoritesProgrammessend-to-phone_setup.exe
c:usersАдминFavoritesProgrammessetup_light.exe
c:usersАдминFavoritesProgrammesSGH Flasher DumperSetup.exe
c:usersАдминFavoritesProgrammesSmaller Animals ThumbNailer v7.12.1.4setup.exe
c:usersАдминFavoritesProgrammesStatistXP10.exe
c:usersАдминFavoritesProgrammesSylpheed-2.2.7-win32_setup.exe
c:usersАдминFavoritesProgrammesWallpaperMobilesetup.exe
c:usersАдминFavoritesProgrammesпароCoding Workshop Ringtone Converter 4.5.1setup.exe
c:usersАдминFavoriteswm2.exe
c:usersАдминFavoriteswmacc.exe
c:usersАдминFavoriteswrar351 CEU.exe
c:users9226~1FAVORI~1ASCIIaas_en.exe
c:users9226~1FAVORI~1Bluesoleil_3.2_VoIP_Multilingual_070421instmsia.exe
c:users9226~1FAVORI~1Bluesoleil_3.2_VoIP_Multilingual_070421instmsiw.exe
c:users9226~1FAVORI~1Bluesoleil_3.2_VoIP_Multilingual_070421setup.exe
c:users9226~1FAVORI~1Program FilesCoding Workshopcwtone.exe
c:users9226~1FAVORI~1Program FilesCoding Workshopgnmid4cw.exe
c:users9226~1FAVORI~1Program FilesCoding WorkshopUNWISE.EXE
c:users9226~1FAVORI~1ProgrammesAdobe Acrobat Reader 6.0.2AdbeRdr602_rus_full.exe
c:users9226~1FAVORI~1ProgrammesCoding Workshop Ringtone Converter 4.5.1setup.exe
c:users9226~1FAVORI~1ProgrammesCssMagicV1.8.exe
c:users9226~1FAVORI~1ProgrammesCursorManiaSetup2.1.50.3-3.exe
c:users9226~1FAVORI~1ProgrammesExpress2.exe
c:users9226~1FAVORI~1Programmesflashpaste_pro_4.0_rus.exe
c:users9226~1FAVORI~1Programmeshddinsp.exe
c:users9226~1FAVORI~1Programmeshidownload.exe
c:users9226~1FAVORI~1Programmesinstall_flash_player.exe
c:users9226~1FAVORI~1ProgrammesIvPropisec_Setup.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media EditionCommonMicrosoft SharedMicrosoft Plus!MPAProductActivation.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionAlarm ClockAlarmClock.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionAnalog RecorderAnalogRecorder.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionAudio ConverterAudioConverter.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionCDLMCDLM.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionDancerDancer.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionParty Modepartymode.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionPhotoStoryPhotoStory.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionSync & GoSyncAndGo.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionTour.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media Editionprogram filesMicrosoft Plus! Digital Media EditionWMP9RedistMPSetupXP.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! Digital Media EditionSetup 2.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPCD Label MakerCDPrint.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPCommonMicrosoft SharedMicrosoft Plus!PlusApp.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPCommonMicrosoft SharedMicrosoft Plus!RegWiz.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPCommonMicrosoft SharedSpeechsapisvr.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPGamesHyperBowlHyperbowl.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPGamesRussian SquareRussSqr.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPGamesThe Labyrinth Plus! EditionTheLabyrinth.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPinstmsia.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPinstmsiw.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPMP3 Audio ConverterAudioConverter.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPPersonal DJPersonDJ.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPsetup.exe
c:users9226~1FAVORI~1ProgrammesMicrosoft Plus! for Windows XPVoice CommandMpSpeak.exe
c:users9226~1FAVORI~1ProgrammesMMPoly.exe
c:users9226~1FAVORI~1ProgrammesMobile Music Polyphonicmobile-music-polyphonic.exe
c:users9226~1FAVORI~1Programmesmyproxy-лекарство.exe
c:users9226~1FAVORI~1Programmesmyproxy_4.exe
c:users9226~1FAVORI~1Programmeso90w_8238.exe
c:users9226~1FAVORI~1Programmesoffice2007Enterprise.WWose.exe
c:users9226~1FAVORI~1Programmesoffice2007Office.ru-ruDW20.EXE
c:users9226~1FAVORI~1Programmesoffice2007Office.ru-rudwtrig20.exe
c:users9226~1FAVORI~1Programmesoffice2007setup.exe
c:users9226~1FAVORI~1Programmesow32ruru850.exe
c:users9226~1FAVORI~1ProgrammesSAFlashPlayer5.exe
c:users9226~1FAVORI~1ProgrammesSAFlashPlayer6.exe
c:users9226~1FAVORI~1Programmessend-to-phone_setup.exe
c:users9226~1FAVORI~1Programmessetup_light.exe
c:users9226~1FAVORI~1ProgrammesSGH Flasher DumperSetup.exe
c:users9226~1FAVORI~1ProgrammesSmaller Animals ThumbNailer v7.12.1.4setup.exe
c:users9226~1FAVORI~1ProgrammesStatistXP10.exe
c:users9226~1FAVORI~1ProgrammesSylpheed-2.2.7-win32_setup.exe
c:users9226~1FAVORI~1ProgrammesWallpaperMobilesetup.exe
c:users9226~1FAVORI~1ProgrammesпароCoding Workshop Ringtone Converter 4.5.1setup.exe
c:users9226~1FAVORI~1wm2.exe
c:users9226~1FAVORI~1wmacc.exe
c:users9226~1FAVORI~1wrar351 CEU.exe
c:windowssystem32AutoRun.inf

---

BITS: Possible infected sites

---

hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2025-12-08 01:06 . 2004-07-22 11:51 2333776 —-a-w- c:usersАдминICQLite.exe
2025-12-08 01:05 . 2005-04-25 05:33 819200 —-a-w- c:usersАдминSAFlashPlayer6.exe
2025-12-08 01:02 . 2007-12-25 20:49

---

d

---

w- c:usersАдминACD Systems
2010-08-06 16:05 . 2010-08-06 16:05

---

d

---

w- c:usersDefaultAppDataLocaltemp
2010-08-06 12:47 . 2010-08-06 12:47

---

d

---

w- C:_OTM
2010-08-06 12:03 . 2010-08-06 15:06

---

d

---

w- c:program filestrend micro
2010-08-06 12:02 . 2010-08-06 12:06

---

d

---

w- C:rsit
2010-08-06 10:55 . 2010-08-06 10:55

---

d

---

w- c:usersАдминAppDataLocalESET
2010-08-06 09:00 . 2010-08-06 09:00

---

d

---

w- c:usersАдминAppDataRoamingnod32 updater
2010-08-02 16:33 . 2010-08-02 16:34

---

d

---

w- c:usersМама.СВЕТЛАНАПереславль 2010
2010-07-25 19:35 . 2010-07-25 19:35 122880 —-a-w- c:usersАдминAppDataRoamingRealUpdatesetup3.12RUPinst_configcompat.dll
2010-07-25 11:34 . 2010-07-25 11:34 452104 —-a-w- c:usersАдминAppDataRoamingRealUpdatesetup3.12setup.exe
2010-07-09 12:11 . 2010-07-09 12:11

---

d

---

w- c:program filesiPod
2010-07-09 12:11 . 2010-07-09 12:13

---

d

---

w- c:programdata{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-09 12:11 . 2010-07-09 12:13

---

d

---

w- c:program filesiTunes
2010-07-09 11:51 . 2010-07-09 11:51 72504 —-a-w- c:programdataApple ComputerInstaller CacheiTunes 9.2.0.61SetupAdmin.exe
2010-07-09 11:42 . 2010-07-09 11:42 71992 —-a-w- c:programdataApple ComputerInstaller CacheSafari 5.33.16.0SetupAdmin.exe
2010-07-09 09:34 . 2010-07-09 09:35

---

d

---

w- c:usersАдминdwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 16:05 . 2007-12-01 04:38 4718592 —-a-w- c:usersАдминntuser.dat
2010-08-06 15:48 . 2006-11-09 07:21 711856 —-a-w- c:windowssystem32perfh019.dat
2010-08-06 15:48 . 2006-11-09 07:21 148664 —-a-w- c:windowssystem32perfc019.dat
2010-08-06 15:39 . 2008-09-11 11:26

---

d

---

w- c:usersАдминAppDataRoamingICQ
2010-08-06 15:30 . 2008-07-24 09:09 3932160 —ha-w- c:usersПапаntuser.dat
2010-08-06 15:28 . 2008-07-23 10:42 3407872 —ha-w- c:usersМама.СВЕТЛАНАntuser.dat
2010-08-06 15:28 . 2008-07-19 12:20 1310720 —ha-w- c:usersМамаNTUSER.DAT
2010-08-06 11:10 . 2009-12-16 19:22

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2010-08-06 09:50 . 2007-03-06 12:48

---

d

---

w- c:program filesGoogle
2010-08-06 09:47 . 2007-12-01 04:38

---

d

---

w- c:usersАдминAppDataRoamingGoogle
2010-08-06 09:44 . 2008-03-16 11:05

---

d

---

w- c:program filesCommon FilesACD Systems
2010-08-06 09:39 . 2009-08-08 13:57

---

d

---

w- c:usersАдминAppDataRoamingYandex
2010-08-06 09:00 . 2010-08-06 09:00

---

d

---

w- c:usersАдминAppDataRoamingnod32 updater
2010-08-06 08:54 . 2007-12-23 11:45

---

d

---

w- c:program filesESET
2010-08-06 08:50 . 2009-05-12 04:27

---

d

---

w- c:usersАдминAppDataRoamingBitTorrent
2010-08-02 20:37 . 2009-05-24 16:36

---

d

---

w- c:usersАдминAppDataRoamingApple Computer
2010-07-31 11:47 . 2008-07-24 09:10 106040 —-a-w- c:usersПапаAppDataLocalGDIPFONTCACHEV1.DAT
2010-07-25 19:35 . 2010-07-25 19:35 122880 —-a-w- c:usersАдминAppDataRoamingRealUpdatesetup3.12RUPinst_configcompat.dll
2010-07-25 11:34 . 2010-07-25 11:34 452104 —-a-w- c:usersАдминAppDataRoamingRealUpdatesetup3.12setup.exe
2010-07-25 11:23 . 2009-05-12 04:27

---

d

---

w- c:usersАдминAppDataRoamingDNA
2010-07-09 12:11 . 2009-05-24 16:30

---

d

---

w- c:program filesCommon FilesApple
2010-07-09 12:05 . 2009-06-26 12:07

---

d

---

w- c:program filesQuickTime
2010-07-09 11:55 . 2008-09-23 11:21

---

d

---

w- c:program filesBonjour
2010-07-09 11:46 . 2009-05-24 16:14

---

d

---

w- c:program filesSafari
2010-07-07 16:49 . 2007-12-01 04:38 106040 —-a-w- c:usersАдминAppDataLocalGDIPFONTCACHEV1.DAT
2010-07-07 07:26 . 2010-07-07 07:26

---

d

---

w- c:program filesCCleaner
2010-06-30 17:49 . 2010-06-30 17:49

---

d

---

w- c:programdataFriday’s games
2010-06-30 17:49 . 2010-06-12 15:41

---

d

---

w- c:program filesAlawar.ru
2010-06-30 17:47 . 2010-06-30 17:45

---

d

---

w- c:usersАдминAppDataRoamingSprillBermudeRus
2010-06-28 18:32 . 2010-06-28 18:32

---

d

---

w- c:programdataПтички Пираты
2010-06-28 16:30 . 2010-03-06 20:55 439816 —-a-w- c:usersАдминAppDataRoamingRealUpdatesetup3.10setup.exe
2010-06-27 05:33 . 2010-06-27 05:33

---

d

---

w- c:usersАдминAppDataRoamingGaijin Ent
2010-06-24 15:36 . 2010-06-22 13:14

---

d

---

w- c:program filesICQ7.2
2010-06-24 15:35 . 2007-03-06 08:06

---

d—h—w- c:program filesInstallShield Installation Information
2010-06-23 15:15 . 2008-07-23 10:43 106040 —-a-w- c:usersМама.СВЕТЛАНАAppDataLocalGDIPFONTCACHEV1.DAT
2010-06-22 13:20 . 2009-04-23 11:14

---

d

---

w- c:program filesICQ6.5
2010-06-19 16:53 . 2010-06-19 16:53

---

d

---

w- c:programdataPlayrix Entertainment
2010-06-19 14:11 . 2010-06-19 14:11

---

d

---

w- c:programdataBC Soft Games
2010-06-12 15:42 . 2010-06-12 15:42

---

d

---

w- c:programdataRumbic Studio
2010-06-08 20:49 . 2008-01-02 01:00

---

d

---

w- c:program filesMicrosoft Silverlight
2010-05-21 10:14 . 2009-10-03 08:51 221568

---

w- c:windowssystem32MpSigStub.exe
2010-05-18 12:35 . 2010-05-18 12:35 91424 —-a-w- c:windowssystem32dnssd.dll
2010-05-18 12:35 . 2010-05-18 12:35 197920 —-a-w- c:windowssystem32dnssdX.dll
2010-05-18 12:35 . 2010-05-18 12:35 107808 —-a-w- c:windowssystem32dns-sd.exe
2009-12-21 11:18 . 2008-12-09 21:11 119808 —-a-w- c:program filesmozilla firefoxcomponentsGoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 13:24 325000 —-a-w- c:program filesAskBarDisbarbinaskBar.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{963B125B-8B21-49A2-A3A8-E37092276531}]
2009-12-01 07:28 125952 —-a-w- c:program filesGet-Styles 2.0utilsupdatebho.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{9B5FB65F-631E-4564-ABF2-AD71845B28E0}]
2010-05-31 05:14 226016 —-a-w- c:program filesGet-Styles 2.0iejsloader.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 13:15 1345336 —-a-w- c:program filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3041d03e-fd4b-44e0-b742-2d9b88305f98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-09-29 325000]
«{EEE6C35B-6118-11DC-9C72-001320C79847}»= «c:program filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll» [2009-10-19 1345336]
«{5BCDC9E9-A980-4B53-B2E8-60CFF484DA61}»= «c:program filesGet-Styles 2.0ietoolbar.dll» [2010-05-31 130272]

[HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.IEToolbar]

[HKEY_CLASSES_ROOTclsid{5bcdc9e9-a980-4b53-b2e8-60cff484da61}]
[HKEY_CLASSES_ROOTScriptedStar.Bar.2]
[HKEY_CLASSES_ROOTTypeLib{B124F09B-1B6C-431D-BE2D-DBA6864A8897}]
[HKEY_CLASSES_ROOTScriptedStar.Bar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{EEE6C35B-6118-11DC-9C72-001320C79847}»= «c:program filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll» [2009-10-19 1345336]
«{3041D03E-FD4B-44E0-B742-2D9B88305F98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-09-29 325000]

[HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.IEToolbar]

[HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-19 125952]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2008-01-19 202240]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-19 1008184]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-01-24 98304]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-01-24 106496]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-01-24 81920]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-02-06 4317184]
«Apoint»=»c:program filesApointApoint.exe» [2007-01-12 118784]
«ISBMgr.exe»=»c:program filesSonyISB UtilityISBMgr.exe» [2007-01-22 321656]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2009-12-21 30192]
«Adobe Photo Downloader»=»c:program filesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe» [2007-03-09 63712]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2009-05-03 198160]
«AppleSyncNotifier»=»c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe» [2009-08-13 177440]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-07-13 7975608]
«SweetIM»=»c:program filesSweetIMMessengerSweetIM.exe» [2009-10-20 111928]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-14 39792]
«AdobeAAMUpdater-1.0″=»c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe» [2010-05-26 500208]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2010-03-18 421888]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2010-06-15 141624]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2010-04-07 2145000]

c:usersЏ Ї AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
‚л१Є нЄа ­ Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2009-2-26 97680]

c:usersЂ¤¬Ё­AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyVESWinlogon]
2007-02-13 12:19 98304 —-a-w- c:windowsSystem32VESWinlogon.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1GoogleGOOGLE~4GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Окно состояния.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsStartupCanon LBP2900 Окно состояния.lnk
backup=c:windowspssCanon LBP2900 Окно состояния.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsStartupHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBitTorrent DNA]
2009-11-15 13:18 323392 —-a-w- c:usersАдминProgram FilesDNAbtdna.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
2007-03-11 17:34 49152 —-a-w- c:program filesHPHP Software UpdatehpwuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroCheck]
2001-07-09 07:50 155648 —-a-w- c:windowsSystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSeaMonkey Quick Launch]
2007-11-28 09:14 151552

---

w- c:program filesmozilla.orgSeaMonkeyseamonkey.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]
2009-09-24 10:41 434176 —-a-w- c:program filesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«QIP2005″=c:program filesQIPqip.exe
«Skype»=»c:program filesSkypePhoneSkype.exe» /nosplash /minimized

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«nod32kui»=»c:program filesEsetnod32kui.exe» /WAITSERVICE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«VistaSp2″=hex(b):3f,72,0f,74,2d,65,ca,01

R2 gupdate1c9cbd35cdc840;Служба Google Update (gupdate1c9cbd35cdc840);c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-03 133104]
R2 OMSI download service;Sony Ericsson OMSI download service;c:program filesSony EricssonSony Ericsson PC SuiteSupServ.exe [2009-04-30 90112]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [2009-12-21 30192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2010-04-29 38224]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:windowssystem32DRIVERSs816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:windowssystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:windowssystem32DRIVERSs816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:windowssystem32DRIVERSs816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:windowssystem32DRIVERSs816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:windowssystem32DRIVERSs816unic.sys [2007-06-19 97704]
R3 Start BT in service;Start BT in service;c:program filesIVT CorporationBlueSoleilStartSkysolSvc.exe [2007-04-21 52080]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:program filessonyVAIO Media Integrated ServerUCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:program filessonyVAIO Media Integrated ServerPlatformSV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:program filessonyVAIO Media Integrated ServerPlatformUPnPFramework.exe [2007-01-16 1089536]
S1 ehdrv;ehdrv;c:windowssystem32DRIVERSehdrv.sys [2010-04-07 114984]
S2 eamonm;eamonm;c:windowssystem32DRIVERSeamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2010-04-07 810120]
S2 epfwwfpr;epfwwfpr;c:windowssystem32DRIVERSepfwwfpr.sys [2010-04-07 96896]
S2 LogWatch;Event Log Watch;c:ca_licLogWatNT.exe [2007-12-15 75016]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:program filesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2009-05-26 29262680]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:windowssystem32DRIVERSseehcri.sys [2008-01-09 27632]
S3 ti21sony;ti21sony;c:windowssystem32driversti21sony.sys [2007-02-08 807424]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the ‘Scheduled Tasks’ folder

2010-08-06 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-03 09:38]

2010-08-06 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-03 09:38]

2010-08-06 c:windowsTasksUser_Feed_Synchronization-{6FDA5319-9A9C-4106-9D39-8D46B5B01DA9}.job
— c:windowssystem32msfeedssync.exe [2009-09-27 07:33]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/?clid=123048
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
Handler: base64 — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — c:program filesGet-Styles 2.0ietdataprotocol.dll
Handler: chrome — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — c:program filesGet-Styles 2.0ietdataprotocol.dll
Handler: prox — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — c:program filesGet-Styles 2.0ietdataprotocol.dll
FF — ProfilePath — c:usersАдминAppDataRoamingMozillaFirefoxProfilesyx6vrkj5.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.sweetim.com/search.asp?src=2&q=
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://yandex.ru/?clid=123049
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?clid=123045&text=
FF — prefs.js: network.proxy.type — 2
FF — component: c:usersАдминAppDataRoamingMozillaFirefoxProfilesyx6vrkj5.defaultextensionslazarus@interclue.complatformWINNT_x86-msvccomponentsWeaveCrypto.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.29npGoogleOneClick8.dll
FF — plugin: c:program filesJavajre1.6.0binnpjpi160.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpkimi.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbaam7a8h», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.count», 24);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.size», 4096);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-ICQ — ~c:program filesICQ7.2ICQ.exe
MSConfigStartUp-VKontakte — c:program filesAgent VkontakteAgentVkontakte.exe
AddRemove-Get-Styles for Chrome — c:program filesGet-Styles 2.0chuninstall.exe
AddRemove-Magic ASCII Studio_is1 — c:program filesMagic ASCII Studiounins000.exe
AddRemove-NIS — c:program filesNortonInstaller{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NISA5E82D0216.0.0.125InstStub.exe
AddRemove-Picasa2 — c:program filesPicasa2Uninstall.exe
AddRemove-QIP 2005 — c:program filesQIPunins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 20:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86507918]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0x83362d24
DriverACPI -> acpi.sys @ 0x82a9ed68
Driveratapi -> 0x86507918
IoDeviceObjectType ->DeviceHarddisk0DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
«MSCurrentCountry»=dword:000000b8

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000001

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}007AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}008AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}009AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2010-08-06 20:10:42
ComboFix-quarantined-files.txt 2010-08-06 16:10

Pre-Run: 15 087 235 072 байт свободно
Post-Run: 16 591 724 544 байт свободно

— — End Of File — — 0CDC002C03B5CA431F7119A352687EC8