Вот помучался с комбофиксом! вот его лог ))
ComboFix 10-07-22.01 — Админ 24.07.2010 16:50:37.2.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.3070.1782 [GMT 3:00]
Running from: D:ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:program filesWebMoney Advisor
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll
c:programdatacommon.data
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:usersАдминAppDataLocalsvchost.exe
c:usersАдминAppDataRoamingkyrnmy.exe
c:usersАдминAppDataRoamingsbeb.exe
c:usersАдминoashdihasidhasuidhiasdhiashdiuasdhasd
c:usersАдминproxy_port
c:usersАдминsecupdat.dat
c:usersАдминsvchost.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://bar.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.
2010-07-23 06:40 . 2010-07-23 06:40
d
w- C:_OTM
2010-07-16 07:16 . 2010-07-16 07:16
d
w- c:usersАдминDoctorWeb
2010-07-14 21:38 . 2010-07-23 06:55
d
w- c:program filestrend micro
2010-07-14 21:38 . 2010-07-14 21:39
d
w- C:rsit
2010-07-02 08:28 . 2010-07-02 08:28
d
w- c:programdataNVIDIA Corporation
2010-07-02 08:27 . 2010-06-07 23:57 56936 —-a-w- c:windowssystem32OpenCL.dll
2010-07-02 08:27 . 2010-06-07 23:57 10888168 —-a-w- c:windowssystem32driversnvlddmkm.sys
2010-07-02 08:27 . 2010-06-07 23:57 9712744 —-a-w- c:windowssystem32nvd3dum.dll
2010-07-02 08:27 . 2010-06-07 23:57 4967528 —-a-w- c:windowssystem32nvwgf2um.dll
2010-07-02 08:27 . 2010-06-07 23:57 15764072 —-a-w- c:windowssystem32nvoglv32.dll
2010-07-02 08:27 . 2010-06-07 23:57 4513384 —-a-w- c:windowssystem32nvcuda.dll
2010-07-02 08:27 . 2010-06-07 23:57 2632296 —-a-w- c:windowssystem32nvcuvenc.dll
2010-07-02 08:27 . 2010-06-07 23:57 232040 —-a-w- c:windowssystem32nvcod1921.dll
2010-07-02 08:27 . 2010-06-07 23:57 232040 —-a-w- c:windowssystem32nvcod.dll
2010-07-02 08:27 . 2010-06-07 23:57 2145896 —-a-w- c:windowssystem32nvcuvid.dll
2010-07-02 08:27 . 2010-06-07 23:57 1592424 —-a-w- c:windowssystem32nvapi.dll
2010-07-02 08:27 . 2010-06-07 23:57 10263144 —-a-w- c:windowssystem32nvcompiler.dll
2010-07-01 12:30 . 2010-07-01 12:46
d
w- c:usersАдминAppDataLocalWMTools Downloaded Files
2010-07-01 11:46 . 2010-07-01 15:54
d
w- c:program filesMovie Maker 2.6
2010-06-29 09:19 . 2010-06-29 09:19
d
w- c:usersАдминAppDataLocalHTC
2010-06-29 09:19 . 2010-06-29 09:19
d
w- c:programdataHTC
2010-06-29 09:18 . 2010-06-29 09:19
d
w- c:programdataTeleca
2010-06-29 09:17 . 2010-06-29 09:17
d
w- c:program filesSpirent Communications
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 14:30 . 2008-09-09 16:10 7340032 —sha-w- c:usersАдминNTUSER.DAT
2010-07-24 14:28 . 2010-07-02 09:24 36917 —-a-w- c:programdatanvModes.dat
2010-07-24 14:28 . 2008-10-02 21:11 1351712 —sha-w- c:windowssystem32driversfidbox2.dat
2010-07-24 14:28 . 2008-10-02 21:11 6748 —sha-w- c:windowssystem32driversfidbox2.idx
2010-07-24 14:28 . 2008-06-05 10:36 45056 —-a-w- c:windowssystem32acovcnt.exe
2010-07-24 14:26 . 2008-10-02 21:11 84364 —sha-w- c:windowssystem32driversfidbox.idx
2010-07-24 14:26 . 2008-10-02 21:11 10526240 —sha-w- c:windowssystem32driversfidbox.dat
2010-07-24 14:26 . 2008-04-13 23:55 12 —-a-w- c:windowsbthservsdp.dat
2010-07-24 13:41 . 2008-01-21 05:44 694088 —-a-w- c:windowssystem32perfh019.dat
2010-07-24 13:41 . 2008-01-21 05:44 144180 —-a-w- c:windowssystem32perfc019.dat
2010-07-24 09:47 . 2009-04-14 07:20
d
w- c:usersАдминAppDataRoamingSkype
2010-07-24 09:23 . 2008-10-02 07:36
d
w- c:usersАдминAppDataRoaminguTorrent
2010-07-24 07:34 . 2009-04-14 07:25
d
w- c:usersАдминAppDataRoamingskypePM
2010-07-23 16:56 . 2008-12-16 10:03
d
w- c:usersАдминAppDataRoamingDMCache
2010-07-23 16:55 . 2010-01-16 16:45
d
w- c:program filesSteam
2010-07-23 16:55 . 2008-10-02 21:11
d
w- c:programdataKaspersky Lab
2010-07-19 21:36 . 2010-01-16 16:59
d
w- c:program filesCommon FilesSteam
2010-07-15 07:58 . 2008-10-02 21:11 97549 —-a-w- c:windowssystem32driversklick.dat
2010-07-15 07:58 . 2008-10-02 21:11 113933 —-a-w- c:windowssystem32driversklin.dat
2010-07-14 14:29 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2010-07-14 13:11 . 2008-09-29 12:09
d
w- c:usersАдминAppDataRoamingWebMoney
2010-07-13 13:12 . 2008-09-29 11:58
d
w- c:program filesWebMoney
2010-07-10 21:40 . 2010-06-03 08:29 1 —-a-w- c:usersАдминAppDataRoamingOpenOffice.org3useruno_packagescachestamp.sys
2010-07-09 20:09 . 2008-10-19 11:52
d
w- c:program filesOpera
2010-07-02 08:31 . 2008-06-05 10:36
d
w- c:programdataNVIDIA
2010-07-02 08:29 . 2010-04-03 14:06
d
w- c:program filesNVIDIA Corporation
2010-07-02 08:20 . 2008-09-18 14:28 1356 —-a-w- c:usersАдминAppDataLocald3d9caps.dat
2010-06-29 09:20 . 2010-06-21 08:22
d
w- c:usersАдминAppDataRoamingTeleca
2010-06-29 09:19 . 2010-06-21 08:20
d
w- c:program filesCommon FilesTeleca Shared
2010-06-29 09:17 . 2010-06-21 08:18
d
w- c:program filesHTC
2010-06-23 18:01 . 2009-07-19 21:37
d
w- c:program filesGarena
2010-06-21 08:37 . 2010-06-21 08:37 0 —ha-w- c:windowssystem32driversMsft_Kernel_ANDROIDUSB_01007.Wdf
2010-06-19 14:11 . 2010-06-19 14:11
d
w- c:program filesCommon FilesSkype
2010-06-10 05:26 . 2008-09-09 16:17 103800 —-a-w- c:usersАдминAppDataLocalGDIPFONTCACHEV1.DAT
2010-06-09 08:54 . 2008-06-05 09:23
d
w- c:programdataMicrosoft Help
2010-06-08 18:08 . 2010-06-08 18:08
d
w- c:programdataYandex
2010-06-08 18:08 . 2008-10-05 16:05
d
w- c:usersАдминAppDataRoamingYandex
2010-06-08 18:07 . 2010-06-08 18:07
d
w- c:program filesYandex
2010-06-08 18:07 . 2010-06-08 18:07
d
w- c:program filesuTorrent
2010-06-08 17:27 . 2010-06-08 17:27 16384 —-a-w- c:usersАдминAppDataRoamingThinstallAuslogics BoostSpeedSKEL8ebe69ac374e57dc92b6dc3d27c92b8141f8e0.Console.EXE
2010-06-08 17:27 . 2010-06-08 17:27
d
w- c:usersАдминAppDataRoamingThinstall
2010-06-08 08:49 . 2010-06-08 08:49
d
w- c:program filesCommon FilesJava
2010-06-08 08:49 . 2010-06-08 08:49 411368 —-a-w- c:windowssystem32deployJava1.dll
2010-06-08 08:48 . 2010-06-08 08:48
d
w- c:program filesJava
2010-06-07 23:57 . 2010-07-02 08:27 10920 —-a-w- c:windowssystem32driversnvBridge.kmd
2010-06-07 14:47 . 2010-06-07 14:47 66664 —-a-w- c:windowssystem32nvshext.dll
2010-06-07 14:47 . 2010-06-07 14:47 255592 —-a-w- c:windowssystem32nvhotkey.dll
2010-06-07 14:47 . 2010-06-07 14:47 1691752 —-a-w- c:windowssystem32nvsvcr.dll
2010-06-07 14:47 . 2010-06-07 14:47 13917800 —-a-w- c:windowssystem32nvcpl.dll
2010-06-07 14:47 . 2010-06-07 14:47 1331816 —-a-w- c:windowssystem32nvsvc.dll
2010-06-07 14:47 . 2010-06-07 14:47 129640 —-a-w- c:windowssystem32nvvsvc.exe
2010-06-07 14:47 . 2010-06-07 14:47 110696 —-a-w- c:windowssystem32nvmctray.dll
2010-06-04 09:39 . 2010-06-03 08:25
d
w- c:program filesOpenOffice.org 3
2010-06-04 09:34 . 2010-06-04 09:34
d
w- c:program filesJRE
2010-06-03 08:28 . 2010-06-03 08:28
d
w- c:usersАдминAppDataRoamingOpenOffice.org
2010-05-26 17:06 . 2010-06-09 23:36 34304 —-a-w- c:windowssystem32atmlib.dll
2010-05-26 14:47 . 2010-06-09 23:36 289792 —-a-w- c:windowssystem32atmfd.dll
2010-05-21 11:14 . 2009-10-02 18:53 221568
w- c:windowssystem32MpSigStub.exe
2010-05-04 05:59 . 2010-06-09 23:36 916480 —-a-w- c:windowssystem32wininet.dll
2010-05-04 05:55 . 2010-06-09 23:36 71680 —-a-w- c:windowssystem32iesetup.dll
2010-05-04 05:55 . 2010-06-09 23:36 109056 —-a-w- c:windowssystem32iesysprep.dll
2010-05-04 04:31 . 2010-06-09 23:36 133632 —-a-w- c:windowssystem32ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 23:35 2037248 —-a-w- c:windowssystem32win32k.sys
2010-04-26 20:48 . 2010-04-26 20:48 165296 —-a-w- c:usersАдминAppDataRoamingIDMidmmzcc2componentsidmmzcc.dll
2008-04-22 18:25 . 2008-10-31 10:28 47354036 —-a-w- c:program filesHelicon Filter_by_kriss.exe
2008-10-12 13:40 . 2008-10-12 13:37 952 —sha-w- c:windowsSystem32KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-06-01 10336584]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-06-01 10336584]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2009-04-11 1233920]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-21 125952]
«Steam»=»c:program filessteamsteam.exe» [2010-05-11 1238352]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-07-24 490952]
«IDMan»=»c:program filesInternet Download ManagerIDMan.exe» [2008-10-28 2606512]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2010-06-08 322352]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-21 1008184]
«ATKOSD2″=»c:program filesATKOSD2ATKOSD2.exe» [2007-10-17 7737344]
«RtHDVCpl»=»RtHDVCpl.exe» [2008-01-15 4874240]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-21 36864]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2007-11-16 1029416]
«ATKMEDIA»=»c:program filesASUSATK MediaDMEDIA.EXE» [2006-11-02 61440]
«ASUS Camera ScreenSaver»=»c:windowsASScrProlog.exe» [2008-06-05 37232]
«ASUS Screen Saver Protector»=»c:windowsASScrPro.exe» [2008-06-05 33136]
«CognizanceTS»=»c:progra~1ASUSSE~1ASUSSE~1BinASTSVCC.dll» [2003-12-21 17920]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-10-15 208616]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2009-10-19 210400]
«Windows Mobile Device Center»=»c:windowsWindowsMobilewmdc.exe» [2007-05-31 648072]
«Skytel»=»Skytel.exe» [2007-11-20 1826816]
«AdobeAAMUpdater-1.0″=»c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe» [2010-05-11 500208]
«SwitchBoard»=»c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe» [2010-02-19 517096]
«AdobeCS5ServiceManager»=»c:program filesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe» [2010-02-22 406992]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«Mobile Connectivity Suite»=»c:program filesHTCHTC SyncApplication LauncherApplication Launcher.exe» [2009-11-19 598016]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowsSystem32APSHook.dll c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll c:progra~1KASPER~1KASPER~1adialhk.dll c:progra~1KASPER~1KASPER~1kloehk.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-02-27 14:10 35696 —-a-w- c:program filesAdobeReader 9.0Readerreader_sl.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
2008-07-24 15:02 490952 —-a-w- c:program filesDAEMON Tools Litedaemon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2010-05-13 13:12 26192168 —-a-r- c:program filesSkypePhoneSkype.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«VistaSp2″=hex(b):ab,03,5c,9c,9b,37,ca,01
R3 aw32bus;ASUS Device W32 Driver driver (WDM);c:windowssystem32DRIVERSaw32bus.sys [2007-06-20 83456]
R3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter;c:windowssystem32DRIVERSaw32mdfl.sys [2007-06-20 14848]
R3 aw32mdm;ASUS Device W32 USB WMC Modem Driver;c:windowssystem32DRIVERSaw32mdm.sys [2007-06-20 109696]
R3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSaw32mgmt.sys [2007-06-20 102912]
R3 HTCAND32;HTC Device Driver;c:windowssystem32DriversANDROIDUSB.sys [2009-06-10 24576]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:windowssystem32DRIVERSewusbdev.sys [2009-10-12 101120]
R3 itecir;ITECIR Infrared Receiver;c:windowssystem32DRIVERSitecir.sys [2007-06-20 49664]
R3 SwitchBoard;SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;c:windowssystem32Driverssptd.sys [2008-09-15 717296]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-02-12 33808]
S0 lullaby;lullaby;c:windowssystem32DRIVERSlullaby.sys [2007-09-26 15416]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S2 ASBroker;Logon Session Broker;c:windowsSystem32svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe [2008-01-21 21504]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:windowssystem32DRIVERSetDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:windowssystem32DRIVERSetFilter.sys [2007-10-15 206336]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
S3 ScanUSBET;ET USB Still Image Capture Device;c:windowssystem32DRIVERSetScan.sys [2007-09-06 6656]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 13:56 451872 —-a-w- c:program filesCommon FilesLightScribeLSRunOnce.exe
.
Contents of the ‘Scheduled Tasks’ folder
2010-07-24 c:windowsTasksUser_Feed_Synchronization-{FA06EA3E-F23F-4491-B3CF-C15E55239616}.job
— c:windowssystem32msfeedssync.exe [2010-06-09 04:30]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=47639
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Загрузить FLV видео содержимое с помощью IDM — c:program filesInternet Download ManagerIEGetVL.htm
IE: Загрузить все ссылки с помощью IDM — c:program filesInternet Download ManagerIEGetAll.htm
IE: Загрузить с помощью IDM — c:program filesInternet Download ManagerIEExt.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — c:program filesPokerStars.NETPokerStarsUpdate.exe
LSP: c:windowssystem32idmmbc.dll
TCP: {89044238-E038-4724-ADE3-C544860C93D3} = 77.244.45.1,77.244.45.4
.
— — — — ORPHANS REMOVED — — — —
HKCU-Run-AdobeBridge — (no file)
HKCU-Run-RGSC — d:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe
MSConfigStartUp-AdobeCS4ServiceManager — c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} — c:program filesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}setup.exe
AddRemove-{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_update1.0.2.608 — c:program files1CАнабиоз Сон разумаunins001.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 17:28
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{0be0946b-fc0b-40b0-bd19-21f08ca7834d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
«Model»=dword:0000006f
«Therad»=dword:00000021
«MData»=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,da,f5,91,cf,e7,ac,02,f9,dc,aa,71,6d,8e,4b,c5,25,c8,de,06,43,c7,8e,
[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
«scansk»=hex(0):25,19,2f,ee,83,c3,08,ac,88,6a,b2,39,e9,17,4f,03,ab,ed,37,21,c9,
77,a5,2d,2e,7e,69,9d,28,f0,e3,03,96,09,93,06,e1,5d,c9,aa,00,00,00,00,00,00,
[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):be,0a,e2,bb,41,8f,da,5a,af,7b,a3,06,b4,48,ae,da,ae,d6,65,ba,23,
5e,d2,50,6e,d5,b8,94,ee,be,e4,c3,e9,82,ce,e1,d9,1a,80,dd,00,00,00,00,00,00,
[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{b5b8374d-5318-4353-80dc-b6b1daa86b1f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
«Model»=dword:0000005c
«Therad»=dword:00000020
«MData»=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,29,e6,87,c4,17,da,eb,22,69,a7,5c,af,11,aa,
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
«MSCurrentCountry»=dword:000000b5
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}007AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}008AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(1772)
c:windowssystem32APSHook.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinItClient.dll
c:program filesNokiaNokia PC Suite 7phonebrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.
Other Running Processes
.
c:windowssystem32nvvsvc.exe
c:windowssystem32nvvsvc.exe
c:program filesATK HotkeyASLDRSrv.exe
c:program filesATKGFNEXGFNEXSrv.exe
c:windowssystem32WLANExt.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesIntelWirelessBinEvtEng.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesCommon FilesNeroNero BackItUp 4NBService.exe
c:windowssystem32PnkBstrA.exe
c:program filesIntelWirelessBinRegSrvc.exe
c:program filesASUSNB ProbeSPMspmgr.exe
c:program filesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
c:program filesASUSSmartLogonsensorsrv.exe
c:program filesATK HotkeyHcontrol.exe
c:program filesATK HotkeyMsgTranAgt.exe
c:program filesWireless Console 2wcourier.exe
c:program filesP4GBatteryLife.exe
c:program filesASUSSplendidACMON.exe
c:windowsSystem32ACEngSvr.exe
c:program filesATK HotkeyATKOSD.exe
c:program filesATK HotkeyKBFiltr.exe
c:program filesATK HotkeyWDC.exe
c:windowsservicingTrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-24 17:40:05 — machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 14:40
Pre-Run: 4 910 440 448 байт свободно
Post-Run: 4 772 147 200 байт свободно
— — End Of File — — FDB2D7441961EACD423343BB26218457
