Здравствуйте Валерий, вот результат Combofix. ComboFix 10-04-21.01 — Toshiba 21.04.2010 23:23:10.2.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.1021.314 [GMT 4:00]
Running from: c:usersToshibaDownloadsComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081210-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Защитник Windows *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1229 [VPS 081210-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:$recycle.binS-1-5-21-1825386462-1735010782-207331129-500
c:$recycle.binS-1-5-21-2152478756-3922319563-605102323-500
c:$recycle.binS-1-5-21-2931943833-4034439092-3643751013-1002
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:windowssystem32%appdata%
E:install.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
hxxp://bar.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 19:40 . 2010-04-21 19:45
d
w- c:usersToshibaAppDataLocaltemp
2010-04-21 19:40 . 2010-04-21 19:40
d
w- c:usersTEMP.Toshiba-ПК.000AppDataLocaltemp
2010-04-13 20:02 . 2010-02-23 11:10 212992 —-a-w- c:windowssystem32driversmrxsmb10.sys
2010-04-13 20:02 . 2010-02-23 11:10 79360 —-a-w- c:windowssystem32driversmrxsmb20.sys
2010-04-13 20:02 . 2010-02-23 11:10 106496 —-a-w- c:windowssystem32driversmrxsmb.sys
2010-04-13 20:02 . 2010-02-18 14:07 3548040 —-a-w- c:windowssystem32ntoskrnl.exe
2010-04-13 20:02 . 2010-02-18 14:07 3600776 —-a-w- c:windowssystem32ntkrnlpa.exe
2010-04-13 20:02 . 2010-03-05 14:01 420352 —-a-w- c:windowssystem32vbscript.dll
2010-04-13 20:02 . 2010-02-18 14:07 904576 —-a-w- c:windowssystem32driverstcpip.sys
2010-04-13 20:02 . 2010-02-18 13:30 200704 —-a-w- c:windowssystem32iphlpsvc.dll
2010-04-13 20:02 . 2010-02-18 11:28 25088 —-a-w- c:windowssystem32driverstunnel.sys
2010-04-13 20:01 . 2009-12-23 11:33 172032 —-a-w- c:windowssystem32wintrust.dll
2010-04-13 19:58 . 2010-01-13 17:34 98304 —-a-w- c:windowssystem32cabview.dll
2010-04-08 19:30 . 2010-04-08 19:33
d
w- C:rsit
2010-04-07 10:27 . 2009-09-24 03:50 545 —-a-w- c:windowsUC.PIF
2010-04-07 10:27 . 2009-09-24 03:50 545 —-a-w- c:windowsRAR.PIF
2010-04-07 10:27 . 2009-09-24 03:50 545 —-a-w- c:windowsPKZIP.PIF
2010-04-07 10:27 . 2009-09-24 03:50 545 —-a-w- c:windowsPKUNZIP.PIF
2010-04-07 10:27 . 2009-09-24 03:50 545 —-a-w- c:windowsNOCLOSE.PIF
2010-04-07 10:27 . 2009-09-24 03:50 545 —-a-w- c:windowsLHA.PIF
2010-04-07 10:27 . 2009-09-24 03:50 545 —-a-w- c:windowsARJ.PIF
2010-04-07 10:27 . 2010-04-07 10:27
d
w- C:totalcmd
2010-04-07 10:27 . 2010-04-07 10:27
d
w- c:usersToshibaAppDataRoamingGHISLER
2010-04-06 05:29 . 2010-04-06 05:29
d
w- C:perflogs
2010-03-24 22:20 . 2010-03-24 22:20
d
w- c:program filesConduit
2010-03-24 22:20 . 2010-03-24 22:20
d
w- c:program filesAshampoo_RU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 19:41 . 2009-06-09 07:05 12 —-a-w- c:windowsbthservsdp.dat
2010-04-21 19:28 . 2008-06-18 16:45 3932160 —sha-w- c:usersЮлияntuser.dat
2010-04-21 19:16 . 2008-12-02 16:45
d
w- c:usersToshibaAppDataRoaminguTorrent
2010-04-21 11:45 . 2009-10-20 04:25
d
w- c:program filesSpyware Doctor
2010-04-21 05:52 . 2009-05-07 17:38 99664 —-a-w- c:programdatanvModes.dat
2010-04-20 04:00 . 2009-10-15 05:20
d
w- c:usersToshibaAppDataRoamingskypePM
2010-04-20 02:00 . 2009-12-04 17:08
d
w- c:usersToshibaAppDataRoamingSkype
2010-04-19 17:31 . 2008-10-22 19:31
d
w- c:program filesTrend Micro
2010-04-14 16:06 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2010-04-14 10:59 . 2009-04-02 05:54
d
w- c:program filesGoogle
2010-04-07 07:37 . 2009-12-16 09:19
d
w- c:program filesrp5.ru
2010-04-06 09:20 . 2006-11-09 07:21 656392 —-a-w- c:windowssystem32perfh019.dat
2010-04-06 09:20 . 2006-11-09 07:21 126656 —-a-w- c:windowssystem32perfc019.dat
2010-04-06 09:17 . 2009-12-31 21:37
d
w- c:usersToshibaAppDataRoamingIntelli-studio
2010-03-29 06:01 . 2007-03-30 08:24
d
w- c:program filesCommon FilesSymantec Shared
2010-03-24 07:41 . 2010-01-02 09:32
d
w- c:programdataMcAfee Security Scan
2010-03-23 15:38 . 2007-10-28 14:28
d
w- c:usersToshibaAppDataRoamingYandex
2010-03-22 09:10 . 2010-03-22 09:08
d
w- c:usersToshibaAppDataRoamingVirtual City
2010-03-22 09:05 . 2008-06-29 14:32
d
w- c:usersЮлияAppDataRoamingYandex
2010-03-22 09:04 . 2010-03-22 09:04
d
w- c:usersЮлияAppDataRoamingOpera
2010-03-20 19:34 . 2010-03-20 19:34
d
w- c:program filesCommon FilesSkype
2010-03-20 19:34 . 2009-12-04 17:05
d
r- c:program filesSkype
2010-03-18 11:30 . 2010-03-18 11:30
d
w- c:usersToshibaAppDataRoamingShinyTales
2010-03-15 10:19 . 2010-01-02 09:31
d
w- c:programdataNOS
2010-03-15 04:34 . 2008-06-18 16:47 145056 —-a-w- c:usersЮлияAppDataLocalGDIPFONTCACHEV1.DAT
2010-03-14 14:27 . 2010-03-14 14:26
d
w- c:program filesMcAfee Security Scan
2010-03-13 09:42 . 2010-01-02 09:33
d
w- c:program filesCommon FilesAdobe AIR
2010-02-24 23:41 . 2007-09-30 10:45 145056 —-a-w- c:usersToshibaAppDataLocalGDIPFONTCACHEV1.DAT
2010-02-24 06:16 . 2009-10-02 16:22 181632
w- c:windowssystem32MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 05:33 916480 —-a-w- c:windowssystem32wininet.dll
2010-02-23 06:33 . 2010-03-31 05:33 109056 —-a-w- c:windowssystem32iesysprep.dll
2010-02-23 06:33 . 2010-03-31 05:33 71680 —-a-w- c:windowssystem32iesetup.dll
2010-02-23 04:55 . 2010-03-31 05:33 133632 —-a-w- c:windowssystem32ieUnatt.exe
2010-02-21 18:12 . 2007-03-30 07:37
d—h—w- c:program filesInstallShield Installation Information
2010-02-20 23:06 . 2010-03-10 11:41 24064 —-a-w- c:windowssystem32nshhttp.dll
2010-02-20 23:05 . 2010-03-10 11:41 30720 —-a-w- c:windowssystem32httpapi.dll
2010-02-20 20:53 . 2010-03-10 11:41 411648 —-a-w- c:windowssystem32drivershttp.sys
2010-01-25 12:00 . 2010-02-24 11:43 471552 —-a-w- c:windowssystem32secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 11:43 152576 —-a-w- c:windowssystem32secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 11:43 152064 —-a-w- c:windowssystem32secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 11:43 471552 —-a-w- c:windowssystem32secproc.dll
2010-01-25 11:58 . 2010-02-24 11:43 332288 —-a-w- c:windowssystem32msdrm.dll
2010-01-25 08:21 . 2010-02-24 11:43 526336 —-a-w- c:windowssystem32RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 11:43 346624 —-a-w- c:windowssystem32RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 11:43 347136 —-a-w- c:windowssystem32RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 11:43 518144 —-a-w- c:windowssystem32RMActivate.exe
2010-01-23 09:26 . 2010-02-24 11:45 2048 —-a-w- c:windowssystem32tzres.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}»= «c:program filesFamily Toolbartbhelper.dll» [2009-05-07 355840]
«{b901a6dc-b37c-4963-a6e9-aaa0ff88d981}»= «c:program filesAshampoo_RUtbAsha.dll» [2010-03-17 2355224]
[HKEY_CLASSES_ROOTclsid{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOTURLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOTTypeLib{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOTURLSearchHook.MHURLSearchHook]
[HKEY_CLASSES_ROOTclsid{b901a6dc-b37c-4963-a6e9-aaa0ff88d981}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 —-a-w- c:program filesFamily Toolbartbcore3.dll
[HKEY_LOCAL_MACHINE~Browser Helper Objects{b901a6dc-b37c-4963-a6e9-aaa0ff88d981}]
2010-03-17 12:45 2355224 —-a-w- c:program filesAshampoo_RUtbAsha.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}»= «c:program filesFamily Toolbartbcore3.dll» [2009-05-07 2642432]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]
«{b901a6dc-b37c-4963-a6e9-aaa0ff88d981}»= «c:program filesAshampoo_RUtbAsha.dll» [2010-03-17 2355224]
[HKEY_CLASSES_ROOTclsid{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOTMHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOTTypeLib{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOTMHToolbar.MHToolbar]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CLASSES_ROOTclsid{b901a6dc-b37c-4963-a6e9-aaa0ff88d981}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}»= «c:program filesFamily Toolbartbcore3.dll» [2009-05-07 2642432]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]
«{B901A6DC-B37C-4963-A6E9-AAA0FF88D981}»= «c:program filesAshampoo_RUtbAsha.dll» [2010-03-17 2355224]
[HKEY_CLASSES_ROOTclsid{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOTMHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOTTypeLib{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOTMHToolbar.MHToolbar]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CLASSES_ROOTclsid{b901a6dc-b37c-4963-a6e9-aaa0ff88d981}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2009-04-11 1233920]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-19 125952]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-08-08 490952]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-12-19 289584]
«Skype»=»c:program filesSkype\PhoneSkype.exe» [2010-04-06 26102056]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-10-15 39408]
«NevoDRM»=»c:игры от nevosoftNevoDRMNevoDRM.exe» [2008-12-11 41984]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-19 1008184]
«HWSetup»=»c:program filesTOSHIBAUtilitiesHWSetup.exe» [2006-11-01 413696]
«NDSTray.exe»=»NDSTray.exe» [BU]
«Toshiba Registration»=»c:program filesToshibaRegistrationToshibaRegistration.exe» [2007-02-19 571024]
«Camera Assistant Software»=»c:program filesCamera Assistant Software for Toshibatraybar.exe» [2007-03-15 413696]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-11-24 81000]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-01-30 13605408]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-01-30 92704]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-05-20 148888]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2008-12-08 1173384]
«PAC7302_Monitor»=»c:windowsPixArtPAC7302Monitor.exe» [2006-11-03 319488]
«Windows Mobile-based device management»=»c:windowsWindowsMobilewmdcBase.exe» [2007-05-31 648072]
c:programdataMicrosoftWindowsStart MenuProgramsStartup
McAfee Security Scan Plus.lnk — c:program filesMcAfee Security Scan2.0.181SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=»»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=»»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«VistaSp2″=hex(b):08,b2,12,a1,1c,4c,ca,01
R2 gupdate1c9b43ab3863630;Google Update Service (gupdate1c9b43ab3863630);c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-03 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesMcAfee Security Scan2.0.181McCHSvc.exe [2010-01-15 227232]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:windowssystem32DRIVERSPh3xIB32.sys [2007-04-03 1131136]
R3 TpChoice;Touch Pad Detection Filter driver;c:windowssystem32DRIVERSTpChoice.sys [x]
S0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2009-04-03 130936]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowsSystem32driverssfdrv01a.sys [2006-07-05 63352]
S0 sptd;sptd;c:windowsSystem32Driverssptd.sys [2009-03-31 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:windowssystem32DRIVERSaswMonFlt.sys [2009-11-24 53328]
S2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2009-01-07 348752]
— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the ‘Scheduled Tasks’ folder
2010-04-21 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-10-15 05:15]
2010-04-21 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-03 09:00]
2010-04-21 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-03 09:00]
2010-04-19 c:windowsTasksNorton Security Scan for Toshiba.job
— c:program filesNorton Security ScanEngine2.3.0.44Nss.exe [2009-10-15 12:45]
2010-04-21 c:windowsTasksUser_Feed_Synchronization-{503FFDCA-07EF-4C1D-B0CC-7CEF54C9E98A}.job
— c:windowssystem32msfeedssync.exe [2010-03-31 04:54]
2010-04-21 c:windowsTasksUser_Feed_Synchronization-{C6A8E361-3DBE-48E8-A294-EB2D3F43A3DB}.job
— c:windowssystem32msfeedssync.exe [2010-03-31 04:54]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=21978&yasoft=barie
mStart Page = hxxp://mail.ru
uInternet Settings,ProxyOverride =
IE: &D&ownload &with BitComet — c:program filesBitCometBitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet — c:program filesBitCometBitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet — c:program filesBitCometBitComet.exe/AddAllLink.htm
IE: &Translate — http://lingvo.yandex.ru/ie5trans.htm
IE: &Ubersetzen — http://lingvo.yandex.ru/ie5trans1.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3OFFICE11EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: T&raduire — http://lingvo.yandex.ru/ie5trans2.htm
IE: Traduc&ir — http://lingvo.yandex.ru/ie5trans4.htm
IE: Tradurr&e — http://lingvo.yandex.ru/ie5trans3.htm
IE: Yandex &Search — http://lingvo.yandex.ru/ie5search.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} — http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?RU
.
— — — — ORPHANS REMOVED — — — —
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)
HKCU-Run-YandexOnline — c:program filesYandexOnlineonline.exe
HKCU-Run-toscdspd — TOSCDSPD.EXE
HKLM-Run-WinampAgent — c:program filesWinampwinampa.exe
HKU-Default-Run-Yupdate! — c:program filesCommon FilesYandexYupdateyupdate.exe
AddRemove-{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F} — c:programdata{66E2F539-12B6-4870-A500-7689CDE75C5E}DriverScanner_Setup.exe
**************************************************************************
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files:
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
«MSCurrentCountry»=dword:000000b5
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Other Running Processes
.
c:windowssystem32nvvsvc.exe
c:windowssystem32rundll32.exe
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesTOSHIBAConfigFreeCFSvcs.exe
c:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesGoogleUpdate1.2.183.23GoogleCrashHandler.exe
c:program filesSpyware DoctorpctsSvc.exe
c:program filesToshibaBluetooth Toshiba StackTosBtSrv.exe
c:program filesCommon FilesUlead SystemsDVDULCDRSvr.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:windowssystem32conime.exe
c:windowsehomeehsched.exe
c:windowsehomeehRecvr.exe
c:usersToshibaAppDataLocalYandexKraskiykraski.scr
c:usersToshibaAppDataLocalYandexKraskikraski.exe
.
**************************************************************************
.
Completion time: 2010-04-22 00:00:55 — machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 20:00
Pre-Run: 15 033 204 736 байт свободно
Post-Run: 14 996 320 256 байт свободно
— — End Of File — — A98B73E9A45D8AD24321C7F5148CAFFC
