ComboFix 13-06-24.01 - Никита 24.06.2013 16:24:12.1.4 - x64 Microsoft Windows 7 Максимальная 6.1.7601.1.1251.7.1049.18.4013.1526 [GMT 4:00] Running from: d:\¦руёєчъш\ComboFix.exe AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\7Loader.TAG c:\windows\PFRO.log . . ((((((((((((((((((((((((( Files Created from 2013-05-24 to 2013-06-24 ))))))))))))))))))))))))))))))) . . 2013-06-24 12:28 . 2013-06-24 12:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-21 12:56 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E644651E-67AA-4099-9957-384976F75775}\mpengine.dll 2013-06-13 19:08 . 2013-05-17 01:25 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-06-13 14:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-13 14:05 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-13 14:05 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-13 14:05 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-13 14:05 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-13 14:05 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-13 14:05 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-13 14:05 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-13 14:05 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-13 14:05 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-13 14:05 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-13 14:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-13 14:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-05-26 08:13 . 2013-05-26 08:13 -------- d-----w- c:\programdata\Canneverbe Limited 2013-05-26 08:13 . 2013-05-26 08:13 -------- d-----w- c:\users\Никита.PC-NIKITA\AppData\Roaming\Canneverbe Limited 2013-05-26 08:12 . 2013-05-26 08:12 -------- d-----w- c:\program files (x86)\CDBurnerXP 2013-05-26 08:08 . 2013-05-26 08:08 -------- d-----w- c:\users\Никита.PC-NIKITA\AppData\Local\Ahead 2013-05-25 19:55 . 2013-05-25 19:55 -------- d-----w- c:\users\Никита.PC-NIKITA\AppData\Local\Rambler 2013-05-25 19:54 . 2013-05-25 19:54 -------- d-----w- c:\users\Никита.PC-NIKITA\AppData\Roaming\Rambler . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-19 15:34 . 2013-02-28 19:20 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-06-13 19:08 . 2013-03-19 17:30 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-17 12:02 . 2013-05-17 12:02 971680 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-17 12:02 . 2013-05-17 12:02 311200 ----a-w- c:\windows\system32\javaws.exe 2013-05-17 12:02 . 2013-05-17 12:02 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-17 12:02 . 2013-05-17 12:02 188832 ----a-w- c:\windows\system32\javaw.exe 2013-05-17 12:02 . 2013-05-17 12:02 188320 ----a-w- c:\windows\system32\java.exe 2013-05-17 12:02 . 2013-05-17 12:02 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-05-16 12:28 . 2013-03-18 16:01 13312 ----a-w- c:\windows\SysWow64\drivers\vdi2ndi2.sys 2013-05-11 09:29 . 2013-03-19 16:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-11 09:29 . 2013-03-19 16:52 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-01 22:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-22 10:18 . 2013-03-16 14:00 90208 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-04-22 10:18 . 2013-03-16 14:00 620128 ----a-w- c:\windows\system32\drivers\klif.sys 2013-04-22 10:18 . 2012-08-13 12:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-04-12 14:45 . 2013-04-24 07:48 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 13:33 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 13:33 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 13:33 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 10:50 . 2013-05-16 12:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-04 01:35 . 2013-05-09 11:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-03-16 328568] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19605096] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040] "PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632] "Nokia.PCSync"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PcSync2.exe" [2012-06-26 1172568] "GameCenterMailRu"="c:\users\Никита.PC-NIKITA\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" [2013-06-20 3839512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-02-28 356376] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 vdi2ndi2;AVZ-BC Kernel Driver;c:\windows\system32\Drivers\vdi2ndi2.sys;c:\windows\SYSNATIVE\Drivers\vdi2ndi2.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 TunngleService;TunngleService;d:\games\Tunngle\TnglCtrl.exe;d:\games\Tunngle\TnglCtrl.exe [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 IntcDAud;Аудио Intel(R) для дисплеев;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-21 15:50 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16 13:30] . 2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16 13:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-01-22 13267016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-26 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-26 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-26 442352] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = uStart Page = hxxp://www.rambler.ru/?utm_source=r40&utm_medium=distribution&utm_content=e08&utm_campaign=c01 mDefault_Search_URL = mStart Page = hxxp://www.rambler.ru/?utm_source=r40&utm_medium=distribution&utm_content=e08&utm_campaign=c01 mSearch Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch mSearch Bar = uSearchAssistant = about:blank mSearchAssistant = about:blank IE: &Экспорт в Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Добавить в Анти-Баннер - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm TCP: DhcpNameServer = 88.198.15.115 192.168.1.1 FF - ProfilePath - c:\users\Никита.PC-NIKITA\AppData\Roaming\Mozilla\Firefox\Profiles\pa65rgwe.default\ FF - prefs.js: browser.search.selectedEngine - Rambler FF - prefs.js: browser.startup.homepage - hxxp://www.rambler.ru/?utm_source=r40&utm_medium=distribution&utm_content=e08&utm_campaign=c01 FF - prefs.js: keyword.URL - hxxp://nova.rambler.ru/search?utm_source=r40&utm_medium=distribution&utm_content=e09&utm_campaign=c01&query= . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-FIFA 13_is1 - d:\games\FIFA 13\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,63,d1,75, 4b,91,bf,d5,07,84,85,18,b7,fa,fe,ba,55 "{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,3b,1b,65,48,54, 6d,3a,b4,56,08,82,8b,83,cd,c6,37,51,4f "{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,3b,1b,33,10,7c, 80,44,6d,fe,01,bb,10,69,56,77,65,a6,c3 "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,3b,1b,12,eb,2d, fd,73,89,70,0d,96,ff,c5,df,77,e0,dc,e2 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,ce, 06,9b,b8,e9,09,b0,99,be,17,8d,6f,f8,d9 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,05, 68,c6,86,46,0d,a3,e4,90,9a,f0,98,68,59 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d9, c5,73,f4,31,08,a9,7b,d8,65,c0,84,cd,b3 . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:f2,c5,de,34,cd,24,ce,01 . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,45,f8,e5,6e,b1,22,44,85,ba,b9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,45,f8,e5,6e,b1,22,44,85,ba,b9,\ . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice] @Denied: (2) (Administrator) "Progid"="YandexHTML.VUCKCSGU77OERDEV3S756VDKDY" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (Administrator) "Progid"="XnView.jpg" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.PARTIAL" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.SVG" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.WEBSITE" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3371356946-1206604486-3076211460-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-24 16:30:26 ComboFix-quarantined-files.txt 2013-06-24 12:30 . Pre-Run: 29 989 326 848 байт свободно Post-Run: 29 658 435 584 байт свободно . - - End Of File - - 5F184121BA3E2C7D3E91BED405A17143 A36C5E4F47E84449FF07ED3517B43A31