ComboFix 11-11-10.01 - Александр 10.11.2011  14:15:34.4.2 - x86
Microsoft Windows 7 Максимальная   6.1.7601.1.1251.7.1049.18.2046.1390 [GMT 4:00]
Running from: c:\users\Александр.Александр-ПК\Desktop\ComboFix.exe
AV: Doctor Web Anti-Virus *Enabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}
SP: Doctor Web Anti-Virus *Enabled/Updated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mail.Ru\Agent\Mra\dll\MousePhone.dll
c:\windows\system32\out.txt
c:\windows\XSxS
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\userinit.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-10 to 2011-11-10  )))))))))))))))))))))))))))))))
.
.
2011-11-10 10:22 . 2011-11-10 10:24	--------	d-----w-	c:\users\Александр.Александр-ПК\AppData\Local\temp
2011-11-10 10:22 . 2011-11-10 10:22	--------	d-----w-	c:\users\Александр\AppData\Local\temp
2011-11-10 10:22 . 2011-11-10 10:22	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-11-10 10:22 . 2011-11-10 10:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-10 10:22 . 2011-11-10 10:22	--------	d-----w-	c:\users\849B~1~-\AppData\Local\temp
2011-11-10 10:15 . 2011-11-10 10:15	--------	d-sh--w-	C:\DrWeb Quarantine
2011-11-10 07:23 . 2011-11-10 07:23	--------	d-----w-	C:\rsit
2011-11-10 00:41 . 2011-09-29 16:03	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-10 00:41 . 2011-10-01 04:37	708608	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-10 00:41 . 2011-09-29 03:37	2341888	----a-w-	c:\windows\system32\win32k.sys
2011-11-09 20:40 . 2011-11-09 20:40	11264	----a-w-	c:\windows\system32\drivers\uzg5odyw.sys
2011-11-05 16:01 . 2011-11-05 16:01	--------	d-----w-	c:\users\Александр.Александр-ПК\Doctor Web
2011-11-05 16:00 . 2011-11-05 16:00	149272	----a-w-	c:\windows\system32\drivers\dwprot.sys
2011-11-05 16:00 . 2011-11-08 14:39	111896	----a-w-	c:\windows\system32\drivers\spiderg3.sys
2011-11-05 15:59 . 2011-11-05 15:59	--------	d-----w-	c:\program files\Common Files\Doctor Web
2011-11-04 20:40 . 2011-11-04 20:40	--------	d-----w-	c:\users\7CDE~1.-
2011-11-04 20:05 . 2011-10-15 08:53	61248	----a-w-	c:\windows\system32\OpenCL.dll
2011-11-04 20:05 . 2011-10-15 08:53	5578560	----a-w-	c:\windows\system32\nvcuda.dll
2011-11-04 20:05 . 2011-10-15 08:53	2401088	----a-w-	c:\windows\system32\nvcuvid.dll
2011-11-04 20:05 . 2011-10-15 08:53	2099520	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-11-04 20:05 . 2011-10-15 08:53	18871616	----a-w-	c:\windows\system32\nvoglv32.dll
2011-11-04 20:05 . 2011-10-15 08:53	17248576	----a-w-	c:\windows\system32\nvcompiler.dll
2011-11-04 20:05 . 2011-10-15 08:53	10327360	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-11-04 20:04 . 2011-11-04 20:04	--------	d-----w-	C:\NVIDIA
2011-11-04 19:48 . 2011-11-04 19:48	--------	d--h--w-	c:\program files\Common Files\EAInstaller
2011-11-04 19:23 . 2011-11-04 19:23	--------	d-----w-	c:\users\Александр.Александр-ПК\AppData\Local\uTorrent
2011-11-04 18:35 . 2011-07-11 23:55	319264	----a-w-	c:\windows\system32\drivers\yk62x86.sys
2011-11-04 16:57 . 2011-11-04 20:12	--------	d-----w-	c:\users\Александр.Александр-ПК\AppData\Roaming\Origin
2011-11-04 16:57 . 2011-11-04 16:57	--------	d-----w-	c:\users\Александр.Александр-ПК\AppData\Local\Origin
2011-11-04 16:57 . 2011-11-04 19:58	--------	d-----w-	c:\programdata\Origin
2011-11-04 16:57 . 2011-11-04 19:54	--------	d-----w-	c:\programdata\Electronic Arts
2011-11-04 16:57 . 2011-11-04 16:57	--------	d-----w-	c:\program files\Origin Games
2011-11-04 16:56 . 2011-11-04 20:12	--------	d-----w-	c:\program files\Origin
2011-10-16 14:55 . 2011-10-16 14:55	18139008	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-14 20:54 . 2011-10-14 20:54	321856	----a-w-	c:\windows\system32\nvStreaming.exe
2011-10-13 10:50 . 2011-08-27 04:26	571904	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-13 10:50 . 2011-08-27 04:26	233472	----a-w-	c:\windows\system32\oleacc.dll
2011-10-13 10:50 . 2011-08-17 04:24	465408	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-13 10:50 . 2011-08-17 04:19	75776	----a-w-	c:\windows\system32\psisrndr.ax
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 20:38 . 2010-06-24 07:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-17 22:28 . 2011-11-05 11:51	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{48F9E1D1-9676-464B-BB50-0A6156CA72F9}\mpengine.dll
2011-10-15 08:53 . 2011-08-15 12:07	919872	----a-w-	c:\windows\system32\nvdispco32.dll
2011-10-15 08:53 . 2011-08-15 12:07	877376	----a-w-	c:\windows\system32\nvgenco32.dll
2011-10-15 08:53 . 2011-04-19 18:11	7041856	----a-w-	c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-04-07 18:43	602432	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-10-15 08:53 . 2011-04-07 18:43	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-04-07 18:43	203072	----a-w-	c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-04-07 18:43	1136448	----a-w-	c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-04-07 18:43	6350144	----a-w-	c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-04-07 18:43	3840320	----a-w-	c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-10-21 12:24	13205312	----a-w-	c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2010-10-21 12:24	2458432	----a-w-	c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2010-10-07 22:03	123712	----a-w-	c:\windows\system32\nvshext.dll
2011-10-12 11:15 . 2011-05-21 11:03	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 01:06 . 2010-11-06 20:50	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-08-31 15:12 . 2010-12-10 15:03	1698408	----a-w-	c:\windows\RtlExUpd.dll
2011-08-30 13:28 . 2011-09-04 10:08	3659240	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2011-08-30 12:41 . 2011-09-04 10:08	1501696	----a-w-	c:\windows\system32\RCoRes.dat
2011-08-30 09:37 . 2011-09-04 10:08	2269288	----a-w-	c:\windows\system32\RtkPgExt.dll
2011-08-24 09:30 . 2011-09-04 10:08	4229736	----a-w-	c:\windows\system32\RtkAPO.dll
2011-08-23 13:00 . 2011-09-04 10:08	357712	----a-w-	c:\windows\system32\KAAPORT.dll
2011-08-23 08:06 . 2011-09-04 10:08	80488	----a-w-	c:\windows\system32\RtkCoInst.dll
2011-08-19 10:54 . 2011-09-04 10:08	1313384	----a-w-	c:\windows\system32\RtkApoApi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2011-06-08 15:04	282656	----a-w-	c:\program files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlSrvN"="c:\program files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe" [2010-02-06 53760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-09-08 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MAgent"="c:\program files\Mail.Ru\Agent\magent.exe" [2011-11-01 13863616]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-26 10828392]
"SpIDerAgent"="c:\program files\DrWeb\spideragent.exe" [2011-11-05 6003000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 08:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent]
2011-11-01 08:02	13863616	----a-w-	c:\program files\Mail.Ru\Agent\magent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 09:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"Device Detector"=DevDetect.exe -autorun
"AlSrvN"=c:\program files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE"
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI\EADMUI.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MAgent"=c:\program files\Mail.Ru\Agent\magent.exe -LM
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"Dr.Web Firewall"="c:\program files\DrWeb\frwl_notify.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe
"RemoteControl10"="c:\program files\Cyberlink\PowerDVD10\\PDVD10Serv.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" -autorun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-11-05 149272]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-11-08 111896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 436792]
S1 uzg5odyw;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uzg5odyw.sys [2011-11-09 11264]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-11-02 566560]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DrWebAVService;Dr.Web Control Service;c:\program files\DrWeb\dwservice.exe [2011-11-05 1575224]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2011-11-05 1844056]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-29 8192]
S2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [2008-12-18 97792]
S2 NVKEYNT;NVKEYNT;c:\windows\system32\DRIVERS\NVKEYNT.SYS [2007-07-23 71616]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 stremu;stremu; [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2011-07-11 319264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\Dr.Web Daily scan.job
- c:\program files\DrWeb\dwscanner.exe [2011-11-05 16:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Отправить в OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 89.250.1.2 89.250.0.2
TCP: Interfaces\{18BAD9DC-CD91-42E1-919B-2E5E0D90A070}: NameServer = 89.250.0.2 89.250.1.2
FF - ProfilePath - c:\users\Александр.Александр-ПК\AppData\Roaming\Mozilla\Firefox\Profiles\v2askslr.default\
FF - prefs.js: browser.search.selectedEngine - Р’РёРєРёРїРµРґРёСЏ (ru)
FF - prefs.js: browser.startup.homepage - yandex.ru
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="18370F9515EE668049AFD53E0A08C97EC1A1D5100F26942C09DE522B9D4FD193FDCF12A496E9C033F7F76594B35EDBE48A4030DF87196F9D471F086494CCC1761F81E7EA6C0BC40F4811676860AF6534BCC18F184C98D5DD41B336DD5D2B027FFE626AF7FE32789EB626F708C67FFB436D0574E3F96B9134C2D1D83D9E99AD01C59D3812A00FE6616177F5767EA33BE0D47F1C2392ADECD93F443260E296E1433DF2B2B302AA1D4D8CDA046A03C644CECE3C8B69FB4FBAFDCCE8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3DA2D97226D213B555EB111C458EC6F1812E35EB39AE704EE219E48DB16736C67AD895C6657EF801E1EBCA8322C70BAC2F35EADC45B8E6C8121FE0A8838F3E8042C1149D0388D49945272782C0A4AF67F8969574CB848C5CF57610B84E47B4214538B41EE386953E58D893EDC25D2D57DEEB7F7134F8C77967BB3A055EC60D6E4C7CDFB75AA45A2FF981327D9FABF055F615A9F3B90473AFCED15BB7534C2DD4B88EAD3D0C1037CF9E645ACDA250DC5E6A384703ED155C362A5AA5DDA319F1617BB4EB66727C3529CD8717DE6A8EC493F63DBE07B2A245E58D427CEB1773A8471EF99C4FDBA04EE6A6B62616E72FF2396D4E2DCC4023633D1FB478374A2494DD39AB7477E83675D856807A3C657CA2B7B3DDE0072395625E172466F9AEF96C207FDCDD4091FC8BF12239B9FBF947061DC11EDEC9BA78DE8E45C3C5530946DC2E3163F4F31D36EACC63773F6717E1431BA5885D8FB9D1EB380C8ECD45F0DD8348A7D80D3BAAA95EA185169AF07E25710480D9C7352A2A8EE8E140E3B5549BF357CC9C2A272BA1265209338BF247EC9DD388903EFBE58D41534FDA26EFF35C35E4214F072AE5ECF6E301350BA9DA17C9250670940A9D8D714CF323E4A1E402C1A1B6D7901DF25DF77B183F42337989E9B8D58351E7D3BD82CE8324A45E0F71095F3660E7BA414B456688BF1117B6A9E8F4EA95B18362B74977C1A71E1B2F95EE15D857E3A192907095236488BB766423624836A2AE7317108909C0BD3257DBC75CEFEE0DD57C0B7B1CCB20EF6E762AE7AD89B9C99D877D1669C94523646A356276DD9CA0BE689EDEB07C2A42DE446DFD2759B8FE6B728F8AA284CC25D0A2187AC4191B10A714B00831BFFE2C2242251E44FB8E4B93DB7517E151B5C9808C7D454F2FE702BF912DD59C365C1230A7CE751E44DAF0F8BF5B52F9D79FCEDB0863E8BF3D464F1BC6829B9694C40B65FEE9A3719C836160ECF3CC605771A433CACA01E6F7BA86B06DA223672302DF82A778401F8230467208F087AD23D3EF385EBA9AB4A591665B938326F9BD1C8FACD404D1AB87CB793E890EF822A1B388011E3BBA"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3684)
c:\program files\K-Lite Codec Pack\Filters\Haali\splitter.ax
c:\program files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
c:\program files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
c:\program files\K-Lite Codec Pack\Filters\Haali\mkx.dll
c:\progra~1\COMMON~1\Elecard\empgdmx.ax
c:\program files\SopCast\codec\mpeg2dmx.ax
c:\program files\SopCast\codec\TTL2Dec.dll
c:\program files\SopCast\codec\h264dec.ax
c:\program files\Cyberlink\PowerDVD10\VideoFilter\DXdec.ax
c:\progra~1\COMMON~1\Elecard\em2vd.ax
c:\progra~1\COMMON~1\Elecard\LC.dll
c:\program files\Cyberlink\PowerDVD10\VideoFilter\CLVsd.ax
c:\program files\Cyberlink\PowerDVD10\AudioFilter\CLRMAud.ax
c:\program files\K-Lite Codec Pack\Filters\mmamr.ax
c:\program files\Cyberlink\PowerDVD10\NavFilter\CLRMSplitter.ax
c:\program files\K-Lite Codec Pack\Filters\WavPackDSDecoder.ax
c:\program files\K-Lite Codec Pack\Filters\madFlac.ax
c:\program files\K-Lite Codec Pack\Filters\libFlac.dll
c:\program files\Cyberlink\PowerDVD10\VideoFilter\CLRMVD.ax
c:\program files\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax
c:\program files\Cyberlink\PowerDVD10\NavFilter\clm4splt.ax
c:\program files\Cyberlink\PowerDVD10\UPnP\CLWMFDemux.ax
c:\program files\K-Lite Codec Pack\Filters\LAV\avformat-lav-53.dll
c:\program files\Common Files\COWON\JetMPG.ax
c:\program files\Cyberlink\PowerDVD10\NavFilter\CLFLVSplitter.ax
c:\program files\Common Files\COWON\JetMP4.ax
c:\program files\Common Files\COWON\JetFLV.ax
c:\program files\Common Files\Nokia\Codecs\EmzAMRNBDec.dll
c:\program files\Common Files\Nokia\Codecs\EzdAMRWBDec.dll
c:\program files\Common Files\COWON\JetMPAd.ax
c:\program files\Common Files\Nokia\Codecs\NokiaDecMP4ASP_H263.dll
c:\program files\Common Files\Nokia\Codecs\NokiaH264HPMPDecTFilter.dll
c:\program files\Common Files\Nokia\Codecs\EmzAACDecFilter.dll
c:\program files\Common Files\COWON\JetOGM.ax
c:\program files\Common Files\Nokia\Codecs\EmzDecMP4_H263.dll
c:\program files\Common Files\Nokia\Codecs\image_proc.dll
c:\program files\Common Files\COWON\JetAVI.ax
c:\program files\Common Files\COWON\JetMKV.ax
c:\program files\Common Files\COWON\JetMPVd.ax
c:\program files\Common Files\COWON\JetMPGd.ax
c:\program files\Cyberlink\PowerDVD10\AudioFilter\CLAudWizard.ax
c:\program files\Cyberlink\PowerDVD10\AudioFilter\Claud.ax
c:\windows\system32\SRSTSXT.dll
c:\windows\system32\wlanutil.dll
c:\windows\System32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\DrWeb\drwupsrv.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2011-11-10  14:29:46 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-10 10:29
.
Pre-Run: 7 739 637 760 байт свободно
Post-Run: 8 003 428 352 байт свободно
.
- - End Of File - - CF61DC316D34F524E1B66FA1EFEEF6F2