-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 13:28	1174920	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-05-12 2158592]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-15 2969496]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-15 289072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-10-06 87336]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-16 311680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-24 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE8_01"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2009-04-24 128512]
"IE8_02"="advpack.dll" [2009-04-24 128512]

c:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Total Commander.lnk - c:\program files\Total Commander\Totalcmd.exe [2009-10-5 3520256]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^hidcon.exe]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\hidcon.exe
backup=c:\windows\pss\hidcon.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 04:29	1657376	----a-w-	c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\games\\League of Legends\\Air\\LolClient.exe"=
"f:\\games\\League of Legends\\Game\\League of Legends.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57914:TCP"= 57914:TCP:Pando Media Booster
"57914:UDP"= 57914:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/15 13:39];c:\program files\CyberLink\PowerDVD9\000.fcl [06.10.2009 21:24 87536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.09.2010 12:50 1684736]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.09.2010 9:05 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 13:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=124990
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {2654E10E-CAB9-4BE2-8F68-DC64457AC07A} = 82.209.253.2,193.232.248.2
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\w4iij48v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15187&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-ITBar7Position - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-484061587-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,b2,4d,9c,a4,af,2e,45,9d,2b,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,b2,4d,9c,a4,af,2e,45,9d,2b,69,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\mHotkey.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-09-16  19:17:55 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-16 15:17
ComboFix.txt  2010-09-16 11:00
ComboFix2.txt  2010-09-16 11:12

Pre-Run: 7 269 736 448 байт свободно
Post-Run: 7 261 208 576 байт свободно

- - End Of File - - CC600293F9324FE211311C3831F0152D