Требуется изгнать нечисть

O15 - Trusted Zone: http://www.beonline.ru
O15 - Trusted Zone: http://www.megafoncenter.ru
O15 - Trusted Zone: http://www.megafondv.ru
O15 - Trusted Zone: http://www.megafonkavkaz.ru
O15 - Trusted Zone: http://sms.megafonmoscow.ru
O15 - Trusted Zone: http://www.megafonnw.ru
O15 - Trusted Zone: http://*.megafonsib.ru
O15 - Trusted Zone: http://www.megafonural.ru
O15 - Trusted Zone: http://www.megafonvolga.ru
O15 - Trusted Zone: http://sms.mts.ru
O15 - Trusted Zone: http://*.tele2.ru

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile(' C:\WINDOWS\system32\SVKP.sys','');
DelBHO('{6B5863A0-C43F-4C0A-982B-CC0E9125783F}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Проверил C:\WINDOWS\system32\SVKP.sys на virustotal.

Заражённые ключи в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D125299-C2A9-4DBC-BEC3-6F7124E39A41} (Adware.FieryAds) -> No action taken.
Заражённые параметры в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Value: option_1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Value: option_2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Value: option_3 -> No action taken.
Заражённые папки:
c:\program files\common files\wm\keys (Trojan.KeyLog) -> No action taken.

Удалите в Malwarebytes':

ComboFix 11-02-14.02 - 555 15.02.2011 17:56:34.3.1 - x86
Running from: c:\documents and settings\555\Рабочий стол\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\555\0016~1\09DE~1\E2F2~1\9389~1\HTML-d~1.exe
c:\docume~1\555\0016~1\09DE~1\E2F2~1\REPAir~1.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Toolbar4
c:\program files\Common Files\WM
c:\windows\daemon.dll
c:\windows\system\wodSSH.dll
c:\windows\system\wodSSH.ocx
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004696_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004699_.tmp.dll
c:\windows\system32\_004700_.tmp.dll
c:\windows\system32\_004701_.tmp.dll
c:\windows\system32\_004702_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004704_.tmp.dll
c:\windows\system32\_004705_.tmp.dll
c:\windows\system32\_004706_.tmp.dll
c:\windows\system32\_004707_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004709_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004715_.tmp.dll
c:\windows\system32\_004716_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004723_.tmp.dll
c:\windows\system32\_004724_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004730_.tmp.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004732_.tmp.dll
c:\windows\system32\_004733_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004735_.tmp.dll
c:\windows\system32\_004736_.tmp.dll
c:\windows\system32\_004737_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004739_.tmp.dll
c:\windows\system32\_004740_.tmp.dll
c:\windows\system32\_004741_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004743_.tmp.dll
c:\windows\system32\_004744_.tmp.dll
c:\windows\system32\_004745_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004747_.tmp.dll
c:\windows\system32\_004748_.tmp.dll
c:\windows\system32\_004749_.tmp.dll
c:\windows\system32\_004750_.tmp.dll
c:\windows\system32\_004751_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004754_.tmp.dll
c:\windows\system32\_004755_.tmp.dll
c:\windows\system32\_004756_.tmp.dll
c:\windows\system32\_004757_.tmp.dll
c:\windows\system32\_004758_.tmp.dll
c:\windows\system32\_004759_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004762_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004766_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004768_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004772_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004774_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\_004776_.tmp.dll
c:\windows\system32\_004777_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004780_.tmp.dll
c:\windows\system32\_004781_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004783_.tmp.dll
c:\windows\system32\_004784_.tmp.dll
c:\windows\system32\_004785_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004790_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004804_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004807_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004816_.tmp.dll
c:\windows\system32\_004817_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\_004826_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004831_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004834_.tmp.dll
c:\windows\system32\_004836_.tmp.dll
c:\windows\system32\_004837_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004841_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004846_.tmp.dll
c:\windows\system32\_004848_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004851_.tmp.dll
c:\windows\system32\_004855_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004858_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004863_.tmp.dll
c:\windows\system32\_004864_.tmp.dll
c:\windows\system32\_004865_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004872_.tmp.dll
c:\windows\system32\_004873_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004880_.tmp.dll
c:\windows\system32\01.exe
c:\windows\system32\03.exe
c:\windows\system32\04.exe
c:\windows\system32\06.exe
c:\windows\system32\07.exe
c:\windows\system32\08.exe
c:\windows\system32\13.exe
c:\windows\system32\30.exe
c:\windows\system32\33.exe
c:\windows\system32\34.exe
c:\windows\system32\38.exe
c:\windows\system32\40.exe
c:\windows\system32\45.exe
c:\windows\system32\48.exe
c:\windows\system32\51.exe
c:\windows\system32\53.exe
c:\windows\system32\55.exe
c:\windows\system32\56.exe
c:\windows\system32\57.exe
c:\windows\system32\65.exe
c:\windows\system32\70.exe
c:\windows\system32\71.exe
c:\windows\system32\73.exe
c:\windows\system32\74.exe
c:\windows\system32\77.exe
c:\windows\system32\78.exe
c:\windows\system32\86.exe
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\rrt_is.wav
c:\windows\system32\rrt_tn.wav
c:\windows\system32\rrt_tv.wav
c:\windows\system32\rrt_vf.wav

----- BITS: Possible infected sites -----

hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.

2011-02-14 12:42 . 2011-02-14 12:48 -------- d-----w- c:\program files\SpywareBlaster
2011-02-13 18:44 . 2011-02-13 18:44 -------- d-----w- c:\documents and settings\555\Application Data\Malwarebytes
2011-02-13 18:44 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-13 18:44 . 2011-02-13 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-13 18:44 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-13 18:44 . 2011-02-13 18:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 19:27 . 2011-02-12 15:06 -------- d-----w- C:\rsit
2011-02-11 00:33 . 2008-06-30 07:18 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-02-11 00:33 . 2008-06-30 07:18 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-02-11 00:33 . 2008-06-30 07:18 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-02-11 00:33 . 2011-02-15 12:51 -------- d-----w- c:\program files\Globe Visibility Connection Manager
2011-02-10 19:51 . 2011-02-10 19:51 -------- d-----w- c:\documents and settings\555\Application Data\OpenOffice.org
2011-02-10 19:37 . 2011-02-10 19:38 -------- d-----w- c:\program files\OpenOffice.org 3
2011-02-10 19:37 . 2011-02-10 19:37 -------- d-----w- c:\program files\Common Files\Java
2011-02-10 19:37 . 2010-11-12 15:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-10 19:37 . 2010-11-12 15:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-10 19:37 . 2010-11-12 13:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-10 19:36 . 2011-02-11 00:29 -------- d-----w- c:\program files\Java
2011-02-08 01:17 . 2011-02-08 01:18 -------- d-----w- c:\documents and settings\555\Application Data\XnView
2011-02-08 01:16 . 2011-02-08 01:16 -------- d-----w- c:\program files\XnView
2011-02-07 12:37 . 2011-02-07 12:37 -------- d-----w- c:\program files\AnvSoft
2011-02-07 10:38 . 2011-02-07 10:38 -------- d-----w- c:\program files\PokerStrategy.com
2011-02-07 10:16 . 2011-02-07 10:16 -------- d-----w- c:\documents and settings\555\Application Data\TagScanner
2011-02-05 20:22 . 2011-02-05 20:22 -------- d-----w- c:\documents and settings\555\Local Settings\Application Data\ICMTrainer
2011-02-05 16:53 . 2011-02-09 19:29 -------- d-----w- c:\program files\GRETECH
2011-02-05 16:50 . 2011-02-05 16:50 -------- d-----w- c:\program files\xp-AntiSpy
2011-02-05 14:18 . 2011-02-05 15:14 -------- d-----w- c:\documents and settings\555\Application Data\vlc
2011-02-05 14:16 . 2011-02-05 14:16 -------- d-----w- c:\program files\VideoLAN
2011-02-02 17:33 . 2011-02-02 17:38 -------- d-----w- c:\program files\MP3Gain
2011-02-02 14:09 . 2009-10-20 15:47 113280 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-02-02 14:09 . 2009-10-12 12:21 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-02-02 14:09 . 2009-09-10 11:55 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-02-02 14:09 . 2007-08-09 01:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-01-30 20:45 . 2011-01-30 20:46 -------- d-----w- c:\program files\NetWorx
2011-01-30 20:45 . 2011-01-30 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect
2011-01-27 18:51 . 2011-01-27 18:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-21 19:48 . 2011-01-21 19:48 -------- d-----w- c:\program files\SIW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-30 20:46 . 2010-09-28 17:12 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2011-01-30 20:27 . 2010-09-10 19:41 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-30 20:27 . 2010-09-10 19:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-30 20:26 . 2010-09-10 19:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-30 20:26 . 2010-09-10 19:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-30 20:26 . 2010-09-10 19:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-13 08:47 . 2010-09-28 13:27 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-09-28 13:27 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-09-28 13:28 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-09-28 13:28 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-09-28 13:28 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-09-28 13:28 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-09-28 13:28 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-09-28 13:28 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-09-28 13:28 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}"= "c:\program files\WebMoney Advisor\tbcore3.dll" [2010-02-24 2559608]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 10336584]

[HKEY_CLASSES_ROOT\clsid\{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOT\TBSB03374.TBSB03374.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03374.TBSB03374]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 10336584]
"{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}"= "c:\program files\WebMoney Advisor\tbcore3.dll" [2010-02-24 2559608]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CLASSES_ROOT\clsid\{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOT\TBSB03374.TBSB03374.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03374.TBSB03374]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Download Master"="c:\program files\Download Master\dmaster.exe" [2010-12-15 3902272]
"QIP Internet Guardian"="c:\documents and settings\555\Application Data\QipGuard\QipGuard.exe" [2011-01-13 191360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-30 2548552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2011-01-27 21:16 3049472 ----a-w- c:\program files\NetWorx\networx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-09-18 00:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Games\\PES2009\\pes2009.exe"=
"d:\\игры\\CSS\\CSS\\hl2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\WebMoney\\WebMoney.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Half-Life 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyO penPorts\List]
"6240:TCP"= 6240:TCP

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [04.03.2008 16:25 5248]
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [12.08.2010 23:30 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [12.08.2010 23:30 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.09.2010 16:28 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.09.2010 22:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.09.2010 22:40 27576]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [28.09.2010 20:12 38976]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.09.2010 16:28 17744]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [20.02.2009 17:29 2368]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [06.04.2010 21:12 98400]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [02.02.2011 17:09 113280]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S2 gupdate;Служба Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.02.2010 18:16 135664]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [23.12.2010 19:03 406016]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [02.02.2011 17:09 100736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [01.11.2010 3:41 10251904]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.04.2007 14:54 52080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys --> c:\windows\system32\DRIVERS\ZTEusbvoice.sys [?]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [04.03.2008 16:25 159616]
.
Contents of the 'Scheduled Tasks' folder

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 15:16]

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 15:16]

2011-01-30 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-18 15:08]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uStart Page = hxxp://qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Закачать ВСЕ при помощи Download Master - c:\program files\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - c:\program files\Download Master\dmie.htm
IE: Передать на удаленную закачку DM - c:\program files\Download Master\remdown.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - c:\program files\WebMoney Advisor\tbcore3.dll
Trusted Zone: beonline.ru\www
Trusted Zone: megafoncenter.ru\www
Trusted Zone: megafondv.ru\www
Trusted Zone: megafonkavkaz.ru\www
Trusted Zone: megafonmoscow.ru\sms
Trusted Zone: megafonnw.ru\www
Trusted Zone: megafonsib.ru
Trusted Zone: megafonural.ru\www
Trusted Zone: megafonvolga.ru\www
Trusted Zone: mts.ru\sms
Trusted Zone: tele2.ru
FF - ProfilePath - c:\documents and settings\555\Application Data\Mozilla\Firefox\Profiles\vb1osdmq.default\
FF - prefs.js: browser.search.selectedEngine - Википедия (ru)
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF - Ext: ImgLikeOpera: imglikeopera@imfo.ru - %profile%\extensions\imglikeopera@imfo.ru
FF - Ext: BlackFox V1: zigboom@hotmail.com - %profile%\extensions\zigboom@hotmail.com
FF - Ext: Download Master Plugin: dmpluginff@westbyte.com - %profile%\extensions\dmpluginff@westbyte.com
FF - Ext: Download Master Remote Download: dmremote@westbyte.com - %profile%\extensions\dmremote@westbyte.com
FF - Ext: Go Green: fzamaan@gmail.com - %profile%\extensions\fzamaan@gmail.com
FF - Ext: Ecology: ecolo@loic.com - %profile%\extensions\ecolo@loic.com
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 18:12
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\MPR.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-02-15 18:20:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 15:20

Pre-Run: 8*961*429*504 байт свободно
Post-Run: 8*861*794*304 байт свободно

- - End Of File - - 0A9A81C56061A1B2265E8C33972C391B

Можно ли как-то обойтись без установки обновлений?

Обновления устанавливать можно выборочно