Re: Re: не обновляется антивирус nod32

[1209]

ComboFix 10-07-30.01 — IT-Master 30.07.2010 23:01:39.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.663 [GMT 4:00]
Running from: c:windowsTEMPRar$EX00.188ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:desktop.ini
c:profile’sAll UsersГлавное менюПрограммыVKSaver
c:profile’sAll UsersГлавное менюПрограммыVKSaverReadme.txt.lnk
c:profile’sAll UsersГлавное менюПрограммыVKSaverUninstall.lnk
c:profile’sAll UsersГлавное менюПрограммыVKSaverVKSaver.lnk
c:profile’sAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:profile’sAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:profile’sIT-MasterApplication DataAdSubscribe
c:profile’sIT-MasterApplication DataAdSubscribeAdSubscribe.dat
c:profile’sIT-MasterApplication DataAdSubscribeFeedfeed.xml
c:profile’sIT-MasterApplication DataKaspersky_Key_Finder_(KKF
c:profile’sIT-MasterApplication DataKaspersky_Key_Finder_(KKFKaspersky_Key_Finder_1.4._Url_g25zx4axhrssgp1ohnuore1phlfcyn0r1.4.1.0user.config
c:program filesCommon Fileskeylog.txt
c:program filesFieryAds
c:program filesInternet ExplorerqiPSearchbar.dll
c:program filesVKSaver
c:program filesVKSaverReadme.txt
c:program filesVKSaveruninstall.exe
c:program filesVKSaverVKSaverUI.exe
c:program filesVKSaverVKSaverUpdater.exe
c:windowssystemoeminfo.ini
c:windowssystem32c8WGVh7.exe
c:windowssystem32fygdarM.exe
c:windowssystem32Lvmt7xp.exe
c:windowssystem32NhRYWQN.exe
c:windowssystem32sFymL9N.exe
c:windowssystem32Thumbs.db
c:windowssystem32vksaver.dll
c:windowssystem32vNxSmPB.exe
c:windowssystem32zip32.dll
c:windowsTempWPDNSE

---

BITS: Possible infected sites

---

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-30 18:48 . 2010-07-30 18:48 399360 —-a-w- c:windowssystem32CF2821.exe
2010-07-30 11:36 . 2010-07-30 11:36

---

d

---

w- c:program filesPassware
2010-07-30 06:09 . 2010-07-30 06:09 99840 —-a-w- c:windowssystem32eEe54MU.exe
2010-07-29 10:53 . 2010-07-29 10:53

---

d

---

w- C:_OTM
2010-07-27 12:46 . 2010-07-29 11:11

---

d

---

w- c:program filestrend micro
2010-07-27 12:46 . 2010-07-27 12:47

---

d

---

w- C:rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 11:56 . 2008-04-04 17:23

---

d

---

w- c:profile’sIT-MasterApplication DataICQ
2010-07-04 14:16 . 2010-06-30 14:30

---

d

---

w- c:program filesТаня Гроттер и Магический контрабас
2010-07-03 17:46 . 2009-06-18 15:19

---

d

---

w- c:program filesOpera
2010-06-27 16:11 . 2010-06-27 16:11 102912 —-a-w- c:windowssystem32CWQNH1k.exe
2010-06-27 13:17 . 2010-06-27 13:17 111616 —-a-w- c:windowssystem32QFc4euv.exe
2010-06-27 06:58 . 2010-06-27 06:58 111104 —-a-w- c:windowssystem32vgYrPjB.exe
2010-06-26 08:11 . 2010-06-26 08:11 111104 —-a-w- c:windowssystem324rC6bh8.exe
2010-06-25 10:56 . 2010-06-25 10:56 111104 —-a-w- c:windowssystem32kMCIiX3.exe
2010-06-24 05:02 . 2010-06-24 05:02 118272 —-a-w- c:windowssystem32zFyj42B.exe
2010-06-24 04:29 . 2010-04-14 18:36

---

d

---

w- c:program filesICQ7.1
2010-06-22 08:30 . 2010-06-22 08:30 114688 —-a-w- c:windowssystem32cgpq8bX.exe
2010-06-22 08:14 . 2010-06-22 08:14 114688 —-a-w- c:windowssystem32UAngkzq.exe
2010-06-22 08:13 . 2010-06-22 08:13 89078 —-a-w- c:windowssystem32tkvOOxa.exe
2010-06-22 08:12 . 2010-06-22 08:12 106496 —-a-w- c:windowssystem32L81kNLO.exe
2010-06-21 16:11 . 2010-06-21 16:11 116736 —-a-w- c:windowssystem32VH8I9iB.exe
2010-06-21 06:45 . 2010-06-21 06:45 116736 —-a-w- c:windowssystem32ca1zA83.exe
2010-06-21 06:25 . 2010-06-21 06:25 116736 —-a-w- c:windowssystem32D1dlI5M.exe
2010-06-21 06:25 . 2010-06-21 06:25 116736 —-a-w- c:windowssystem32GyDgDiD.exe
2010-06-21 06:23 . 2010-06-21 06:23 110080 —-a-w- c:windowssystem32jYJZrtt.exe
2010-06-16 11:39 . 2010-06-16 11:39 99328 —-a-w- c:windowssystem32EYUP9ay.exe
2010-06-16 07:32 . 2010-06-16 07:32 99328 —-a-w- c:windowssystem32Y2Q6XpJ.exe
2010-06-10 10:10 . 2001-10-20 09:00 82542 —-a-w- c:windowssystem32perfc019.dat
2010-06-10 10:10 . 2001-10-20 09:00 478098 —-a-w- c:windowssystem32perfh019.dat
2010-06-10 09:38 . 2010-03-14 14:27

---

d

---

w- c:program filesPCGAME
2010-06-10 09:16 . 2010-06-10 09:01

---

d

---

w- c:program filesThe Sims 3
2010-06-09 08:51 . 2008-02-19 15:31 1048576 —ha-w- c:profile’sГостьNTUSER.DAT
2010-06-06 14:11 . 2010-06-06 14:11 106496 —-a-w- c:windowssystem322hUgv3y.exe
2010-06-06 14:10 . 2010-06-06 14:10 47616 —-a-w- c:windowssystem32V0jL36Q.exe
2010-06-05 13:29 . 2010-06-05 13:29

---

d

---

w- c:program filesSLS2
2010-05-03 11:55 . 2009-10-08 10:44 56 —-a-w- c:windowsusing_tbl.dat
2006-11-18 17:17 . 2009-09-15 14:14 1685400 —-a-w- c:program filesdaemon408-x64.exe
2006-11-18 17:17 . 2009-09-15 14:14 1512856 —-a-w- c:program filesdaemon408-x86.exe
.

---

Sigcheck

---

[-] 2008-06-22 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys

[-] 2008-06-22 . 67A98D1398BB2C794A4BEF4B98A05151 . 80728 . . [7.1.6001.65] . . c:windowssystem32wuauclt.exe

[-] 2008-06-22 . 04B7472B0B9C2F6831F7ADC6723B46B3 . 2137600 . . [5.1.2600.5586] . . c:windowssystem32ntoskrnl.exe

[-] 2008-06-22 . D3D95DEDC976F35AB5D96BDACC9ADE5B . 588288 . . [5.1.2600.5512] . . c:windowssystem32user32.dll

[-] 2008-06-22 . 89C73F82F2CBFB490CA7333F600D168B . 1609216 . . [6.00.2900.5512] . . c:windowsexplorer.exe

[-] 2008-06-22 . F5EC0D558ED09EDBCC3E7A6DE33B5273 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll

[-] 2008-06-22 . 26C16B843E1A87205F4945207A843965 . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe

[-] 2008-06-22 . 3E2ED20BD4A3EBA2FF74E0AA8F21A91D . 2016256 . . [5.1.2600.5586] . . c:windowssystem32ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2004-11-13 205824]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-05-06 3777536]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SkyTel»=»SkyTel.EXE» [2006-05-16 2879488]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2003-10-14 155648]
«PaperPort PTD»=»c:program filesScanSoftPaperPortpptd40nt.exe» [2006-03-01 36864]
«IndexSearch»=»c:program filesScanSoftPaperPortIndexSearch.exe» [2006-03-01 40960]
«PPort10reminder»=»c:program filesScanSoftPaperPortEREGEreg.exe» [2005-06-03 729088]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 110592]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-04-23 2165536]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2006-09-26 35328]
«RTHDCPL»=»RTHDCPL.EXE» [2007-01-30 16116224]
«nwiz»=»nwiz.exe» [2009-04-30 1657376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-04-30 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-04-30 13750272]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-03-19 2029640]
«UVS11 Preload»=»c:program filesUlead SystemsUlead VideoStudio 11uvPL.exe» [2007-03-03 341488]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VisualTaskTips»=»c:program filesVisualTaskTipsVisualTaskTips.exe» [2008-02-27 61440]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«tscuninstall»=»c:windowssystem32tscupgrd.exe» [2004-08-17 44544]
«nltide_3″=»advpack.dll» [2009-03-08 128512]
«IE7_012″=»advpack.dll» [2009-03-08 128512]
«IE7_013″=»rebuild.exe» [2007-11-01 114280]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»c:windowssystem32userinit.exe,\?globalrootsystemrootsystem32V0jL36Q.exe,\?globalrootsystemrootsystem322hUgv3y.exe,»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *??????OODBS

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Gainward»=c:program filesVDOToolTBPanel.exe /A
«NvMediaCenter»=RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
«nwiz»=nwiz.exe /install

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\The Sims 3\Game\Bin\TS3.exe»=
«c:\Program Files\Opera\opera.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1739:TCP»= 1739:TCP:qjagois
«7265:TCP»= 7265:TCP

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [19.03.2009 12:44 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [19.03.2009 12:45 93848]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [19.03.2009 12:44 731840]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [14.04.2010 22:38 246520]
S2 byznnusti;Config Microsoft;c:windowssystem32svchost.exe -k netsvcs [14.04.2008 22:41 14336]
S2 ogolrvxr;Driver Universal;c:windowssystem32svchost.exe -k netsvcs [14.04.2008 22:41 14336]
S3 block_reader;MPR DRV;??c:program filesMulti Password Recoveryblock_reader.sys —> c:program filesMulti Password Recoveryblock_reader.sys [?]
S3 BTCOMM;BTCOMM;c:windowssystem32driversBtcomm.sys —> c:windowssystem32driversBtcomm.sys [?]
S3 BTKRNBDG;Bluetooth COM Bridge;c:windowssystem32DRIVERSbtkrnbdg.sys —> c:windowssystem32DRIVERSbtkrnbdg.sys [?]
S3 FLASHSYS;FLASHSYS;??d:utilitymsiDualCoreCenterFLASHSYS.sys —> d:utilitymsiDualCoreCenterFLASHSYS.sys [?]
S3 vad_multi;Windigo Virtual Audio Device (WDM);c:windowssystem32driversvadmulti.sys —> c:windowssystem32driversvadmulti.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [29.11.2007 14:07 721904]

— Other Services/Drivers In Memory —

*Deregistered* — uphcleanhlp

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
ogolrvxr
.
Contents of the ‘Scheduled Tasks’ folder

2010-07-19 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 08:34]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/?clid=47540
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1Microsoft OfficeOFFICE11EXCEL.EXE/3000
IE: Online-словари — c:program filesPRMT8PRMTIEoda.htm
IE: Автоматически определить шаблон тематики — c:program filesPRMT8PRMTIEaot.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Настроить параметры перевода — c:program filesPRMT8PRMTIEoptions.htm
IE: Незнакомые слова — c:program filesPRMT8PRMTIEinfopanel.htm
IE: Открыть словарную статью — c:program filesPRMT8PRMTIEaddentry.htm
IE: Перевести — c:program filesPRMT8PRMTIEtranslat.htm
IE: Перевести страницу — c:program filesPRMT8PRMTIEpage.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: Поиск в Интернете — c:program filesPRMT8PRMTIEsearch.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} — c:program filesICQ7.1ICQ.exe
Handler: rcdp.1C.rep — {79F2E69A-DE4D-461D-958B-FE830EF4246C} — c:progra~11C RepetitorbinRepAPP.dll
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-Tutor.exe — c:program filesABBYY Lingvo 12Tutor.exe
HKLM-Run-VKSaverUpdater — c:program filesVKSaverVKSaverUpdater.exe
AddRemove-CounterStrike — Condition Zero — c:gamesCounterStrikeCondition ZeroUNWISE.EXE
AddRemove-ShockwaveFlash — c:windowssystem32MacromedFlashFlashUtil9c.exe
AddRemove-VKSaver — c:program filesVKSaveruninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 23:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x86FD28E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf755ff28
DriverACPI -> ACPI.sys @ 0xf73f2cb8
Driveratapi -> sfsync02.sys @ 0xf77abd60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf727dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf728ab21
SendHandler -> NDIS.sys @ 0xf726887b
user & kernel MBR OK

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.Default.Default#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Стандартный звук.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultAppGPFault#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultCCSelect#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultClose#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultCriticalBatteryAlarm#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Battery Critical.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultDeviceConnect#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Подключение устройства.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultDeviceDisconnect#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Отключение устройства.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultDeviceFail#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Ошибка подключения устройства.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultLowBatteryAlarm#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Battery Low.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMailBeep#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Уведомление о получении почты.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMaximize#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMenuCommand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Menu Command.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMenuPopup#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMinimize#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Information Bar.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultOpen#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultPrintComplete#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Печать завершена.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultRestoreDown#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Restore.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultRestoreUp#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Restore.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultShowBand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemAsterisk#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Звездочка.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemExclamation#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Восклицание.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemExit#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Завершение работы Windows.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemHand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Критическая ошибка.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemNotification#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Системное уведомление.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemQuestion#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Вопрос.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemStart#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Запуск Windows.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultWindowsLogoff#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Выход из Windows.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultWindowsLogon#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Вход в Windows.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsdevenvVS_BreakpointHit#@00*nC]
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerActivatingDocument#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerBlockedPopup#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Pop-up Blocked.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerEmptyRecycleBin#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Recycle.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerFeedDiscovered#@00*nC]
@=»Windows Feed Discovered.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerMoveMenuItem#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerNavigating#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Start.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerSearchProviderDiscovered#@00*nC]
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerSecurityBand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Information Bar.wav»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsmse7VS_BuildCanceled#@00*nC]
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsmse7VS_BuildFailed#@00*nC]
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsmse7VS_BuildSucceeded#@00*nC]
@=»»

[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesNames#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Ура»
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(908)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll

— — — — — — — > ‘lsass.exe'(972)
c:windowssystem32setupapi.dll
.
Completion time: 2010-07-30 23:10:08
ComboFix-quarantined-files.txt 2010-07-30 19:10

Pre-Run: 27,592,138,752 байт свободно
Post-Run: 27,658,465,280 байт свободно

— — End Of File — — A93F644B1FE2D74840D07A658020BAD2