SPYWARE-RU.COM

Созданные ответы форума

Просмотр 15 сообщений - с 1 по 15 (из 18 всего)

1 2 →

Автор

Сообщения
2 декабря, 2008 в 7:42 пп в ответ на: Просканировал с помощью Hijack This #19697
aquapa9
Participant
- Темы:1
- Сообщений:19
Проблем стало намного меньше! Единственное окно всего лишь выплывает, в нижней части монитора, но оно, кстати , самое первое , с

которого и начались эти проблемы с всплывающими окнами рекламы. По поводу Daemon Tools-впервые слышу.
1 декабря, 2008 в 7:20 пп в ответ на: Просканировал с помощью Hijack This #19695
aquapa9
Participant
- Темы:1
- Сообщений:19
Malwarebytes’ Anti-Malware 1.30
Версия базы данных: 1306
Windows 5.1.2600 Service Pack 3

2008-12-01 19:50:42
mbam-log-2008-12-01 (19-50-42).txt

Тип проверки: Полная (C:|D:|)
Проверено объектов: 71944
Прошло времени: 12 minute(s), 59 second(s)

Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 6
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 0

Заражено процессов в памяти:
(Вредоносные программы не обнаружены)

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
HKEY_CLASSES_ROOTCLSID{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppID{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxvideoplugin.jetvideoplugin (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxvideoplugin.jetmimefiltr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Заражено значений реестра:
(Вредоносные программы не обнаружены)

Заражено параметров реестра:
(Вредоносные программы не обнаружены)

Заражено папок:
(Вредоносные программы не обнаружены)

Заражено файлов:
(Вредоносные программы не обнаружены)

SDFix: Version 1.240
Run by Admin on 2008-12-01 at 21:04

Microsoft Windows XP [‚ҐабЁп 5.1.2600]
Running From: C:SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 21:09:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden services & system hive …

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions]
«34484=484?4>4@4B4 ??4;0404=484@4>0424I484:0404 ??0404:0454B4>0424″=str(7):»1002003»
«34484=484?4>4@4B4 ?W?A?N? ?(?L?2?T?P?)?»=str(7):»1»
«34484=484?4>4@4B4 ?W?A?N? ?(?P?P?T?P?)?»=str(7):»1»
«34484=484?4>4@4B4 ?W?A?N? ?(?P?P?P?o?E?)?»=str(7):»1»
«374@4O4<4>494 ??0404@0404;4;0454;4L4=4K494 ??4>4@4B4″=str(7):»1»
«34484=484?4>4@4B4 ?W?A?N? ?(?I?P?)?»=str(7):»1»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg]
«s1″=dword:2df9c43f
«s2″=dword:110480d0
[HKEY_LOCAL_MACHINESYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions]
«34484=484?4>4@4B4 ??4;0404=484@4>0424I484:0404 ??0404:0454B4>0424″=str(7):»1002003»
«34484=484?4>4@4B4 ?W?A?N? ?(?L?2?T?P?)?»=str(7):»1»
«34484=484?4>4@4B4 ?W?A?N? ?(?P?P?T?P?)?»=str(7):»1»
«34484=484?4>4@4B4 ?W?A?N? ?(?P?P?P?o?E?)?»=str(7):»1»
«374@4O4<4>494 ??0404@0404;4;0454;4L4=4K494 ??4>4@4B4″=str(7):»1»
«34484=484?4>4@4B4 ?W?A?N? ?(?I?P?)?»=str(7):»1»

scanning hidden registry entries …

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControl PanelCursorsSchemes]
«!4B0404=0440404@4B4=0404O4 ?W?i?n?d?o?w?s?»=»»,,,,,,,,,,,,,»»
«374>044042480464=0404O4 ?W?i?n?d?o?w?s?»=»»C:WINDOWSCursorsrainbow.ani,,C:WINDOWSCursorsappstart.ani,C:WINDOWSCursorshourglas.ani,C:WINDOWSCursorscross.cur,,,,C:WINDOWSCursorssizens.ani,C:WINDOWSCursorssizewe.ani,C:WINDOWSCursorssizenwse.ani,C:WINDOWSCursorssizenesw.ani,,»»
«360414J0454<4=0404O4 ?10454;0404O4"=""C:WINDOWSCursors3dwarro.cur,,C:WINDOWSCursorsappstar3.ani,C:WINDOWSCursorshourgla3.ani,C:WINDOWSCursorscross.cur,,,C:WINDOWSCursors3dwno.cur,C:WINDOWSCursors3dwns.cur,C:WINDOWSCursors3dwwe.cur,C:WINDOWSCursors3dwnwse.cur,C:WINDOWSCursors3dwnesw.cur,C:WINDOWSCursors3dwmove.cur,""
» 4C4:484 ?1?»=»»C:WINDOWSCursorsharrow.cur,,C:WINDOWSCursorshandapst.ani,C:WINDOWSCursorshand.ani,C:WINDOWSCursorshcross.cur,C:WINDOWSCursorshibeam.cur,,C:WINDOWSCursorshnodrop.cur,C:WINDOWSCursorshns.cur,C:WINDOWSCursorshwe.cur,C:WINDOWSCursorshnwse.cur,C:WINDOWSCursorshnesw.cur,C:WINDOWSCursorshmove.cur,»»
» 4C4:484 ?2?»=»»C:WINDOWSCursorsharrow.cur,,C:WINDOWSCursorshandapst.ani,C:WINDOWSCursorshandwait.ani,C:WINDOWSCursorshcross.cur,C:WINDOWSCursorshibeam.cur,,C:WINDOWSCursorshandno.ani,C:WINDOWSCursorshandns.ani,C:WINDOWSCursorshandwe.ani,C:WINDOWSCursorshandnwse.ani,C:WINDOWSCursorshandnesw.ani,C:WINDOWSCursorshmove.cur,»»
«24484=4>0470400424@4″=»»C:WINDOWSCursors3dgarro.cur,,C:WINDOWSCursorsdinosaur.ani,C:WINDOWSCursorsdinosau2.ani,C:WINDOWSCursorscross.cur,,,C:WINDOWSCursorsbanana.ani,C:WINDOWSCursors3dsns.cur,C:WINDOWSCursors3dgwe.cur,C:WINDOWSCursors3dsnwse.cur,C:WINDOWSCursors3dgnesw.cur,C:WINDOWSCursors3dsmove.cur,»»
«224 ?A4B0404@4>4<4 ?A4B484;0454"=""C:WINDOWSCursorsharrow.cur,,C:WINDOWSCursorshorse.ani,C:WINDOWSCursorsbarber.ani,C:WINDOWSCursorshcross.cur,C:WINDOWSCursorshibeam.cur,,C:WINDOWSCursorscoin.ani,C:WINDOWSCursors3dgns.cur,C:WINDOWSCursors3dgwe.cur,C:WINDOWSCursors3dgnwse.cur,C:WINDOWSCursors3dgnesw.cur,C:WINDOWSCursors3dgmove.cur,""
«24484@480460454@4″=»»C:WINDOWSCursorsharrow.cur,,C:WINDOWSCursorsdrum.ani,C:WINDOWSCursorsmetronom.ani,C:WINDOWSCursorshcross.cur,C:WINDOWSCursorshibeam.cur,,C:WINDOWSCursorspiano.ani,C:WINDOWSCursorshns.cur,C:WINDOWSCursorshwe.cur,C:WINDOWSCursorshnwse.cur,C:WINDOWSCursorshnesw.cur,C:WINDOWSCursorshmove.cur,»»
«#0420454;484G0454=4=0404O4″=»»C:WINDOWSCursorslarrow.cur,,C:WINDOWSCursorslappstrt.cur,C:WINDOWSCursorslwait.cur,C:WINDOWSCursorslcross.cur,C:WINDOWSCursorslibeam.cur,,C:WINDOWSCursorslnodrop.cur,C:WINDOWSCursorslns.cur,C:WINDOWSCursorslwe.cur,C:WINDOWSCursorslnwse.cur,C:WINDOWSCursorslnesw.cur,C:WINDOWSCursorslmove.cur,»»
«220404@480404F48484″=»»C:WINDOWSCursorsfillitup.ani,,C:WINDOWSCursorsraindrop.ani,C:WINDOWSCursorscounter.ani,C:WINDOWSCursorscross.cur,,,C:WINDOWSCursorswagtail.ani,C:WINDOWSCursorssizens.ani,C:WINDOWSCursorssizewe.ani,C:WINDOWSCursorssizenwse.ani,C:WINDOWSCursorssizenesw.ani,»»
«360414J0454<4=0404O4 ?14@4>4=0474>0420404O4″=»»C:WINDOWSCursors3dgarro.cur,,C:WINDOWSCursorsappstar2.ani,C:WINDOWSCursorshourgla2.ani,C:WINDOWSCursorscross.cur,,,C:WINDOWSCursors3dgno.cur,C:WINDOWSCursors3dgns.cur,C:WINDOWSCursors3dgwe.cur,C:WINDOWSCursors3dgnwse.cur,C:WINDOWSCursors3dgnesw.cur,C:WINDOWSCursors3dgmove.cur,»»
«‘0454@4=0404O4 ?»=»C:WINDOWScursorsarrow_r.cur,C:WINDOWScursorshelp_r.cur,C:WINDOWScursorswait_r.cur,C:WINDOWScursorsbusy_r.cur,C:WINDOWScursorscross_r.cur,C:WINDOWScursorsbeam_r.cur,C:WINDOWScursorspen_r.cur,C:WINDOWScursorsno_r.cur,C:WINDOWScursorssize4_r.cur,C:WINDOWScursorssize3_r.cur,C:WINDOWScursorssize2_r.cur,C:WINDOWScursorssize1_r.cur,C:WINDOWScursorsmove_r.cur,C:WINDOWScursorsup_r.cur»
«‘0454@4=0404O4 ?(?:4@4C4?4=0404O4)?»=»C:WINDOWScursorsarrow_rm.cur,C:WINDOWScursorshelp_rm.cur,C:WINDOWScursorswait_rm.cur,C:WINDOWScursorsbusy_rm.cur,C:WINDOWScursorscross_rm.cur,C:WINDOWScursorsbeam_rm.cur,C:WINDOWScursorspen_rm.cur,C:WINDOWScursorsno_rm.cur,C:WINDOWScursorssize4_rm.cur,C:WINDOWScursorssize3_rm.cur,C:WINDOWScursorssize2_rm.cur,C:WINDOWScursorssize1_rm.cur,C:WINDOWScursorsmove_rm.cur,C:WINDOWScursorsup_rm.cur»
«‘0454@4=0404O4 ?(?>0434@4>4<4=0404O4)?"="C:WINDOWScursorsarrow_rl.cur,C:WINDOWScursorshelp_rl.cur,C:WINDOWScursorswait_rl.cur,C:WINDOWScursorsbusy_rl.cur,C:WINDOWScursorscross_rl.cur,C:WINDOWScursorsbeam_rl.cur,C:WINDOWScursorspen_rl.cur,C:WINDOWScursorsno_rl.cur,C:WINDOWScursorssize4_rl.cur,C:WINDOWScursorssize3_rl.cur,C:WINDOWScursorssize2_rl.cur,C:WINDOWScursorssize1_rl.cur,C:WINDOWScursorsmove_rl.cur,C:WINDOWScursorsup_rl.cur"
«304=0420454@4A4=0404O4″=»C:WINDOWScursorsarrow_i.cur,C:WINDOWScursorshelp_i.cur,C:WINDOWScursorswait_i.cur,C:WINDOWScursorsbusy_i.cur,C:WINDOWScursorscross_i.cur,C:WINDOWScursorsbeam_i.cur,C:WINDOWScursorspen_i.cur,C:WINDOWScursorsno_i.cur,C:WINDOWScursorssize4_i.cur,C:WINDOWScursorssize3_i.cur,C:WINDOWScursorssize2_i.cur,C:WINDOWScursorssize1_i.cur,C:WINDOWScursorsmove_i.cur,C:WINDOWScursorsup_i.cur»
«304=0420454@4A4=0404O4 ?(?:4@4C4?4=0404O4)?»=»C:WINDOWScursorsarrow_im.cur,C:WINDOWScursorshelp_im.cur,C:WINDOWScursorswait_im.cur,C:WINDOWScursorsbusy_im.cur,C:WINDOWScursorscross_im.cur,C:WINDOWScursorsbeam_im.cur,C:WINDOWScursorspen_im.cur,C:WINDOWScursorsno_im.cur,C:WINDOWScursorssize4_im.cur,C:WINDOWScursorssize3_im.cur,C:WINDOWScursorssize2_im.cur,C:WINDOWScursorssize1_im.cur,C:WINDOWScursorsmove_im.cur,C:WINDOWScursorsup_im.cur»
«304=0420454@4A4=0404O4 ?(?>0434@4>4<4=0404O4)?"="C:WINDOWScursorsarrow_il.cur,C:WINDOWScursorshelp_il.cur,C:WINDOWScursorswait_il.cur,C:WINDOWScursorsbusy_il.cur,C:WINDOWScursorscross_il.cur,C:WINDOWScursorsbeam_il.cur,C:WINDOWScursorspen_il.cur,C:WINDOWScursorsno_il.cur,C:WINDOWScursorssize4_il.cur,C:WINDOWScursorssize3_il.cur,C:WINDOWScursorssize2_il.cur,C:WINDOWScursorssize1_il.cur,C:WINDOWScursorsmove_il.cur,C:WINDOWScursorsup_il.cur"
«!4B0404=0440404@4B4=0404O4 ?(?:4@4C4?4=0404O4)?»=»C:WINDOWScursorsarrow_m.cur,C:WINDOWScursorshelp_m.cur,C:WINDOWScursorswait_m.cur,C:WINDOWScursorsbusy_m.cur,C:WINDOWScursorscross_m.cur,C:WINDOWScursorsbeam_m.cur,C:WINDOWScursorspen_m.cur,C:WINDOWScursorsno_m.cur,C:WINDOWScursorssize4_m.cur,C:WINDOWScursorssize3_m.cur,C:WINDOWScursorssize2_m.cur,C:WINDOWScursorssize1_m.cur,C:WINDOWScursorsmove_m.cur,C:WINDOWScursorsup_m.cur»
«!4B0404=0440404@4B4=0404O4 ?(?>0434@4>4<4=0404O4)?"="C:WINDOWScursorsarrow_l.cur,C:WINDOWScursorshelp_l.cur,C:WINDOWScursorswait_l.cur,C:WINDOWScursorsbusy_l.cur,C:WINDOWScursorscross_l.cur,C:WINDOWScursorsbeam_l.cur,C:WINDOWScursorspen_l.cur,C:WINDOWScursorsno_l.cur,C:WINDOWScursorssize4_l.cur,C:WINDOWScursorssize3_l.cur,C:WINDOWScursorssize2_l.cur,C:WINDOWScursorssize1_l.cur,C:WINDOWScursorsmove_l.cur,C:WINDOWScursorsup_l.cur"
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallWindows Sidebar]
«300470440404B0454;4L4″=»>@?>@0F8O 09:@>A>DB»
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGrpConvMapGroups]
«300434@4K4″=»!B0=40@B=K53@K»

scanning hidden files …

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%\Network Diagnostic\xpnetdiag.exe»=»%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%\system32\sessmgr.exe»=»%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:\Program Files\Skype\Phone\Skype.exe»=»C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%\Network Diagnostic\xpnetdiag.exe»=»%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%\system32\sessmgr.exe»=»%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

Remaining Files :

Files with Hidden Attributes :

Finished!
30 ноября, 2008 в 1:35 пп в ответ на: Просканировал с помощью Hijack This #19693
aquapa9
Participant
- Темы:1
- Сообщений:19
Все дело в том, что идет запрос диска Windows XP Professional Service Pack 3CD, а у меня его нет.
29 ноября, 2008 в 4:35 пп в ответ на: Просканировал с помощью Hijack This #19691
aquapa9
Participant
- Темы:1
- Сообщений:19
Отправляем скриншот диспетчера задач двумя файлами
28 ноября, 2008 в 7:02 пп в ответ на: Просканировал с помощью Hijack This #19689
aquapa9
Participant
- Темы:1
- Сообщений:19
Данного файла указанного Вами через поиск файлов не обнаружено.
28 ноября, 2008 в 6:53 пп в ответ на: Просканировал с помощью Hijack This #19688
aquapa9
Participant
- Темы:1
- Сообщений:19
ComboFix 08-11-27.07 — Admin 2008-11-28 20:42:22.7 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1218 [GMT 2:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_WEBALTACONTROLLER

Service_WebaltaController

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-26 19:38 . 2008-11-26 21:14 250 —a

c:windowsgmer.ini
2008-11-26 15:16 . 2008-11-26 15:16 d

c:documents and settingsAdminApplication DataArtogon
2008-11-26 13:54 . 2008-11-26 13:54 d

c:documents and settingsAll UsersApplication DataHarley-Davidson_ Race to the Rally Saves
2008-11-23 20:45 . 2008-11-23 20:45 d

c:documents and settingsAdminApplication DataGaijin Ent
2008-11-23 19:13 . 2008-11-23 19:13 d

c:documents and settingsAdminApplication DataMeridian93
2008-11-22 16:07 . 2008-11-22 16:07 d

c:documents and settingsAll UsersApplication DataPlayrix Entertainment
2008-11-21 22:36 . 2008-11-21 22:36 d

c:documents and settingsAll UsersApplication DataEscapeTheMuseum
2008-11-13 20:52 . 2008-11-13 20:52 d

c:documents and settingsLocalServiceApplication DataWebalta
2008-11-13 13:56 . 2008-11-13 13:56 d

c:documents and settingsAdminApplication DataGames
2008-11-13 12:57 . 2008-11-13 12:57 d

c:documents and settingsAll UsersApplication DataFriday’s games
2008-11-09 21:15 . 2008-11-09 21:15 d

c:program filesTrend Micro
2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a

c:windowssystem32driverstmcomm.sys
2008-11-09 20:46 . 2008-11-09 20:55 d

c:documents and settingsAdmin.housecall6.6
2008-11-09 10:31 . 2008-11-13 23:30 632 —a

C:settings.dat
2008-11-08 21:26 . 2008-11-08 21:26 d

c:documents and settingsAdminApplication DataBeezzle
2008-11-08 20:56 . 2008-11-08 20:56 d

c:documents and settingsAdminApplication DataBeachPartyCraze
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesCommon FilesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:documents and settingsAdminApplication DataYandex
2008-11-08 04:38 . 2008-11-08 04:50 d

c:documents and settingsAdminApplication DataLegends of pirates
2008-11-02 17:49 . 2008-11-02 17:49 d

c:program filesNevoSoft
2008-11-02 17:39 . 2008-11-28 20:30 d

c:program filesWebalta
2008-11-02 17:39 . 2008-11-02 17:39 d

c:documents and settingsAdminApplication DataWebalta
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataTemp App Data
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataMagic Academy
2008-11-01 23:32 . 2008-11-01 23:32 d

c:documents and settingsAll UsersApplication DataChristmasville
2008-11-01 20:49 . 2008-11-08 22:13 d

c:program filesИгры от NevoSoft
2008-11-01 17:44 . 2008-11-01 17:44 d

c:documents and settingsAll UsersApplication DataAstar Games
2008-11-01 12:44 . 2008-11-01 12:44 d

c:program filesMyCentria

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 13:06

d

w c:program filesИгры
2008-11-26 13:03

d

w c:program filesThe KMPlayer
2008-11-26 10:26

d

w c:program filesAIMP2
2008-11-21 19:02

d

w c:program filesAlawar.ru
2008-11-11 21:18

d

w c:documents and settingsAdminApplication DataSkype
2008-11-10 18:18

d

w c:program filesGoogle
2008-11-08 19:26

d

w c:documents and settingsAll UsersApplication DataAlawarWrapper
2008-11-06 23:01

d

w c:program filesESET
2008-10-29 17:40

d

w c:program filesFreeGamePick.com
2008-10-26 19:27

d

w c:documents and settingsAdminApplication DataQIP
2008-10-23 13:41

d

w c:documents and settingsAdminApplication DataAhead
2008-10-20 16:15

d

w c:program filesCommon FilesAhead
2008-10-20 16:13

d

w c:program filesNero
2008-10-20 16:06

d

w c:program filesAhead
2008-10-18 09:29

d

w c:documents and settingsAll UsersApplication DataSandlot Games
2008-10-18 07:15

d

w c:documents and settingsAll UsersApplication DataPlayFirst
2008-10-18 07:15

d

w c:documents and settingsAdminApplication DataPlayFirst
2008-10-14 16:53

d

w c:documents and settingsAdminApplication DataWindows Search
2008-10-14 16:51

d

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-14 16:48

d

w c:program filesWindows Desktop Search
2008-10-11 20:07

d

w c:documents and settingsAdminApplication DataMy Games
2008-10-11 19:07

d

w c:documents and settingsAll UsersApplication DataNevoSoft Games
2008-10-09 15:44

d

w c:program filesMyRealGames.com
2008-10-08 09:07

d

w c:documents and settingsAll UsersApplication DataAlawar Stargaze
2008-10-06 19:34

d

w c:program filesAskTBar
2008-10-05 05:59

d

w c:documents and settingsAll UsersApplication DataВеселаяФерма2
2008-09-28 11:33

d

w c:documents and settingsAdminApplication Datacerasus.media
2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-28_20.36.44.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 —-a-w c:windowsERDNTsubsERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
«Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
«Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
«NevoDRM»=»c:program filesИгрыNevoDRMNevoDRM.exe» [2008-07-29 201728]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [23.09.2008 12:02:41 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??c:program filesAgnitumOutpost FirewallkernelARP.DLL [23.09.2008 12:02:41 17440]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [23.09.2008 12:02:41 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [23.09.2008 12:02:41 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [23.09.2008 12:02:41 9024]
S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [22.10.2008 20:46:09 30192]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [23.09.2008 12:02:41 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [23.09.2008 12:02:41 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [23.09.2008 12:02:41 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [23.09.2008 12:02:41 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [23.09.2008 12:02:41 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [23.09.2008 12:02:41 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [23.09.2008 12:02:41 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [23.09.2008 12:02:41 9696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar]
c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
«c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
«c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
.
Contents of the ‘Scheduled Tasks’ folder

2008-11-27 c:windowsTasksGoogleUpdateTaskUser.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 20:45:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(736)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll

— — — — — — — > ‘lsass.exe'(792)
c:windowssystem32SETUPAPI.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.

Other Running Processes

.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesESETnod32krn.exe
c:program filesc:windowssystem32wbemwmiprvse.exe
c:program filesHPDigital Imagingbinhpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-28 20:47:06 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 18:47:00
ComboFix2.txt 2008-11-28 18:37:17

Pre-Run: 17,027,321,856 байт свободно
Post-Run: 16,986,857,472 байт свободно

204
На этот раз удалось. Но одно окно с рекламой, во всяком случае то, которое я видел, выплывает.
27 ноября, 2008 в 8:39 пп в ответ на: Просканировал с помощью Hijack This #19686
aquapa9
Participant
- Темы:1
- Сообщений:19
Не уверен, что все выполнил правильно. Всплывающее окно с рекламой пока наблюдаю одно и тоже. По поводу файла spro.sys. , то в результате поиска комп. его не нашел. И если я все правильно выполнил с переносом CFScript в Combofix , то вот то, что получилось:
ComboFix 08-11-23.02 — Admin 2008-11-27 22:02:11.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1304 [GMT 2:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-26 19:38 . 2008-11-26 21:14 250 —a

c:windowsgmer.ini
2008-11-26 15:16 . 2008-11-26 15:16 d

c:documents and settingsAdminApplication DataArtogon
2008-11-26 13:54 . 2008-11-26 13:54 d

c:documents and settingsAll UsersApplication DataHarley-Davidson_ Race to the Rally Saves
2008-11-23 20:45 . 2008-11-23 20:45 d

c:documents and settingsAdminApplication DataGaijin Ent
2008-11-23 19:13 . 2008-11-23 19:13 d

c:documents and settingsAdminApplication DataMeridian93
2008-11-22 16:07 . 2008-11-22 16:07 d

c:documents and settingsAll UsersApplication DataPlayrix Entertainment
2008-11-21 22:36 . 2008-11-21 22:36 d

c:documents and settingsAll UsersApplication DataEscapeTheMuseum
2008-11-13 20:52 . 2008-11-13 20:52 d

c:documents and settingsLocalServiceApplication DataWebalta
2008-11-13 13:56 . 2008-11-13 13:56 d

c:documents and settingsAdminApplication DataGames
2008-11-13 12:57 . 2008-11-13 12:57 d

c:documents and settingsAll UsersApplication DataFriday’s games
2008-11-09 21:15 . 2008-11-09 21:15 d

c:program filesTrend Micro
2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a

c:windowssystem32driverstmcomm.sys
2008-11-09 20:46 . 2008-11-09 20:55 d

c:documents and settingsAdmin.housecall6.6
2008-11-09 10:31 . 2008-11-13 23:30 632 —a

C:settings.dat
2008-11-08 21:26 . 2008-11-08 21:26 d

c:documents and settingsAdminApplication DataBeezzle
2008-11-08 20:56 . 2008-11-08 20:56 d

c:documents and settingsAdminApplication DataBeachPartyCraze
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesCommon FilesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:documents and settingsAdminApplication DataYandex
2008-11-08 04:38 . 2008-11-08 04:50 d

c:documents and settingsAdminApplication DataLegends of pirates
2008-11-02 17:49 . 2008-11-02 17:49 d

c:program filesNevoSoft
2008-11-02 17:39 . 2008-11-27 21:49 d

c:program filesWebalta
2008-11-02 17:39 . 2008-11-02 17:39 d

c:documents and settingsAdminApplication DataWebalta
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataTemp App Data
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataMagic Academy
2008-11-01 23:32 . 2008-11-01 23:32 d

c:documents and settingsAll UsersApplication DataChristmasville
2008-11-01 20:49 . 2008-11-08 22:13 d

c:program filesИгры от NevoSoft
2008-11-01 17:44 . 2008-11-01 17:44 d

c:documents and settingsAll UsersApplication DataAstar Games
2008-11-01 12:44 . 2008-11-01 12:44 d

c:program filesMyCentria

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 13:06

d

w c:program filesИгры
2008-11-26 13:03

d

w c:program filesThe KMPlayer
2008-11-26 10:26

d

w c:program filesAIMP2
2008-11-21 19:02

d

w c:program filesAlawar.ru
2008-11-11 21:18

d

w c:documents and settingsAdminApplication DataSkype
2008-11-10 18:18

d

w c:program filesGoogle
2008-11-08 19:26

d

w c:documents and settingsAll UsersApplication DataAlawarWrapper
2008-11-06 23:01

d

w c:program filesESET
2008-10-29 17:40

d

w c:program filesFreeGamePick.com
2008-10-26 19:27

d

w c:documents and settingsAdminApplication DataQIP
2008-10-23 13:41

d

w c:documents and settingsAdminApplication DataAhead
2008-10-20 16:15

d

w c:program filesCommon FilesAhead
2008-10-20 16:13

d

w c:program filesNero
2008-10-20 16:06

d

w c:program filesAhead
2008-10-18 09:29

d

w c:documents and settingsAll UsersApplication DataSandlot Games
2008-10-18 07:15

d

w c:documents and settingsAll UsersApplication DataPlayFirst
2008-10-18 07:15

d

w c:documents and settingsAdminApplication DataPlayFirst
2008-10-14 16:53

d

w c:documents and settingsAdminApplication DataWindows Search
2008-10-14 16:51

d

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-14 16:48

d

w c:program filesWindows Desktop Search
2008-10-11 20:07

d

w c:documents and settingsAdminApplication DataMy Games
2008-10-11 19:07

d

w c:documents and settingsAll UsersApplication DataNevoSoft Games
2008-10-09 15:44

d

w c:program filesMyRealGames.com
2008-10-08 09:07

d

w c:documents and settingsAll UsersApplication DataAlawar Stargaze
2008-10-06 19:34

d

w c:program filesAskTBar
2008-10-05 05:59

d

w c:documents and settingsAll UsersApplication DataВеселаяФерма2
2008-09-28 11:33

d

w c:documents and settingsAdminApplication Datacerasus.media
2008-09-27 10:47

d

w c:documents and settingsAll UsersApplication DataEgoset
2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-24_20.04.26,25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-26 17:38:21 884,736 —-a-w c:windowsgmer.dll
+ 2008-04-17 19:13:02 811,008 —-a-w c:windowsgmer.exe
+ 2008-11-26 17:38:21 85,969 —-a-w c:windowssystem32driversgmer.sys
— 2008-09-23 09:11:12 138,848 —-a-w c:windowssystem32FNTCACHE.DAT
+ 2008-11-26 17:26:14 138,848 —-a-w c:windowssystem32FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}]
2008-11-13 20:52 738306 —a

c:progra~1WebaltaWEBALT~2.DLL

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]
«{D4C56A33-3488-495B-8033-9BF834E276D8}»= «c:progra~1WebaltaWEBALT~1.DLL» [2008-11-13 1693186]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
«Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
«Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
«NevoDRM»=»c:program filesИгрыNevoDRMNevoDRM.exe» [2008-07-29 201728]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

S2 WebaltaController;Webalta Controller;»c:program filesWebaltaWebaltaUpdaterService.exe» -service [14.10.2008 15:16:00 97794]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [23.09.2008 12:02:41 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??c:program filesAgnitumOutpost FirewallkernelARP.DLL [23.09.2008 12:02:41 17440]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [23.09.2008 12:02:41 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [23.09.2008 12:02:41 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [23.09.2008 12:02:41 9024]
S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [22.10.2008 20:46:09 30192]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [23.09.2008 12:02:41 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [23.09.2008 12:02:41 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [23.09.2008 12:02:41 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [23.09.2008 12:02:41 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [23.09.2008 12:02:41 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [23.09.2008 12:02:41 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [23.09.2008 12:02:41 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [23.09.2008 12:02:41 9696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar]
c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
«c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
«c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
.
Contents of the ‘Scheduled Tasks’ folder

2008-11-27 c:windowsTasksGoogleUpdateTaskUser.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
.
.

Supplementary Scan

.
FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles4gnh65qv.default
FF -: plugin — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.27npGoogleOneClick6.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 22:03:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(728)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll

— — — — — — — > ‘lsass.exe'(784)
c:windowssystem32SETUPAPI.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2008-11-27 22:03:47
ComboFix-quarantined-files.txt 2008-11-27 20:03:32
ComboFix2.txt 2008-11-13 18:37:14

Pre-Run: 16,598,011,904 байт свободно
Post-Run: 16,716,144,640 байт свободно

202
26 ноября, 2008 в 7:25 пп в ответ на: Просканировал с помощью Hijack This #19684
aquapa9
Participant
- Темы:1
- Сообщений:19
GMER 1.0.14.14536 — http://www.gmer.net
Autostart scan 2008-11-26 21:20:55
Windows 5.1.2600 Service Pack 3

HKLMSYSTEMCurrentControlSetControlSession ManagerSubSystems@Windows = %SystemRoot%system32csrss.exe ObjectDirectory=Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon@Userinit = C:WINDOWSsystem32userinit.exe,

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify >>>
AtiExtEvent@DLLName = Ati2evxx.dll
dimsntfy@DLLName = %SystemRoot%System32dimsntfy.dll

HKLMSYSTEMCurrentControlSetServices >>>
Ati HotKey Poller@ = %SystemRoot%system32Ati2evxx.exe
NOD32krn@ = «C:Program FilesEsetnod32krn.exe»
OutpostFirewall@ = C:Program FilesAgnitumOutpost Firewalloutpost.exe /service /*file not found*/
WebaltaController@ = «C:Program FilesWebaltaWebaltaUpdaterService.exe» -service

HKLMSoftwareMicrosoftWindowsCurrentVersionRun >>>
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@AmlMapleC:Program FilesAmlMapleAmlMaple.exe = C:Program FilesAmlMapleAmlMaple.exe
@HP Software UpdateC:Program FilesHPHP Software UpdateHPWuSchd2.exe = C:Program FilesHPHP Software UpdateHPWuSchd2.exe
@nod32kui»C:Program FilesEsetnod32kui.exe» /WAITSERVICE = «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
@Outpost FirewallC:Program FilesAgnitumOutpost Firewalloutpost.exe /waitservice /*file not found*/ = C:Program FilesAgnitumOutpost Firewalloutpost.exe /waitservice /*file not found*/
@OutpostFeedBackC:Program FilesAgnitumOutpost Firewallfeedback.exe /dump:os_startup /*file not found*/ = C:Program FilesAgnitumOutpost Firewallfeedback.exe /dump:os_startup /*file not found*/
@NeroFilterCheckC:Program FilesCommon FilesAheadLibNeroCheck.exe = C:Program FilesCommon FilesAheadLibNeroCheck.exe

@Google Desktop Search»C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup = «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup
@NevoDRM»C:Program Files????NevoDRMNevoDRM.exe» = «C:Program Files????NevoDRMNevoDRM.exe»

HKCUSoftwareMicrosoftWindowsCurrentVersionRun >>>
@CTFMON.EXEC:WINDOWSsystem32ctfmon.exe = C:WINDOWSsystem32ctfmon.exe
@VistaIconC:Program FilesVistaDriveIconVistaDrv.exe = C:Program FilesVistaDriveIconVistaDrv.exe
@Download MasterC:Program FilesDownload Masterdmaster.exe -autorun /*file not found*/ = C:Program FilesDownload Masterdmaster.exe -autorun /*file not found*/

@Google Update»C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c = «C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»C:Program FilesCommon FilesAheadLibNMBgMonitor.exe» = «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
@Yupdate!»C:Program FilesCommon FilesYandexYupdateyupdate.exe» = «C:Program FilesCommon FilesYandexYupdateyupdate.exe»

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad@WPDShServiceObj = C:WINDOWSsystem32wpdshserviceobj.dll

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Расширение CPL панорамирования дисплея*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%system32wpdshext.dll = %SystemRoot%system32wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%system32wpdshext.dll = %SystemRoot%system32wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:WINDOWSsystem32extmgr.dll = C:WINDOWSsystem32extmgr.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Свойства: Предыдущие версии*/%SystemRoot%system32twext.dll = %SystemRoot%system32twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Предыдущие версии*/%SystemRoot%system32twext.dll = %SystemRoot%system32twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:WINDOWSsystem32dfshim.dll = C:WINDOWSsystem32dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:WINDOWSsystem32dfshim.dll = C:WINDOWSsystem32dfshim.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:Program FilesCommon FilesMicrosoft SharedWeb FoldersMSONSEXT.DLL = C:Program FilesCommon FilesMicrosoft SharedWeb FoldersMSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:Program FilesMicrosoft OfficeOffice12msohevi.dll = C:Program FilesMicrosoft OfficeOffice12msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll = C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll = C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:PROGRA~1MICROS~2Office12OLKFSTUB.DLL = C:PROGRA~1MICROS~2Office12OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:PROGRA~1MICROS~2Office12MLSHEXT.DLL = C:PROGRA~1MICROS~2Office12MLSHEXT.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:Program FilesWinRARrarext.dll = C:Program FilesWinRARrarext.dll
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:Program FilesEsetnodshex.dll = C:Program FilesEsetnodshex.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll = C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll = C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll
@{D250CF30-1CF3-4CED-AA2B-D76F5FD05C99} /*Webalta Анти-Баннер*/C:PROGRA~1WebaltaWEBALT~2.DLL = C:PROGRA~1WebaltaWEBALT~2.DLL

HKLMSoftwareClasses*shellexContextMenuHandlers >>>
ASW@{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} = C:Program FilesAgnitumOutpost Firewallop_shell.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:Program FilesEsetnodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:Program FilesWinRARrarext.dll

HKLMSoftwareClasses*shellexContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:Program FilesNeroNero 7Nero BackItUpNBShell.dll

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers >>>
ASW@{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} = C:Program FilesAgnitumOutpost Firewallop_shell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:Program FilesWinRARrarext.dll

HKLMSoftwareClassesFoldershellexContextMenuHandlers >>>
ASW@{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} = C:Program FilesAgnitumOutpost Firewallop_shell.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:Program FilesEsetnodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:Program FilesWinRARrarext.dll

HKLMSoftwareClassesFoldershellexContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:Program FilesNeroNero 7Nero BackItUpNBShell.dll

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects >>>
@{0347C33E-8762-4905-BF09-768834316C61}C:Program FilesHPSmart Web Printinghpswp_printenhancer.dll = C:Program FilesHPSmart Web Printinghpswp_printenhancer.dll
@{053F9267-DC04-4294-A72C-58F732D338C0}C:Program FilesHPSmart Web Printinghpswp_framework.dll = C:Program FilesHPSmart Web Printinghpswp_framework.dll
@{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}C:PROGRA~1WebaltaWEBALT~2.DLL = C:PROGRA~1WebaltaWEBALT~2.DLL
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:Program FilesJavajre1.6.0_06binssv.dll = C:Program FilesJavajre1.6.0_06binssv.dll
@{9961627E-4059-41B4-8E0E-A7D6B3854ADF}C:PROGRA~1DOWNLO~1dmiehlp.dll = C:PROGRA~1DOWNLO~1dmiehlp.dll
@{AA58ED58-01DD-4D91-8333-CF10577473F7}C:Documents and SettingsAdminGooglegoogletoolbar1.dll = C:Documents and SettingsAdminGooglegoogletoolbar1.dll

HKLMSoftwareMicrosoftInternet ExplorerMain >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%system32blank.htm = %SystemRoot%system32blank.htm

HKCUSoftwareMicrosoftInternet ExplorerMain >>>
@Start Pagehttp://my.webalta.ru = http://my.webalta.ru
@Local PageC:WINDOWSsystem32blank.htm = C:WINDOWSsystem32blank.htm

HKLMSoftwareClassesPROTOCOLSFiltertext/xml@CLSID = C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL

HKLMSoftwareClassesPROTOCOLSHandler >>>
dvd@CLSID = C:WINDOWSsystem32msvidctl.dll
its@CLSID = C:WINDOWSsystem32itss.dll
mhtml@CLSID = %SystemRoot%system32inetcomm.dll
ms-help@CLSID = C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
ms-its@CLSID = C:WINDOWSsystem32itss.dll
tv@CLSID = C:WINDOWSsystem32msvidctl.dll
wia@CLSID = C:WINDOWSsystem32wiascr.dll

HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfaces{2729C846-E804-4E23-AEF5-82B14538E173} /*Подключение по локальной сети*/ >>>
@IPAddress10.25.11.110 = 10.25.11.110
@NameServer195.230.99.6 = 195.230.99.6
@DefaultGateway10.25.11.109 = 10.25.11.109
@Domain =

HKLMSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLMSYSTEMCurrentControlSetServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries00000000011@PackedCatalogItem = imon.dll

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка = HP Digital Imaging Monitor.lnk

—- EOF — GMER 1.0.14 —-
26 ноября, 2008 в 6:36 пп в ответ на: Просканировал с помощью Hijack This #19683
aquapa9
Participant
- Темы:1
- Сообщений:19
GMER 1.0.14.14536 — http://www.gmer.net
Rootkit scan 2008-11-26 19:49:28
Windows 5.1.2600 Service Pack 3

—- System — GMER 1.0.14 —-

SSDT spro.sys ZwCreateKey [0xF74D70E0]
SSDT spro.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spro.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spro.sys ZwOpenKey [0xF74D70C0]
SSDT spro.sys ZwQueryKey [0xF74F6108]
SSDT spro.sys ZwQueryValueKey [0xF74F5F88]
SSDT spro.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 89A27BF8
INT 0x63 ? 899E8F00
INT 0x73 ? 899E8F00
INT 0x73 ? 899E8F00
INT 0x83 ? 89A27BF8
INT 0x83 ? 89A27BF8
INT 0x83 ? 89A27BF8
INT 0xA4 ? 899E8F00
INT 0xB4 ? 899E8F00

—- Kernel code sections — GMER 1.0.14 —-

? spro.sys Не удается найти указанный файл. !
.text USBPORT.SYS!DllUnload BA280934 5 Bytes JMP 899E84E0

—- Kernel IAT/EAT — GMER 1.0.14 —-

IAT WINDOWSSystem32DriversSCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89A952D8
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spro.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spro.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spro.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spro.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spro.sys
IAT SystemRootsystem32DRIVERSUSBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 899E85E0

—- Devices — GMER 1.0.14 —-

Device FileSystemNtfs Ntfs 89A261F8

AttachedDevice FileSystemNtfs Ntfs amon.sys (Amon monitor/Eset )

Device Driverusbohci DeviceUSBPDO-0 Device Driverdmio DeviceDmControlDmIoDaemon Device Driverdmio DeviceDmControlDmConfig Device Driverdmio DeviceDmControlDmPnP Device Driverdmio DeviceDmControlDmInfo Device Driverusbohci DeviceUSBPDO-1 Device Driverusbohci DeviceUSBPDO-2 Device Driverusbohci DeviceUSBPDO-3 Device Driverusbehci DeviceUSBPDO-4 Device Driverusbohci DeviceUSBPDO-5 Device DriverFtdisk DeviceHarddiskVolume1 Device DriverFtdisk DeviceHarddiskVolume2 Device DriverCdrom DeviceCdRom0 Device Driverusbstor Device0000082 Device Driverusbstor Device0000083 Device DriverNetBT DeviceNetBt_Wins_Export Device DriverNetBT DeviceNetBT_Tcpi Device DriverNetBT DeviceNetbiosSmb Device Driverusbohci DeviceUSBFDO-0 Device Driverusbohci DeviceUSBFDO-1 Device FileSystemMRxSmb DeviceLanma Device Driverusbohci DeviceUSBFDO-2 Device FileSystemMRxSmb DeviceLanmanRedirector Device Driverusbohci DeviceUSBFDO-3 Device Driverusbohci DeviceUSBFDO-4 Device DriverFtdisk DeviceFtControl Device Driverusbehci DeviceUSBFDO-5 Device FileSystemCdfs Cdfs 899D21F8
89A931F8
89A931F8
89A931F8
89A931F8
899D21F8
899D21F8
899D21F8
899CE500
899D21F8
89A281F8
89A281F8
8999C1F8
89354500
89354500
893741F8
p_{2729C846-E804-4E23-AEF5-82B14538E173} 893741F8
893741F8
899D21F8
899D21F8
nDatagramReceiver 893581F8
899D21F8
893581F8
899D21F8
899D21F8
89A281F8
899CE500
89337500

—- Registry — GMER 1.0.14 —-

Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?3?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?3?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?

—- EOF — GMER 1.0.14 —-
25 ноября, 2008 в 6:14 пп в ответ на: Просканировал с помощью Hijack This #19681
aquapa9
Participant
- Темы:1
- Сообщений:19
Скорее всего Webalta установил по не знанию из и-нета, когда что то загружал и к сожалению не помню когда. По поводу того, когда начали всплывать окна из порно сайтов, то примерно, это середина октября.
24 ноября, 2008 в 6:12 пп в ответ на: Просканировал с помощью Hijack This #19679
aquapa9
Participant
- Темы:1
- Сообщений:19
OTViewIt logfile created on: 24.11.2008 19:53:45 — Run
OTViewIt by OldTimer — Version 1.0.20.0 Folder = C:Documents and SettingsAdminРабочий стол
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000422 | Country: Украина | Language: UKR | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 68,81% Memory free
3,60 Gb Paging File | 3,21 Gb Available in Paging File | 89,23% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 27,16 Gb Total Space | 15,45 Gb Free Space | 56,90% Space Free | Partition Type: NTFS
Drive D: | 84,62 Gb Total Space | 68,30 Gb Free Space | 80,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOF-311F14
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008.04.15 14:00:00 | 00,050,688 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smss.exe
[2008.05.20 17:41:38 | 00,509,440 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32winlogon.exe
[2008.04.15 14:00:00 | 00,109,056 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe
[2008.02.26 05:00:02 | 00,520,192 | —- | M] (ATI Technologies Inc.) — C:WINDOWSsystem32ati2evxx.exe
[2008.02.26 05:00:02 | 00,520,192 | —- | M] (ATI Technologies Inc.) — C:WINDOWSsystem32ati2evxx.exe
[2008.09.23 11:29:28 | 00,495,616 | —- | M] (Eset ) — C:Program FilesESETnod32krn.exe
[2008.05.20 17:53:38 | 01,721,344 | —- | M] (Корпорация Майкрософт) — C:WINDOWSexplorer.exe
[2008.04.10 16:52:10 | 16,861,184 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSRTHDCPL.EXE
[2008.04.24 22:27:30 | 00,091,648 | —- | M] (G&G Software, Moscow State University) — C:Program FilesAmlMapleAmlMaple.exe
[2007.03.11 19:34:40 | 00,049,152 | —- | M] (Hewlett-Packard Co.) — C:Program FilesHPHP Software UpdatehpwuSchd2.exe
[2008.09.23 11:29:28 | 00,917,504 | —- | M] (Eset ) — C:Program FilesESETnod32kui.exe
[2008.11.07 01:02:49 | 00,030,192 | —- | M] (Google) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
[2008.01.02 12:52:02 | 00,132,096 | —- | M] () — C:Program FilesVistaDriveIconVistaDrv.exe
[2008.01.26 15:30:40 | 03,266,560 | —- | M] (WestByte) — C:Program FilesDownload Masterdmaster.exe
[2008.10.20 17:38:51 | 00,133,104 | —- | M] (Google Inc.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
[2006.04.21 16:03:34 | 00,094,208 | —- | M] (Nero AG) — C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
[2008.05.30 11:29:38 | 00,460,040 | —- | M] (ООО «ЯНДЕКС») — C:Program FilesCommon FilesYandexYupdateyupdate.exe
[2008.11.07 01:02:49 | 00,030,192 | —- | M] (Google) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
[2007.03.11 19:26:24 | 00,210,520 | —- | M] (Hewlett-Packard Co.) — C:Program FilesHPDigital Imagingbinhpqtra08.exe
[2008.07.31 10:22:08 | 00,322,560 | —- | M] () — C:Program FilesИгрыNevoDRMrun.exe
[2007.03.11 19:32:42 | 00,151,552 | —- | M] (Hewlett-Packard Co.) — C:Program FilesHPDigital Imagingbinhpqste08.exe
[2007.09.04 18:55:14 | 00,180,224 | —- | M] () — C:client windowsclient.exe
[2008.11.13 12:36:41 | 00,307,712 | —- | M] (Mozilla Corporation) — C:Program FilesMozilla Firefoxfirefox.exe
[2008.04.15 14:00:00 | 00,033,280 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32rundll32.exe
[2008.11.24 19:52:47 | 00,422,400 | —- | M] (OldTimer Tools) — C:Documents and SettingsAdminРабочий столOTViewIt.exe

========== (O23) Win32 Services ==========

[2007.10.24 01:47:22 | 00,033,800 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe — (aspnet_state [On_Demand | Stopped])
[2008.02.26 05:00:02 | 00,520,192 | —- | M] (ATI Technologies Inc.) — C:WINDOWSsystem32ati2evxx.exe — (Ati HotKey Poller [Auto | Running])
[2007.10.24 01:47:40 | 00,070,144 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,109,056 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (Eventlog [Auto | Running])
[2008.11.07 01:02:49 | 00,030,192 | —- | M] (Google) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe — (GoogleDesktopManager-092308-165331 [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,150,528 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32imapi.exe — (ImapiService [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDE [Disabled | Stopped])
[2008.04.15 14:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDEdsdm [Disabled | Stopped])
[2008.09.23 11:29:28 | 00,495,616 | —- | M] (Eset ) — C:Program FilesESETnod32krn.exe — (NOD32krn [Auto | Running])
[2006.10.26 17:49:34 | 00,441,136 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE — (odserv [On_Demand | Stopped])
[2006.10.26 11:03:08 | 00,145,184 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
[2006.02.13 10:00:34 | 00,091,648 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost Firewalloutpost.exe — (OutpostFirewall [Auto | Stopped])
[2008.04.15 14:00:00 | 00,109,056 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (PlugPlay [Auto | Running])
[2008.04.15 14:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sessmgr.exe — (RDSessMgr [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,096,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32scardsvr.exe — (SCardSvr [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,091,648 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smlogsvc.exe — (SysmonLog [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,073,216 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32tlntsvr.exe — (TlntSvr [Disabled | Stopped])
[2008.04.15 14:00:00 | 00,290,304 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32vssvc.exe — (VSS [On_Demand | Stopped])
[2008.11.13 20:52:47 | 00,097,794 | —- | M] () — C:Program FilesWebaltaWebaltaUpdaterService.exe — (WebaltaController [Auto | Stopped])
[2008.04.15 14:00:00 | 00,126,464 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32wbemwmiapsrv.exe — (WmiApSrv [On_Demand | Stopped])
[2006.10.18 19:05:24 | 00,913,408 | —- | M] (Microsoft Corporation) — C:Program FilesWindows Media Playerwmpnetwk.exe — (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008.04.15 14:00:00 | 00,188,288 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversacpi.sys — (ACPI [Boot | Running])
[2008.04.15 14:00:00 | 00,011,776 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversacpiec.sys — (ACPIEC [Boot | Running])
[2006.02.13 10:00:26 | 00,033,600 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKerneladblock.dll — (ADBLOCK.DLL [On_Demand | Stopped])
[2008.09.23 11:29:28 | 00,502,208 | —- | M] (Eset ) — C:WINDOWSsystem32driversamon.sys — (AMON [Auto | Running])
[2007.05.03 04:00:58 | 00,546,976 | R— | M] (Atheros Communications, Inc.) — C:WINDOWSsystem32driversar5211.sys — (AR5211 [On_Demand | Stopped])
[2006.02.13 10:00:42 | 00,017,440 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelarp.dll — (ARP.DLL [On_Demand | Stopped])
[2008.02.26 07:51:42 | 02,863,616 | —- | M] (ATI Technologies Inc.) — C:WINDOWSsystem32driversati2mtag.sys — (ati2mtag [On_Demand | Running])
[2006.02.13 10:00:28 | 00,004,896 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelcontent.dll — (CONTENT.DLL [On_Demand | Stopped])
[2006.02.13 10:00:24 | 00,014,304 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKerneldnscache.dll — (DNSCACHE.DLL [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,044,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversfips.sys — (Fips [System | Running])
[2008.04.15 14:00:00 | 00,125,440 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversftdisk.sys — (Ftdisk [Boot | Running])
[2006.02.13 10:00:30 | 00,009,024 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelftpfilt.dll — (FTPFILT.DLL [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,144,384 | —- | M] (Windows (R) Server 2003 DDK provider) — C:WINDOWSsystem32drivershdaudbus.sys — (HDAudBus [On_Demand | Running])
[2007.03.08 06:20:48 | 00,049,920 | R— | M] (HP) — C:WINDOWSsystem32driversHPZid412.sys — (HPZid412 [On_Demand | Stopped])
[2007.03.08 06:20:49 | 00,016,496 | R— | M] (HP) — C:WINDOWSsystem32driversHPZipr12.sys — (HPZipr12 [On_Demand | Stopped])
[2007.03.08 06:20:50 | 00,021,568 | R— | M] (HP) — C:WINDOWSsystem32driversHPZius12.sys — (HPZius12 [On_Demand | Stopped])
[2006.02.13 10:00:26 | 00,011,552 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelhtmlfilt.dll — (HTMLFILT.DLL [On_Demand | Stopped])
[2006.02.13 10:00:24 | 00,013,248 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelhttpfilt.dll — (HTTPFILT.DLL [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,053,120 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversi8042prt.sys — (i8042prt [System | Running])
[2006.02.13 10:00:30 | 00,007,200 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelimapfilt.dll — (IMAPFILT.DLL [On_Demand | Stopped])
[2008.04.17 16:33:26 | 04,707,328 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSsystem32driversRtkHDAud.sys — (IntcAzAudAddService [On_Demand | Running])
[2008.04.15 14:00:00 | 00,037,504 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversisapnp.sys — (isapnp [Boot | Running])
[2008.04.15 14:00:00 | 00,024,832 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverskbdclass.sys — (Kbdclass [System | Running])
[2006.02.13 10:00:28 | 00,014,912 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelmailfilt.dll — (MAILFILT.DLL [On_Demand | Stopped])
[2008.05.20 17:43:44 | 00,030,208 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversmodem.sys — (Modem [On_Demand | Stopped])
[2008.05.20 17:43:44 | 00,023,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversmouclass.sys — (Mouclass [System | Running])
[2001.10.19 22:33:10 | 00,012,160 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversmouhid.sys — (mouhid [On_Demand | Running])
[2006.02.13 10:00:28 | 00,006,752 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelnntpfilt.dll — (NNTPFILT.DLL [On_Demand | Stopped])
[2008.05.20 17:43:44 | 00,080,128 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversparport.sys — (Parport [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,006,912 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversparvdm.sys — (ParVdm [Auto | Stopped])
[2008.04.15 14:00:00 | 00,068,480 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverspci.sys — (PCI [Boot | Running])
[2008.04.15 14:00:00 | 00,003,328 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverspciide.sys — (PCIIde [Boot | Running])
[2008.04.15 14:00:00 | 00,120,192 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driverspcmcia.sys — (Pcmcia [Disabled | Stopped])
[2006.02.13 10:00:28 | 00,009,984 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelpop3filt.dll — (POP3FILT.DLL [On_Demand | Stopped])
[2006.02.13 10:00:30 | 00,016,960 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelprotect.dll — (PROTECT.DLL [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,017,792 | —- | M] (Parallel Technologies, Inc.) — C:WINDOWSsystem32driversptilink.sys — (Ptilink [On_Demand | Running])
[2008.05.20 21:42:26 | 00,058,368 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversredbook.sys — (redbook [System | Running])
[2007.11.21 01:09:22 | 00,104,320 | —- | M] (Realtek Semiconductor Corporation ) — C:WINDOWSsystem32driversRtnicxp.sys — (RTL8023xp [On_Demand | Running])
[2008.04.15 14:00:00 | 00,020,480 | —- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) — C:WINDOWSsystem32driverssecdrv.sys — (Secdrv [On_Demand | Stopped])
[2006.02.13 10:00:42 | 00,009,696 | —- | M] (Agnitum Ltd.) — C:Program FilesAgnitumOutpost FirewallKernelsecret.dll — (SECRET.DLL [On_Demand | Stopped])
[2008.04.15 14:00:00 | 00,065,024 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversserial.sys — (Serial [Auto | Stopped])
[2008.09.23 11:26:42 | 00,717,296 | —- | M] () — C:WINDOWSsystem32driverssptd.sys — (sptd [Boot | Running])
[2008.04.15 14:00:00 | 00,073,472 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverssr.sys — (sr [Boot | Running])
[2008.11.09 20:47:23 | 00,102,664 | —- | M] (Trend Micro Inc.) — C:WINDOWSsystem32driverstmcomm.sys — (tmcomm [Auto | Running])
[2008.05.20 17:42:30 | 00,060,032 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversUSBAUDIO.sys — (usbaudio [On_Demand | Running])
[2008.05.20 17:42:28 | 00,121,984 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversusbvideo.sys — (usbvideo [On_Demand | Running])
[2008.04.15 14:00:00 | 00,051,968 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversvolsnap.sys — (VolSnap [Boot | Running])
[2008.04.15 14:00:00 | 00,012,032 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversws2ifsl.sys — (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain]
«Default_Page_URL»=http://go.microsoft.com/fwlink/?LinkId=69157
«Default_Search_URL»=http://go.microsoft.com/fwlink/?LinkId=54896
«Default_Secondary_Page_URL»=
«Extensions Off Page»=about:NoAdd-ons
«Local Page»=%SystemRoot%system32blank.htm
«Search Page»=http://go.microsoft.com/fwlink/?LinkId=54896
«Security Risk Page»=about:SecurityRisk
«Start Page»=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch]
«CustomizeSearch»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
«SearchAssistant»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain]
«Local Page»=C:WINDOWSsystem32blank.htm
«Page_Transitions»=
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://my.webalta.ru

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0

[HKEY_USERS.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain]
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0

[HKEY_USERSS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain]
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERSS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0

[HKEY_USERSS-1-5-19SOFTWAREMicrosoftInternet ExplorerMain]
«Start Page»=http://www.kornet.ru

[HKEY_USERSS-1-5-19SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0

[HKEY_USERSS-1-5-20SOFTWAREMicrosoftInternet ExplorerMain]
«Start Page»=http://www.kornet.ru

[HKEY_USERSS-1-5-20SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SOFTWAREMicrosoftInternet ExplorerMain]
«Local Page»=C:WINDOWSsystem32blank.htm
«Page_Transitions»=
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://my.webalta.ru

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32ieframe.dll (Microsoft Corporation)

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0

========== (O1) Hosts File ==========

HOSTS File = (0 bytes) — C:WINDOWSSystem32driversetcHosts
First 25 entries…

========== (O2) BHO’s ==========

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]
{0347C33E-8762-4905-BF09-768834316C61} (HKLM) — C:Program FilesHPSmart Web Printinghpswp_printenhancer.dll (Hewlett-Packard Co.)
{053F9267-DC04-4294-A72C-58F732D338C0} (HKLM) — C:Program FilesHPSmart Web Printinghpswp_framework.dll (Hewlett-Packard Co.)
{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5} (HKLM) — C:Program FilesWebaltaWebaltaAdsHunter.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) — C:Program FilesJavajre1.6.0_06binssv.dll (Sun Microsystems, Inc.)
{9961627E-4059-41B4-8E0E-A7D6B3854ADF} (HKLM) — C:Program FilesDownload Masterdmiehlp.dll (WestByte)
{AA58ED58-01DD-4D91-8333-CF10577473F7} (HKLM) — C:Documents and SettingsAdminGooglegoogletoolbar1.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolBar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}» (HKLM) — C:Program FilesYandexYandexBarIEyndbar.dll (ООО «ЯНДЕКС»)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolBar]
«{D4C56A33-3488-495B-8033-9BF834E276D8}» (HKLM) — C:Program FilesWebaltaWebaltatoolbar.dll ()

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}» (HKLM) — C:Program FilesYandexYandexBarIEyndbar.dll (ООО «ЯНДЕКС»)

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{FE063DB9-4EC0-403E-8DD8-394C54984B2C}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}» (HKLM) — C:Program FilesYandexYandexBarIEyndbar.dll (ООО «ЯНДЕКС»)

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{FE063DB9-4EC0-403E-8DD8-394C54984B2C}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=C:Program FilesAmlMapleAmlMaple.exe (G&G Software, Moscow State University)
«Google Desktop Search»=»C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup (Google)
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe (Hewlett-Packard Co.)
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe (Nero AG)
«NevoDRM»=»C:Program FilesИгрыNevoDRMNevoDRM.exe» ()
«nod32kui»=»C:Program FilesEsetnod32kui.exe» /WAITSERVICE (Eset )
«Outpost Firewall»=C:Program FilesAgnitumOutpost Firewalloutpost.exe /waitservice (Agnitum Ltd.)
«OutpostFeedBack»=C:Program FilesAgnitumOutpost Firewallfeedback.exe /dump:os_startup (Agnitum Ltd.)
«RTHDCPL»=RTHDCPL.EXE (Realtek Semiconductor Corp.)

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»C:Program FilesCommon FilesAheadLibNMBgMonitor.exe» (Nero AG)
«Download Master»=C:Program FilesDownload Masterdmaster.exe -autorun (WestByte)
«Google Update»=»C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c (Google Inc.)
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe ()
«Yupdate!»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe» (ООО «ЯНДЕКС»)

[HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe ()

[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe ()

[HKEY_USERSS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe ()

[HKEY_USERSS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe ()

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»C:Program FilesCommon FilesAheadLibNMBgMonitor.exe» (Nero AG)
«Download Master»=C:Program FilesDownload Masterdmaster.exe -autorun (WestByte)
«Google Update»=»C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c (Google Inc.)
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe ()
«Yupdate!»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe» (ООО «ЯНДЕКС»)

========== (O4) RunOnce Keys ==========

[HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=regsvr32 /s /n /i:u shell32 (Корпорация Майкрософт)
«IE7_012″=rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (Microsoft Corporation)
«ZZZZ2_FirstLogonSetting»=%SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (Microsoft Corporation)

[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=regsvr32 /s /n /i:u shell32 (Корпорация Майкрософт)
«IE7_012″=rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (Microsoft Corporation)
«ZZZZ2_FirstLogonSetting»=%SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (Microsoft Corporation)

[HKEY_USERSS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=regsvr32 /s /n /i:u shell32 (Корпорация Майкрософт)
«IE7_012″=rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (Microsoft Corporation)
«ZZZZ1_FirstLogonSetting»=%SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (Microsoft Corporation)
«ZZZZ2_FirstLogonSetting»=%SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (Microsoft Corporation)

[HKEY_USERSS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=regsvr32 /s /n /i:u shell32 (Корпорация Майкрософт)
«IE7_012″=rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (Microsoft Corporation)
«ZZZZ1_FirstLogonSetting»=%SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (Microsoft Corporation)
«ZZZZ2_FirstLogonSetting»=%SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2007.03.11 19:26:24 | 00,210,520 | —- | M] (Hewlett-Packard Co.) — C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаHP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINESoftwarepoliciesmicrosoftinternet explorer]
«Windows Update Menu Text»=Microsoft Update

[HKEY_LOCAL_MACHINESoftwarepoliciesmicrosoftinternet explorerLow RightsElevationPolicy{C1CF2700-A252-41F3-802B-3B202BFC5A98}]
«AppPath»=C:Program FilesCommon FilesYandexYupdate — [2008.11.08 16:04:42 | 00,000,000 | —D | M]
«AppName»=yupdate.exe
«Policy»=3

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=227
«NoDrives»=0
«NoDriveAutoRun»=67108863

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith»=1
«DisableRegistryTools»=0
«HideLegacyLogonScripts»=0
«HideLogoffScripts»=0
«RunLogonScriptSync»=1
«RunStartupScriptSync»=0
«HideStartupScripts»=0

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoSharedDocuments»=1
«NoLowDiskSpaceChecks»=1
«NoRecentDocsMenu»=01 00 00 00 [binary data]
«NoSMConfigurePrograms»=1
«NoDrives»=0

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«HideLegacyLogonScripts»=0
«HideLogoffScripts»=0
«HideStartupScripts»=0
«RunLogonScriptSync»=1
«RunStartupScriptSync»=0
«DisableRegistryTools»=0

[HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoSharedDocuments»=1
«NoLowDiskSpaceChecks»=1
«NoRecentDocsMenu»=01 00 00 00 [binary data]
«NoSMConfigurePrograms»=1

[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoSharedDocuments»=1
«NoLowDiskSpaceChecks»=1
«NoRecentDocsMenu»=01 00 00 00 [binary data]
«NoSMConfigurePrograms»=1

[HKEY_USERSS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoLowDiskSpaceChecks»=1
«NoRecentDocsMenu»=01 00 00 00 [binary data]
«NoSMConfigurePrograms»=1

[HKEY_USERSS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoLowDiskSpaceChecks»=1
«NoRecentDocsMenu»=01 00 00 00 [binary data]
«NoSMConfigurePrograms»=1

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoSharedDocuments»=1
«NoLowDiskSpaceChecks»=1
«NoRecentDocsMenu»=01 00 00 00 [binary data]
«NoSMConfigurePrograms»=1
«NoDrives»=0

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«HideLegacyLogonScripts»=0
«HideLogoffScripts»=0
«HideStartupScripts»=0
«RunLogonScriptSync»=1
«RunStartupScriptSync»=0
«DisableRegistryTools»=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:Program FilesMicrosoft OfficeOffice12EXCEL.EXE [2006.10.27 13:07:36 | 17,891,112 | —- | M] (Microsoft Corporation)
Webalta — Добавить в Анти-Баннер: C:Program FilesWebaltaextentionswebalta_antiban.htm [2008.09.30 04:16:52 | 00,001,045 | —- | M] ()
Закачать ВСЕ при помощи Download Master: C:Program FilesDownload Masterdmieall.htm [2002.12.02 12:07:00 | 00,000,556 | —- | M] ()
Закачать при помощи Download Master: C:Program FilesDownload Masterdmie.htm [2002.10.11 07:01:56 | 00,001,039 | —- | M] ()

[HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMenuExt]
Webalta — Добавить в Анти-Баннер: C:Program FilesWebaltaextentionswebalta_antiban.htm [2008.09.30 04:16:52 | 00,001,045 | —- | M] ()

[HKEY_USERSS-1-5-18SoftwareMicrosoftInternet ExplorerMenuExt]
Webalta — Добавить в Анти-Баннер: C:Program FilesWebaltaextentionswebalta_antiban.htm [2008.09.30 04:16:52 | 00,001,045 | —- | M] ()

[HKEY_USERSS-1-5-19SoftwareMicrosoftInternet ExplorerMenuExt]
Webalta — Добавить в Анти-Баннер: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERSS-1-5-20SoftwareMicrosoftInternet ExplorerMenuExt]
Webalta — Добавить в Анти-Баннер: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:Program FilesMicrosoft OfficeOffice12EXCEL.EXE [2006.10.27 13:07:36 | 17,891,112 | —- | M] (Microsoft Corporation)
Webalta — Добавить в Анти-Баннер: C:Program FilesWebaltaextentionswebalta_antiban.htm [2008.09.30 04:16:52 | 00,001,045 | —- | M] ()
Закачать ВСЕ при помощи Download Master: C:Program FilesDownload Masterdmieall.htm [2002.12.02 12:07:00 | 00,000,556 | —- | M] ()
Закачать при помощи Download Master: C:Program FilesDownload Masterdmie.htm [2002.10.11 07:01:56 | 00,001,039 | —- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console — %ProgramFiles%Javajre1.6.0_06binnpjpi160_06.dll [2008.03.25 02:28:01 | 00,132,496 | —- | M] (Sun Microsystems, Inc.)
{44627E97-789B-40d4-B5C2-58BD171129A1}: Button: Быстрая настройка Outpost Firewall Pro — %ProgramFiles%AgnitumOutpost FirewallPluginsBrowserBarie_bar.dll [2006.02.14 14:54:22 | 00,294,978 | —- | M] (Agnitum Ltd.)
{58ECB495-38F0-49cb-A538-10282ABF65E7}: Button: Альбом клипов HP — %ProgramFiles%HPSmart Web Printinghpswp_extensions.dll [2007.03.02 14:53:20 | 00,153,192 | R— | M] (Hewlett-Packard Co.)
{700259D7-1666-479a-93B1-3250410481E8}: Button: Расширенный выбор HP — %ProgramFiles%HPSmart Web Printinghpswp_extensions.dll [2007.03.02 14:53:20 | 00,153,192 | R— | M] (Hewlett-Packard Co.)
{8DAE90AD-4583-4977-9DD4-4360F7A45C74}: Button: Download Master — %ProgramFiles%Download Masterdmaster.exe [2008.01.26 15:30:40 | 03,266,560 | —- | M] (WestByte)
{8DAE90AD-4583-4977-9DD4-4360F7A45C74}: Menu: &Download Master — %ProgramFiles%Download Masterdmaster.exe [2008.01.26 15:30:40 | 03,266,560 | —- | M] (WestByte)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research — %ProgramFiles%Microsoft OfficeOffice12REFIEBAR.DLL [2006.10.26 18:12:22 | 00,040,424 | —- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerPlugins]
PluginsPage: «» = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: «» = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLDefaultPrefix]
«»=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab — Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab — Java Plug-in 1.6.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab — Java Plug-in 1.6.0_06

========== (O17) DNS Name Servers ==========

{1D8EBE54-30C2-47D6-8541-842682073224} (Servers: | Description: )
{2729C846-E804-4E23-AEF5-82B14538E173} (Servers: 195.230.99.6 | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{5640CE4C-C658-48EE-A1FD-DC7C0458BAF1} (Servers: | Description: Atheros AR5007EG Wireless Network Adapter)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
«Shell»=Explorer.exe
>[2008.05.20 17:53:38 | 01,721,344 | —- | M] (Корпорация Майкрософт) — C:WINDOWSexplorer.exe

«UserInit»=C:WINDOWSsystem32userinit.exe,
>[2008.04.15 14:00:00 | 00,026,624 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32userinit.exe

«UIHost»=logonui.exe
>[2008.05.20 17:53:51 | 06,455,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32logonui.exe

«VMApplet»=rundll32 shell32,Control_RunDLL «sysdm.cpl»
>[2008.05.20 17:54:45 | 26,688,512 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32shell32.dll
>[2008.05.20 17:54:52 | 00,340,992 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sysdm.cpl

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify]
AtiExtEvent: «DllName» = Ati2evxx.dll — C:WINDOWSsystem32ati2evxx.dll (ATI Technologies Inc.)
crypt32chain: «DllName» = crypt32.dll — C:WINDOWSsystem32crypt32.dll (Корпорация Майкрософт)
cscdll: «DllName» = cscdll.dll — C:WINDOWSsystem32cscdll.dll (Корпорация Майкрософт)
ScCertProp: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
Schedule: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
sclgntfy: «DllName» = sclgntfy.dll — C:WINDOWSsystem32sclgntfy.dll (Корпорация Майкрософт)
SensLogn: «DllName» = WlNotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
termsrv: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
wlballoon: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«CDBurn»={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«PostBootReminder»={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«SysTray»={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) — C:WINDOWSsystem32stobject.dll (Корпорация Майкрософт)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{438755C2-A8BA-11D1-B96B-00A0C90312E1}» (HKLM) = Предзагрузчик Browseui — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{8C7461EF-2B13-11d2-BE35-3078302C2030}» (HKLM) = Демон кэша категорий компонентов — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>[2008.04.15 14:00:00 | 00,068,608 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32digest.dll
>[2008.04.15 14:00:00 | 00,290,816 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32msnsspc.dll

========== Safeboot Options ==========

«AlternateShell»=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCdrom]
«AutoRun» = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008.09.23 11:23:00 | 00,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ NTFS ]

========== Files/Folders — Created Within 30 Days ==========

[3 C:WINDOWS*.tmp files]
[2008.11.24 19:52:24 | 00,422,400 | —- | C] (OldTimer Tools) — C:Documents and SettingsAdminРабочий столOTViewIt.exe
[2008.11.24 01:39:59 | 52,103,480 | —- | C] () — C:Documents and SettingsAdminРабочий столSMS.avi
[2008.11.23 20:45:45 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataGaijin Ent
[2008.11.23 20:45:34 | 00,001,741 | —- | C] () — C:Documents and SettingsAdminРабочий столMystery Cookbook.lnk
[2008.11.23 19:13:55 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataMeridian93
[2008.11.23 19:13:38 | 00,001,713 | —- | C] () — C:Documents and SettingsAdminРабочий столUnicorn Castle.lnk
[2008.11.23 19:12:31 | 20,107,770 | —- | C] () — C:Documents and SettingsAdminРабочий столmystery_cookbook_39784_rus.exe
[2008.11.23 18:48:45 | 37,523,502 | —- | C] () — C:Documents and SettingsAdminРабочий столunicorn_castle_39784_rus.exe
[2008.11.22 16:07:09 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataPlayrix Entertainment
[2008.11.21 22:36:43 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataEscapeTheMuseum
[2008.11.21 22:36:33 | 00,001,665 | —- | C] () — C:Documents and SettingsAdminРабочий столИгры.lnk
[2008.11.21 21:03:35 | 00,000,000 | —D | C] — C:Documents and SettingsAdminМои документыAlawar
[2008.11.18 22:54:38 | 00,009,904 | —- | C] () — C:Documents and SettingsAdminРабочий столЛист Microsoft Office Excel.xlsx
[2008.11.13 22:19:23 | 00,000,000 | -HSD | C] — C:RECYCLER
[2008.11.13 20:37:15 | 00,000,000 | —D | C] — C:WINDOWStemp
[2008.11.13 13:56:54 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataGames
[2008.11.13 12:57:23 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataFriday’s games
[2008.11.10 20:12:41 | 00,000,000 | —D | C] — C:WINDOWSERDNT
[2008.11.09 21:15:48 | 00,000,000 | —D | C] — C:Program FilesTrend Micro
[2008.11.09 20:53:11 | 00,102,664 | —- | C] (Trend Micro Inc.) — C:WINDOWSSystem32driverstmcomm.sys
[2008.11.09 10:31:02 | 00,000,632 | —- | C] () — C:settings.dat
[2008.11.09 02:12:48 | 00,000,000 | —D | C] — C:Documents and SettingsAdminМои документыНовая папка
[2008.11.08 21:26:28 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataBeezzle
[2008.11.08 16:04:42 | 00,000,000 | —D | C] — C:Program FilesCommon FilesYandex
[2008.11.08 16:04:42 | 00,000,000 | —D | C] — C:Documents and SettingsAdminLocal SettingsApplication DataYandex
[2008.11.08 16:04:42 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataYandex
[2008.11.08 16:04:41 | 00,000,000 | —D | C] — C:Program FilesYandex
[2008.11.08 04:38:09 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataLegends of pirates
[2008.11.02 17:49:33 | 00,000,000 | —D | C] — C:Program FilesNevoSoft
[2008.11.02 17:39:12 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataWebalta
[2008.11.02 17:39:11 | 00,000,000 | —D | C] — C:Program FilesWebalta
[2008.11.02 16:33:10 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataMagic Academy
[2008.11.02 16:33:04 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataTemp App Data
[2008.11.02 00:32:31 | 00,000,000 | —D | C] — C:Documents and SettingsAdminLocal SettingsApplication DataMyCentria
[2008.11.01 23:32:13 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataChristmasville
[2008.11.01 20:49:36 | 00,000,000 | —D | C] — C:Program FilesИгры от NevoSoft
[2008.11.01 17:44:10 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataAstar Games
[2008.11.01 12:44:00 | 00,000,000 | —D | C] — C:Program FilesMyCentria
[2008.10.27 09:25:22 | 06,666,584 | —- | C] (Mozilla) — C:Documents and SettingsAdminРабочий столFirefox Setup 2.0.0.14.exe
[2008.10.26 21:27:22 | 00,000,000 | —D | C] — C:Documents and SettingsAdminApplication DataQIP
[2008.10.26 16:14:25 | 00,000,155 | —- | C] () — C:WINDOWSSystem32imon1.dat

========== Files — Modified Within 30 Days ==========

[1 C:WINDOWSSystem32*.tmp files]
[3 C:WINDOWS*.tmp files]
[2008.11.24 19:52:47 | 00,422,400 | —- | M] (OldTimer Tools) — C:Documents and SettingsAdminРабочий столOTViewIt.exe
[2008.11.24 19:39:04 | 00,000,154 | —- | M] () — C:WINDOWSODBC.INI
[2008.11.24 19:38:58 | 00,000,049 | —- | M] () — C:WINDOWStransp.gif
[2008.11.24 19:38:43 | 00,000,006 | -H— | M] () — C:WINDOWStasksSA.DAT
[2008.11.24 19:38:35 | 00,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
[2008.11.24 19:38:29 | 18,771,27168 | -HS- | M] () — C:hiberfil.sys
[2008.11.24 03:39:49 | 04,814,852 | -H— | M] () — C:Documents and SettingsAdminLocal SettingsApplication DataIconCache.db
[2008.11.24 03:21:22 | 00,000,000 | —- | M] () — C:WINDOWSSystem32driversetchosts
[2008.11.24 02:18:18 | 00,013,312 | —- | M] () — C:Documents and SettingsAdminLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.24 02:10:42 | 00,000,116 | —- | M] () — C:WINDOWSNeroDigital.ini
[2008.11.24 02:08:14 | 52,103,480 | —- | M] () — C:Documents and SettingsAdminРабочий столSMS.avi
[2008.11.23 20:45:34 | 00,001,741 | —- | M] () — C:Documents and SettingsAdminРабочий столMystery Cookbook.lnk
[2008.11.23 19:24:26 | 20,107,770 | —- | M] () — C:Documents and SettingsAdminРабочий столmystery_cookbook_39784_rus.exe
[2008.11.23 19:13:38 | 00,001,713 | —- | M] () — C:Documents and SettingsAdminРабочий столUnicorn Castle.lnk
[2008.11.23 19:09:17 | 37,523,502 | —- | M] () — C:Documents and SettingsAdminРабочий столunicorn_castle_39784_rus.exe
[2008.11.22 17:24:53 | 00,001,665 | —- | M] () — C:Documents and SettingsAdminРабочий столИгры.lnk
[2008.11.21 03:26:23 | 00,002,206 | —- | M] () — C:WINDOWSSystem32wpa.dbl
[2008.11.18 22:54:38 | 00,009,904 | —- | M] () — C:Documents and SettingsAdminРабочий столЛист Microsoft Office Excel.xlsx
[2008.11.14 05:46:08 | 00,000,155 | —- | M] () — C:WINDOWSSystem32imon1.dat
[2008.11.13 23:30:21 | 00,000,632 | —- | M] () — C:settings.dat
[2008.11.13 20:36:30 | 00,000,227 | —- | M] () — C:WINDOWSsystem.ini
[2008.11.09 20:47:23 | 00,102,664 | —- | M] (Trend Micro Inc.) — C:WINDOWSSystem32driverstmcomm.sys
[2008.11.09 02:36:56 | 00,452,014 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2008.11.09 02:36:56 | 00,409,566 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2008.11.09 02:36:56 | 00,077,934 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2008.11.09 02:36:56 | 00,064,706 | —- | M] () — C:WINDOWSSystem32perfc009.dat
[2008.10.27 09:26:34 | 06,666,584 | —- | M] (Mozilla) — C:Documents and SettingsAdminРабочий столFirefox Setup 2.0.0.14.exe
[2008.10.26 09:18:27 | 01,050,100 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
< End of report >
24 ноября, 2008 в 6:11 пп в ответ на: Просканировал с помощью Hijack This #19678
aquapa9
Participant
- Темы:1
- Сообщений:19
OTViewIt Extras logfile created on: 24.11.2008 19:53:45 — Run
OTViewIt by OldTimer — Version 1.0.20.0 Folder = C:Documents and SettingsAdminРабочий стол
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000422 | Country: Украина | Language: UKR | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 68,81% Memory free
3,60 Gb Paging File | 3,21 Gb Available in Paging File | 89,23% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 27,16 Gb Total Space | 15,45 Gb Free Space | 56,90% Space Free | Partition Type: NTFS
Drive D: | 84,62 Gb Total Space | 68,30 Gb Free Space | 80,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOF-311F14
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses]
.html [@ = Reg Error: Value does not exist or could not be read.] — Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«FirstRunDisabled»=1
«FirewallDisableNotify»=0
«FirewallOverride»=1
«UpdatesDisableNotify»=1
«UpdatesOverride»=1
«AntiVirusDisableNotify»=1
«AntiVirusOverride»=1
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile
«EnableFirewall»=0
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplications]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
[2008.04.15 14:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008.04.15 14:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
[2008.04.15 14:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008.04.15 14:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008.04.23 15:45:34 | 22,058,792 | R— | M] (Skype Technologies S.A.) — C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinSock2Parameters]
NameSpace_Catalog5Catalog_Entries00000000001 [TCP/IP] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
NameSpace_Catalog5Catalog_Entries00000000003 [Пространство имен службы сетевого расположения (NLA)] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries00000000001 — File not found
Protocol_Catalog9Catalog_Entries00000000002 — File not found
Protocol_Catalog9Catalog_Entries00000000003 — File not found
Protocol_Catalog9Catalog_Entries00000000004 — File not found
Protocol_Catalog9Catalog_Entries00000000005 — File not found
Protocol_Catalog9Catalog_Entries00000000006 — File not found
Protocol_Catalog9Catalog_Entries00000000007 — File not found
Protocol_Catalog9Catalog_Entries00000000008 — File not found
Protocol_Catalog9Catalog_Entries00000000009 — File not found
Protocol_Catalog9Catalog_Entries00000000010 — File not found
Protocol_Catalog9Catalog_Entries00000000011 — File not found
Protocol_Catalog9Catalog_Entries00000000012 — File not found
Protocol_Catalog9Catalog_Entries00000000013 — File not found
Protocol_Catalog9Catalog_Entries00000000014 — File not found
Protocol_Catalog9Catalog_Entries00000000015 — File not found
Protocol_Catalog9Catalog_Entries00000000016 — File not found
Protocol_Catalog9Catalog_Entries00000000017 — File not found
Protocol_Catalog9Catalog_Entries00000000018 — File not found
Protocol_Catalog9Catalog_Entries00000000019 — File not found
Protocol_Catalog9Catalog_Entries00000000020 — File not found
Protocol_Catalog9Catalog_Entries00000000021 — File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2008.04.15 14:00:00 | 01,431,552 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: подключаемый протокол])

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
ipp: [HKLM — No CLSID value]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
msdaipp: [HKLM — No CLSID value]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaippoledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2006.10.26 11:45:02 | 00,873,216 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2008.04.15 14:00:00 | 01,431,552 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [ТВ: подключаемый протокол])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2008.05.20 17:54:45 | 26,688,512 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2006.10.26 19:41:48 | 00,044,344 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{10E1E87C-656C-4D08-86D6-5443D28583BE}»=TrayApp
«{13F00518-807A-4B3A-83B0-A7CD90F3A398}»=MarketResearch
«{1753255A-0AEB-4220-8C75-607B73F0C133}»=Copy
«{22466889-7642-488d-AA0E-F619704CF7AB}»=DeviceDiscovery
«{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}»=WebReg
«{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}»=Microsoft .NET Framework 1.1 Russian Language Pack
«{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}»=Scan
«{3248F0A8-6813-11D6-A77B-00B0D0160060}»=Java(TM) 6 Update 6
«{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}»=WebFldrs XP
«{415CDA53-9100-476F-A7B2-476691E117C7}»=HP Smart Web Printing
«{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}»=HPSSupply
«{543E938C-BDC4-4933-A612-01293996845F}»=UnloadSupport
«{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}»=eSupportQFolder
«{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}»=CustomerResearchQFolder
«{824D3839-DAA1-4315-A822-7AE3E620E528}»=VideoToolkit01
«{8389382B-53BA-4A87-8854-91E3D80A5AC7}»=HP Photosmart Essential2.01
«{90120000-0010-0419-0000-0000000FF1CE}»=Microsoft Software Update for Web Folders (Russian) 12
«{90120000-0016-0000-0000-0000000FF1CE}»=Microsoft Office Excel 2007
«{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}»=
«{90120000-0016-0419-0000-0000000FF1CE}»=Microsoft Office Excel MUI (Russian) 2007
«{90120000-001A-0000-0000-0000000FF1CE}»=Microsoft Office Outlook 2007
«{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{2A33A0C2-2B09-446E-9022-1508A85ECD2D}»=
«{90120000-001A-0419-0000-0000000FF1CE}»=Microsoft Office Outlook MUI (Russian) 2007
«{90120000-001B-0000-0000-0000000FF1CE}»=Microsoft Office Word 2007
«{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3520B304-0EF8-475D-8C52-47ABCCC75FC6}»=
«{90120000-001B-0419-0000-0000000FF1CE}»=Microsoft Office Word MUI (Russian) 2007
«{90120000-001F-0407-0000-0000000FF1CE}»=Microsoft Office Proof (German) 2007
«{90120000-001F-0409-0000-0000000FF1CE}»=Microsoft Office Proof (English) 2007
«{90120000-001F-0419-0000-0000000FF1CE}»=Microsoft Office Proof (Russian) 2007
«{90120000-001F-0422-0000-0000000FF1CE}»=Microsoft Office Proof (Ukrainian) 2007
«{90120000-002C-0419-0000-0000000FF1CE}»=Microsoft Office Proofing (Russian) 2007
«{90120000-006E-0419-0000-0000000FF1CE}»=Microsoft Office Shared MUI (Russian) 2007
«{9C395AAF-F3DB-FA42-2ADF-9CC22B281049}»=Nero 7 Premium
«{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}»=Сократ Персональный 4.1
«{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}»=HP Update
«{AB5D51AE-EBC3-438D-872C-705C7C2084B0}»=DeviceManagementQFolder
«{AEA07F97-9088-497c-8821-0F36BD5DC251}»=HPProductAssistant
«{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}»=AIO_Scan
«{B4F35A00-24FD-4fb3-BF5E-413D5423434D}»=DJ_AIO_Software_min
«{B508B3F1-A24A-32C0-B310-85786919EF28}»=Microsoft .NET Framework 2.0 Service Pack 1
«{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}»=SolutionCenter
«{C1920D73-7374-49d9-8C37-58A6E49078A5}»=F2100_Help
«{C5EF81AC-FE4C-4157-97E3-2E08B000742A}»=F2100_doccd
«{CA50045C-5119-48e7-9BA7-6B317379857A}»=DJ_AIO_Software
«{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}»=Microsoft .NET Framework 1.1
«{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}»=Destination Component
«{E2662C24-B31E-4349-A084-32EB76E8B760}»=BufferChm
«{E548726E-F4E8-459f-BAB8-45551BC071E9}»=DJ_AIO_ProductContext
«{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}»=Toolbox
«{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}»=Realtek High Definition Audio Driver
«{F1C409F0-8322-4c87-BD08-2F62777D490D}»=F2100
«{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}»=32 Bit HP CIO Components Installer
«{F4D0F248-2BF7-4912-814E-4FD751923838}»=Microsoft .NET Framework 2.0 Language Pack — RUS
«{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}»=Atheros WLAN Client
«{F72E2DDC-3DB8-4190-A21D-63883D955FE7}»=PSSWCORE
«{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}»=HP Deskjet All-In-One Software 9.0
«{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}»=Status
«4_elements»=NevoSoft 4 Elements (remove only)
«Adobe Flash Player ActiveX»=Adobe Flash Player ActiveX
«Adobe Flash Player Plugin»=Adobe Flash Player 10 Plugin
«Adventure Match_is1″=Adventure Match
«Agnitum Outpost Firewall Pro_is1″=Agnitum Outpost Firewall Pro
«AIMP2″=AIMP2
«Amazing Jigsaw_is1″=Amazing Jigsaw
«AmlMaple_addon»=AmlMaple
«atelier»=NevoSoft Atelier (remove only)
«ATI Display Driver»=ATI Display Driver
«beach_party_craze»=NevoSoft Beach Party Craze (remove only)
«cake_mania»=NevoSoft Cake Mania (remove only)
«christmasville»=NevoSoft Christmasville (remove only)
«detective_stories»=NevoSoft Detective Stories (remove only)
«Download Master_is1″=Download Master 5.5.3.1131
«escape_the_museum»=NevoSoft Escape The Museum (remove only)
«EXCEL»=Microsoft Office Excel 2007
«farm_frenzy»=NevoSoft Farm Frenzy (remove only)
«farmcraft»=NevoSoft FarmCraft (remove only)
«Foxit Reader»=Foxit Reader
«Google Desktop»=Google Desktop
«HP Imaging Device Functions»=HP Imaging Device Functions 9.0
«HP Photosmart Essential»=HP Photosmart Essential 2.01
«HP Solution Center & Imaging Support Tools»=HP Solution Center 9.0
«HPExtendedCapabilities»=HP Customer Participation Program 9.0
«jigsaw_world»=NevoSoft Jigsaw World (remove only)
«KLiteCodecPack_is1″=K-Lite Mega Codec Pack 3.9.0
«lara_johns»=NevoSoft Lara Johns (remove only)
«legends_of_pirates»=NevoSoft Legends of Pirates (remove only)
«Magic Crystals_is1″=Magic Crystals
«magic_academy»=NevoSoft Magic Academy (remove only)
«Mahjong Infinity 2_is1″=Mahjong Infinity 2
«Microsoft .NET Framework 1.1 (1033)»=Microsoft .NET Framework 1.1
«Mozilla Firefox (3.0.4)»=Mozilla Firefox (3.0.4)
«mushroom_age»=NevoSoft Mushroom Age (remove only)
«MyCentria»=Интернет помощник MyCentria
«mystery_cookbook»=NevoSoft Mystery Cookbook (remove only)
«NOD32″=Антивирусная система NOD32
«OUTLOOK»=Microsoft Office Outlook 2007
«Paint.NET_addon»=Paint.NET v3.31
«Pearl Hunter_is1″=Pearl Hunter
«posh_shop_2″=NevoSoft Posh Shop 2 (remove only)
«poshshop»=NevoSoft PoshShop (remove only)
«pyramid_runner»=NevoSoft Pyramid Runner (remove only)
«QIP Infium_is1″=QIP Infium 1.0.9008 RC1
«Skype»=Skype
«The KMPlayer»=The KMPlayer
«Tomb Of Giza_is1″=Tomb Of Giza
«Total Commander»=Total Commander
«unicorn_castle»=NevoSoft Unicorn Castle (remove only)
«Vista Drive Icon_addon»=Vista Drive Icon
«Vista Games»=Vista Games 1.3 XP
«wedding_dash»=NevoSoft Wedding Dash (remove only)
«Windows Sidebar»=Боковая панель Windows
«WinRAR archiver»=Архиватор WinRAR
«WORD»=Microsoft Office Word 2007
«Веселая ферма»=Веселая ферма
«Веселая ферма II»=Веселая ферма II
«Луксор»=Луксор
«Модный бутик 2. Эксклюзив»=Модный бутик 2. Эксклюзив
«Натали Брукс. Тайна наследства»=Натали Брукс. Тайна наследства
«Панель инструментов Webalta_is1″=Панель инструментов Webalta 1.0
«Пляжный переполох»=Пляжный переполох
«Помощники для зверюшек»=Помощники для зверюшек
«Пчеловоломка»=Пчеловоломка
«Солнечная ферма»=Солнечная ферма
«Шерлок Холмс. Тайна персидского ковра»=Шерлок Холмс. Тайна персидского ковра
«Яндекс.Бар для Internet Explorer_is1″=Яндекс.Бар для Internet Explorer 3.5.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«Google Chrome»=Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«Google Chrome»=Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]
Error — 16.10.2008 2:39:17 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034
Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
(раз): 1.

Error — 16.10.2008 15:59:53 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034
Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
(раз): 1.

Error — 17.10.2008 15:37:59 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034
Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
(раз): 1.

< End of report >

ComboFix 08-11-23.02 — Admin 2008-11-24 20:03:02.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1268 [GMT 2:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-23 20:45 . 2008-11-23 20:45
d

c:documents and settingsAdminApplication DataGaijin Ent
2008-11-23 19:13 . 2008-11-23 19:13 d

c:documents and settingsAdminApplication DataMeridian93
2008-11-22 16:07 . 2008-11-22 16:07 d

c:documents and settingsAll UsersApplication DataPlayrix Entertainment
2008-11-21 22:36 . 2008-11-21 22:36 d

c:documents and settingsAll UsersApplication DataEscapeTheMuseum
2008-11-13 20:52 . 2008-11-13 20:52 d

c:documents and settingsLocalServiceApplication DataWebalta
2008-11-13 13:56 . 2008-11-13 13:56 d

c:documents and settingsAdminApplication DataGames
2008-11-13 12:57 . 2008-11-13 12:57 d

c:documents and settingsAll UsersApplication DataFriday’s games
2008-11-09 21:15 . 2008-11-09 21:15 d

c:program filesTrend Micro
2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a

c:windowssystem32driverstmcomm.sys
2008-11-09 20:46 . 2008-11-09 20:55 d

c:documents and settingsAdmin.housecall6.6
2008-11-09 10:31 . 2008-11-13 23:30 632 —a

C:settings.dat
2008-11-08 21:26 . 2008-11-08 21:26 d

c:documents and settingsAdminApplication DataBeezzle
2008-11-08 20:56 . 2008-11-08 20:56 d

c:documents and settingsAdminApplication DataBeachPartyCraze
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesCommon FilesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:documents and settingsAdminApplication DataYandex
2008-11-08 04:38 . 2008-11-08 04:50 d

c:documents and settingsAdminApplication DataLegends of pirates
2008-11-02 17:49 . 2008-11-02 17:49 d

c:program filesNevoSoft
2008-11-02 17:39 . 2008-11-24 19:41 d

c:program filesWebalta
2008-11-02 17:39 . 2008-11-02 17:39 d

c:documents and settingsAdminApplication DataWebalta
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataTemp App Data
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataMagic Academy
2008-11-01 23:32 . 2008-11-01 23:32 d

c:documents and settingsAll UsersApplication DataChristmasville
2008-11-01 20:49 . 2008-11-08 22:13 d

c:program filesИгры от NevoSoft
2008-11-01 17:44 . 2008-11-01 17:44 d

c:documents and settingsAll UsersApplication DataAstar Games
2008-11-01 12:44 . 2008-11-01 12:44 d

c:program filesMyCentria
2008-10-26 21:27 . 2008-10-26 21:27 d

c:documents and settingsAdminApplication DataQIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 18:45

d

w c:program filesИгры
2008-11-22 18:42

d

w c:program filesAIMP2
2008-11-21 19:02

d

w c:program filesAlawar.ru
2008-11-11 21:18

d

w c:documents and settingsAdminApplication DataSkype
2008-11-10 18:18

d

w c:program filesGoogle
2008-11-08 19:26

d

w c:documents and settingsAll UsersApplication DataAlawarWrapper
2008-11-06 23:01

d

w c:program filesESET
2008-10-29 17:40

d

w c:program filesFreeGamePick.com
2008-10-23 13:41

d

w c:documents and settingsAdminApplication DataAhead
2008-10-20 16:15

d

w c:program filesCommon FilesAhead
2008-10-20 16:13

d

w c:program filesNero
2008-10-20 16:06

d

w c:program filesAhead
2008-10-18 09:29

d

w c:documents and settingsAll UsersApplication DataSandlot Games
2008-10-18 07:15

d

w c:documents and settingsAll UsersApplication DataPlayFirst
2008-10-18 07:15

d

w c:documents and settingsAdminApplication DataPlayFirst
2008-10-14 16:53

d

w c:documents and settingsAdminApplication DataWindows Search
2008-10-14 16:51

d

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-14 16:48

d

w c:program filesWindows Desktop Search
2008-10-11 20:07

d

w c:documents and settingsAdminApplication DataMy Games
2008-10-11 19:07

d

w c:documents and settingsAll UsersApplication DataNevoSoft Games
2008-10-09 15:44

d

w c:program filesMyRealGames.com
2008-10-08 09:07

d

w c:documents and settingsAll UsersApplication DataAlawar Stargaze
2008-10-06 19:34

d

w c:program filesAskTBar
2008-10-05 05:59

d

w c:documents and settingsAll UsersApplication DataВеселаяФерма2
2008-10-02 09:39

d

w c:program filesThe KMPlayer
2008-09-28 11:33

d

w c:documents and settingsAdminApplication Datacerasus.media
2008-09-27 10:47

d

w c:documents and settingsAll UsersApplication DataEgoset
2008-09-26 17:43

d

w c:documents and settingsAdminApplication DataHPAppData
2008-09-25 13:58

d

w c:documents and settingsAdminApplication DataHP
2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}]
2008-11-13 20:52 738306 —a

c:progra~1WebaltaWEBALT~2.DLL

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]
«{D4C56A33-3488-495B-8033-9BF834E276D8}»= «c:progra~1WebaltaWEBALT~1.DLL» [2008-11-13 1693186]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
«Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
«Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
«NevoDRM»=»c:program filesИгрыNevoDRMNevoDRM.exe» [2008-07-29 201728]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

S2 WebaltaController;Webalta Controller;»c:program filesWebaltaWebaltaUpdaterService.exe» -service [14.10.2008 15:16:00 97794]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [23.09.2008 12:02:41 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??c:program filesAgnitumOutpost FirewallkernelARP.DLL [23.09.2008 12:02:41 17440]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [23.09.2008 12:02:41 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [23.09.2008 12:02:41 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [23.09.2008 12:02:41 9024]
S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [22.10.2008 20:46:09 30192]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [23.09.2008 12:02:41 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [23.09.2008 12:02:41 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [23.09.2008 12:02:41 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [23.09.2008 12:02:41 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [23.09.2008 12:02:41 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [23.09.2008 12:02:41 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [23.09.2008 12:02:41 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [23.09.2008 12:02:41 9696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar]
c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
«c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
«c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
.
Contents of the ‘Scheduled Tasks’ folder

2008-11-23 c:windowsTasksGoogleUpdateTaskUser.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
.
.

Supplementary Scan

.
FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles4gnh65qv.default
FF -: plugin — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.27npGoogleOneClick6.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 20:04:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(728)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll

— — — — — — — > ‘lsass.exe'(784)
c:windowssystem32SETUPAPI.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2008-11-24 20:05:00
ComboFix-quarantined-files.txt 2008-11-24 18:04:41
ComboFix2.txt 2008-11-13 18:37:14

Pre-Run: 16 525 176 832 байт свободно
Post-Run: 16,842,780,672 байт свободно

194
23 ноября, 2008 в 8:55 пп в ответ на: Просканировал с помощью Hijack This #19676
aquapa9
Participant
- Темы:1
- Сообщений:19
Предоставляю один из вариантов всплывающих окон…

[картинка удалена]
14 ноября, 2008 в 2:40 дп в ответ на: Просканировал с помощью Hijack This #19674
aquapa9
Participant
- Темы:1
- Сообщений:19
Всплывающие окна одинаковы как в Explorer, так и в Mozilla. Различий нет. Проблема остается той же.
13 ноября, 2008 в 7:02 пп в ответ на: Просканировал с помощью Hijack This #19672
aquapa9
Participant
- Темы:1
- Сообщений:19
Выскакивающие окна Проявляются только в браузерах! Самостоятельно, при работе вне и-нета, они никак не проявляются. Да, еще! Позавчера (уже после первого сканирования Combofix) проводил глубокий анализ (сканирование) C и D дисков по удалению вирусов с помощью NOD32. Был заражен Outpost Firewall Pro и антивирус его удалил. Могу ли я его с и-нета скачать? Или он мне, к примеру, вообще не нужен. Прилагаю новый лог сканирования Combofix: ComboFix 08-11-12.01 — Admin 2008-11-13 20:35:44.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1258 [GMT 2:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-13 13:56 . 2008-11-13 13:56
d

c:documents and settingsAdminApplication DataGames
2008-11-13 12:57 . 2008-11-13 12:57 d

c:documents and settingsAll UsersApplication DataFriday’s games
2008-11-09 21:15 . 2008-11-09 21:15 d

c:program filesTrend Micro
2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a

c:windowssystem32driverstmcomm.sys
2008-11-09 20:46 . 2008-11-09 20:55 d

c:documents and settingsAdmin.housecall6.6
2008-11-09 10:31 . 2008-11-13 11:18 632 —a

C:settings.dat
2008-11-08 21:26 . 2008-11-08 21:26 d

c:documents and settingsAdminApplication DataBeezzle
2008-11-08 20:56 . 2008-11-08 20:56 d

c:documents and settingsAdminApplication DataBeachPartyCraze
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:program filesCommon FilesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

c:documents and settingsAdminApplication DataYandex
2008-11-08 04:38 . 2008-11-08 04:50 d

c:documents and settingsAdminApplication DataLegends of pirates
2008-11-02 17:49 . 2008-11-02 17:49 d

c:program filesNevoSoft
2008-11-02 17:39 . 2008-11-08 22:09 d

c:program filesWebalta
2008-11-02 17:39 . 2008-11-02 17:39 d

c:documents and settingsAdminApplication DataWebalta
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataTemp App Data
2008-11-02 16:33 . 2008-11-02 16:33 d

c:documents and settingsAdminApplication DataMagic Academy
2008-11-01 23:32 . 2008-11-01 23:32 d

c:documents and settingsAll UsersApplication DataChristmasville
2008-11-01 20:49 . 2008-11-08 22:13 d

c:program filesИгры от NevoSoft
2008-11-01 17:44 . 2008-11-01 17:44 d

c:documents and settingsAll UsersApplication DataAstar Games
2008-11-01 12:44 . 2008-11-01 12:44 d

c:program filesMyCentria
2008-10-26 21:27 . 2008-10-26 21:27 d

c:documents and settingsAdminApplication DataQIP
2008-10-20 18:13 . 2008-10-20 18:13 d

c:program filesNero
2008-10-20 18:13 . 2008-10-20 18:15 d

c:program filesCommon FilesAhead
2008-10-20 18:07 . 2008-10-20 18:08 d

c:tempNero-7.2.0.3b_rus_no_yt
2008-10-20 18:07 . 2008-10-20 18:07 d

C:temp
2008-10-20 17:38 . 2008-10-20 20:59 d

C:Downloads
2008-10-18 11:29 . 2008-10-18 11:29 d

c:documents and settingsAll UsersApplication DataSandlot Games
2008-10-18 09:15 . 2008-10-18 09:15 d

c:documents and settingsAll UsersApplication DataPlayFirst
2008-10-18 09:15 . 2008-10-18 09:15 d

c:documents and settingsAdminApplication DataPlayFirst
2008-10-14 18:53 . 2008-10-14 18:53 d

c:documents and settingsAdminApplication DataWindows Search
2008-10-14 18:48 . 2008-10-14 18:48 d

c:windowssystem32GroupPolicy
2008-10-14 18:48 . 2008-10-14 18:48 d

c:program filesWindows Desktop Search
2008-10-14 18:48 . 2007-09-27 10:48 23,856 —a

c:windowssystem32spupdsvc.exe
2008-10-13 22:28 . 2008-11-10 21:52 d

c:documents and settingsAdminGoogle
2008-10-13 22:27 . 2008-11-10 20:18 d

c:program filesGoogle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 11:50

d

w c:program filesAlawar.ru
2008-11-11 21:18

d

w c:documents and settingsAdminApplication DataSkype
2008-11-11 19:02

d

w c:program filesAIMP2
2008-11-08 20:20

d

w c:program filesИгры
2008-11-08 19:26

d

w c:documents and settingsAll UsersApplication DataAlawarWrapper
2008-11-06 23:01

d

w c:program filesESET
2008-10-29 17:40

d

w c:program filesFreeGamePick.com
2008-10-23 13:41

d

w c:documents and settingsAdminApplication DataAhead
2008-10-20 16:06

d

w c:program filesAhead
2008-10-14 16:51

d

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-11 20:07

d

w c:documents and settingsAdminApplication DataMy Games
2008-10-11 19:07

d

w c:documents and settingsAll UsersApplication DataNevoSoft Games
2008-10-09 15:44

d

w c:program filesMyRealGames.com
2008-10-08 09:07

d

w c:documents and settingsAll UsersApplication DataAlawar Stargaze
2008-10-06 19:34

d

w c:program filesAskTBar
2008-10-05 05:59

d

w c:documents and settingsAll UsersApplication DataВеселаяФерма2
2008-10-02 09:39

d

w c:program filesThe KMPlayer
2008-09-28 11:33

d

w c:documents and settingsAdminApplication Datacerasus.media
2008-09-27 10:47

d

w c:documents and settingsAll UsersApplication DataEgoset
2008-09-26 17:43

d

w c:documents and settingsAdminApplication DataHPAppData
2008-09-25 13:58

d

w c:documents and settingsAdminApplication DataHP
2008-09-23 10:50

d

w c:program filesTotal Commander
2008-09-23 10:02

d

w c:program filesCommon FilesAgnitum Shared
2008-09-23 10:02

d

w c:program filesAgnitum
2008-09-23 09:54

d

w c:documents and settingsAdminApplication DataMedia Player Classic
2008-09-23 09:50

d

w c:program filesDownload Master
2008-09-23 09:49

d

w c:program filesWindows Sidebar
2008-09-23 09:49

d

w c:program filesVista Games
2008-09-23 09:48

d

w c:program filesSkype
2008-09-23 09:48

d

w c:program filesQIP Infium
2008-09-23 09:47

d

w c:program filesK-Lite Codec Pack
2008-09-23 09:47

d

w c:program filesCommon FilesInstallShield
2008-09-23 09:47

d

w c:program filesCommon FilesArsenal Shared
2008-09-23 09:47

d

w c:program filesArsenal Company
2008-09-23 09:41

d

w c:program filesMicrosoft.NET
2008-09-23 09:41

d

w c:program filesMicrosoft Works
2008-09-23 09:38

d

w c:program filesFoxit Reader
2008-09-23 09:29 502,208 —-a-w c:windowssystem32driversamon.sys
2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
2008-09-23 09:27

d

w c:program filesmicrosoft frontpage
2008-09-23 09:26 717,296 —-a-w c:windowssystem32driverssptd.sys
2008-09-23 09:26

d

w c:program filesVistaDriveIcon
2008-09-23 09:26

d

w c:program filesJava
2008-09-23 09:26

d

w c:program filesCommon FilesJava
2008-09-23 09:23

d—a-w c:program filesAmlMaple
2008-09-23 09:23

d

w c:documents and settingsAll UsersApplication DataWEBREG
2008-09-23 09:22

d

w c:documents and settingsAll UsersApplication DataHewlett-Packard
2008-09-23 09:20

d

w c:program filesHP
2008-09-23 09:20

d

w c:documents and settingsAll UsersApplication DataHPSSUPPLY
2008-09-23 09:19

d

w c:program filesHewlett-Packard
2008-09-23 09:19

d

w c:program filesCommon FilesHP
2008-09-23 09:19

d

w c:program filesCommon FilesHewlett-Packard
2008-09-23 09:19

d

w c:documents and settingsAll UsersApplication DataHP Product Assistant
2008-09-23 09:19

d

w c:documents and settingsAll UsersApplication DataHP
2008-09-23 09:18

d

w c:program filesWindows Media Connect 2
2008-09-23 09:18

d

w c:program filesPaint.NET
2008-09-23 09:14

d—h—w c:program filesInstallShield Installation Information
2008-09-23 09:14

d

w c:program filesAtheros WLAN Client
2008-09-23 09:14

d

w c:documents and settingsAll UsersApplication DataWLAN
2008-09-23 09:14

d

w c:documents and settingsAdminApplication DataInstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}]
2008-10-14 15:49 736256 —a

c:progra~1WebaltaWEBALT~2.DLL

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{D4C56A33-3488-495B-8033-9BF834E276D8}»= «c:progra~1WebaltaWEBALT~1.DLL» [2008-10-14 1691136]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
«Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
«Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
«NevoDRM»=»c:program filesИгры от NevoSoftNevoDRMNevoDRM.exe» [2008-07-29 201728]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

S2 WebaltaController;Webalta Controller;c:program filesWebaltaWebaltaUpdaterService.exe [2008-10-14 86528]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [2006-02-13 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:program filesAgnitumOutpost FirewallkernelARP.DLL [2006-02-13 17440]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [2006-02-13 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [2006-02-13 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [2006-02-13 9024]
S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-11-07 30192]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [2006-02-13 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [2006-02-13 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [2006-02-13 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [2006-02-13 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [2006-02-13 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [2006-02-13 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [2006-02-13 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [2006-02-13 9696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar]
c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
«c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
«c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
.
Contents of the ‘Scheduled Tasks’ folder

2008-11-13 c:windowsTasksGoogleUpdateTaskUser.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
.
.

Supplementary Scan

.
FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles4gnh65qv.default
FF -: plugin — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.27npGoogleOneClick6.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 20:36:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

PROCESS: c:windowssystem32lsass.exe
-> c:program filesEsetpr_imon.dll
.
Completion time: 2008-11-13 20:37:13
ComboFix-quarantined-files.txt 2008-11-13 18:37:00
ComboFix2.txt 2008-11-10 18:23:02

Pre-Run: 17,599,217,664 байт свободно
Post-Run: 17,601,490,944 байт свободно

225
Автор

Сообщения

Просмотр 15 сообщений - с 1 по 15 (из 18 всего)

1 2 →

aquapa9

Созданные ответы форума

Добро пожаловать

Поиск

Важные инструкции

Нет доступа в интернет после удаления вируса — Как восстановить

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Как восстановить зашифрованные файлы (Инструкция)

Убрать рекламу в браузере (Chrome, Firefox, Opera, Yandex)

Рекламный вирус в Планировщике заданий

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки