Re: Re: Просканировал с помощью Hijack This

[aquapa9]

OTViewIt Extras logfile created on: 24.11.2008 19:53:45 — Run
OTViewIt by OldTimer — Version 1.0.20.0 Folder = C:Documents and SettingsAdminРабочий стол
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000422 | Country: Украина | Language: UKR | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 68,81% Memory free
3,60 Gb Paging File | 3,21 Gb Available in Paging File | 89,23% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 27,16 Gb Total Space | 15,45 Gb Free Space | 56,90% Space Free | Partition Type: NTFS
Drive D: | 84,62 Gb Total Space | 68,30 Gb Free Space | 80,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOF-311F14
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses]
.html [@ = Reg Error: Value does not exist or could not be read.] — Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«FirstRunDisabled»=1
«FirewallDisableNotify»=0
«FirewallOverride»=1
«UpdatesDisableNotify»=1
«UpdatesOverride»=1
«AntiVirusDisableNotify»=1
«AntiVirusOverride»=1
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile
«EnableFirewall»=0
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplications]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
[2008.04.15 14:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008.04.15 14:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
[2008.04.15 14:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008.04.15 14:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008.04.23 15:45:34 | 22,058,792 | R— | M] (Skype Technologies S.A.) — C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinSock2Parameters]
NameSpace_Catalog5Catalog_Entries00000000001 [TCP/IP] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
NameSpace_Catalog5Catalog_Entries00000000003 [Пространство имен службы сетевого расположения (NLA)] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries00000000001 — File not found
Protocol_Catalog9Catalog_Entries00000000002 — File not found
Protocol_Catalog9Catalog_Entries00000000003 — File not found
Protocol_Catalog9Catalog_Entries00000000004 — File not found
Protocol_Catalog9Catalog_Entries00000000005 — File not found
Protocol_Catalog9Catalog_Entries00000000006 — File not found
Protocol_Catalog9Catalog_Entries00000000007 — File not found
Protocol_Catalog9Catalog_Entries00000000008 — File not found
Protocol_Catalog9Catalog_Entries00000000009 — File not found
Protocol_Catalog9Catalog_Entries00000000010 — File not found
Protocol_Catalog9Catalog_Entries00000000011 — File not found
Protocol_Catalog9Catalog_Entries00000000012 — File not found
Protocol_Catalog9Catalog_Entries00000000013 — File not found
Protocol_Catalog9Catalog_Entries00000000014 — File not found
Protocol_Catalog9Catalog_Entries00000000015 — File not found
Protocol_Catalog9Catalog_Entries00000000016 — File not found
Protocol_Catalog9Catalog_Entries00000000017 — File not found
Protocol_Catalog9Catalog_Entries00000000018 — File not found
Protocol_Catalog9Catalog_Entries00000000019 — File not found
Protocol_Catalog9Catalog_Entries00000000020 — File not found
Protocol_Catalog9Catalog_Entries00000000021 — File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2008.04.15 14:00:00 | 01,431,552 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: подключаемый протокол])

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
ipp: [HKLM — No CLSID value]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
msdaipp: [HKLM — No CLSID value]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaippoledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2006.10.26 11:45:02 | 00,873,216 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2008.04.15 14:00:00 | 01,431,552 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [ТВ: подключаемый протокол])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2008.05.20 17:54:45 | 26,688,512 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2006.10.26 19:41:48 | 00,044,344 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{10E1E87C-656C-4D08-86D6-5443D28583BE}»=TrayApp
«{13F00518-807A-4B3A-83B0-A7CD90F3A398}»=MarketResearch
«{1753255A-0AEB-4220-8C75-607B73F0C133}»=Copy
«{22466889-7642-488d-AA0E-F619704CF7AB}»=DeviceDiscovery
«{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}»=WebReg
«{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}»=Microsoft .NET Framework 1.1 Russian Language Pack
«{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}»=Scan
«{3248F0A8-6813-11D6-A77B-00B0D0160060}»=Java(TM) 6 Update 6
«{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}»=WebFldrs XP
«{415CDA53-9100-476F-A7B2-476691E117C7}»=HP Smart Web Printing
«{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}»=HPSSupply
«{543E938C-BDC4-4933-A612-01293996845F}»=UnloadSupport
«{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}»=eSupportQFolder
«{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}»=CustomerResearchQFolder
«{824D3839-DAA1-4315-A822-7AE3E620E528}»=VideoToolkit01
«{8389382B-53BA-4A87-8854-91E3D80A5AC7}»=HP Photosmart Essential2.01
«{90120000-0010-0419-0000-0000000FF1CE}»=Microsoft Software Update for Web Folders (Russian) 12
«{90120000-0016-0000-0000-0000000FF1CE}»=Microsoft Office Excel 2007
«{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}»=
«{90120000-0016-0419-0000-0000000FF1CE}»=Microsoft Office Excel MUI (Russian) 2007
«{90120000-001A-0000-0000-0000000FF1CE}»=Microsoft Office Outlook 2007
«{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{2A33A0C2-2B09-446E-9022-1508A85ECD2D}»=
«{90120000-001A-0419-0000-0000000FF1CE}»=Microsoft Office Outlook MUI (Russian) 2007
«{90120000-001B-0000-0000-0000000FF1CE}»=Microsoft Office Word 2007
«{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3520B304-0EF8-475D-8C52-47ABCCC75FC6}»=
«{90120000-001B-0419-0000-0000000FF1CE}»=Microsoft Office Word MUI (Russian) 2007
«{90120000-001F-0407-0000-0000000FF1CE}»=Microsoft Office Proof (German) 2007
«{90120000-001F-0409-0000-0000000FF1CE}»=Microsoft Office Proof (English) 2007
«{90120000-001F-0419-0000-0000000FF1CE}»=Microsoft Office Proof (Russian) 2007
«{90120000-001F-0422-0000-0000000FF1CE}»=Microsoft Office Proof (Ukrainian) 2007
«{90120000-002C-0419-0000-0000000FF1CE}»=Microsoft Office Proofing (Russian) 2007
«{90120000-006E-0419-0000-0000000FF1CE}»=Microsoft Office Shared MUI (Russian) 2007
«{9C395AAF-F3DB-FA42-2ADF-9CC22B281049}»=Nero 7 Premium
«{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}»=Сократ Персональный 4.1
«{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}»=HP Update
«{AB5D51AE-EBC3-438D-872C-705C7C2084B0}»=DeviceManagementQFolder
«{AEA07F97-9088-497c-8821-0F36BD5DC251}»=HPProductAssistant
«{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}»=AIO_Scan
«{B4F35A00-24FD-4fb3-BF5E-413D5423434D}»=DJ_AIO_Software_min
«{B508B3F1-A24A-32C0-B310-85786919EF28}»=Microsoft .NET Framework 2.0 Service Pack 1
«{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}»=SolutionCenter
«{C1920D73-7374-49d9-8C37-58A6E49078A5}»=F2100_Help
«{C5EF81AC-FE4C-4157-97E3-2E08B000742A}»=F2100_doccd
«{CA50045C-5119-48e7-9BA7-6B317379857A}»=DJ_AIO_Software
«{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}»=Microsoft .NET Framework 1.1
«{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}»=Destination Component
«{E2662C24-B31E-4349-A084-32EB76E8B760}»=BufferChm
«{E548726E-F4E8-459f-BAB8-45551BC071E9}»=DJ_AIO_ProductContext
«{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}»=Toolbox
«{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}»=Realtek High Definition Audio Driver
«{F1C409F0-8322-4c87-BD08-2F62777D490D}»=F2100
«{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}»=32 Bit HP CIO Components Installer
«{F4D0F248-2BF7-4912-814E-4FD751923838}»=Microsoft .NET Framework 2.0 Language Pack — RUS
«{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}»=Atheros WLAN Client
«{F72E2DDC-3DB8-4190-A21D-63883D955FE7}»=PSSWCORE
«{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}»=HP Deskjet All-In-One Software 9.0
«{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}»=Status
«4_elements»=NevoSoft 4 Elements (remove only)
«Adobe Flash Player ActiveX»=Adobe Flash Player ActiveX
«Adobe Flash Player Plugin»=Adobe Flash Player 10 Plugin
«Adventure Match_is1″=Adventure Match
«Agnitum Outpost Firewall Pro_is1″=Agnitum Outpost Firewall Pro
«AIMP2″=AIMP2
«Amazing Jigsaw_is1″=Amazing Jigsaw
«AmlMaple_addon»=AmlMaple
«atelier»=NevoSoft Atelier (remove only)
«ATI Display Driver»=ATI Display Driver
«beach_party_craze»=NevoSoft Beach Party Craze (remove only)
«cake_mania»=NevoSoft Cake Mania (remove only)
«christmasville»=NevoSoft Christmasville (remove only)
«detective_stories»=NevoSoft Detective Stories (remove only)
«Download Master_is1″=Download Master 5.5.3.1131
«escape_the_museum»=NevoSoft Escape The Museum (remove only)
«EXCEL»=Microsoft Office Excel 2007
«farm_frenzy»=NevoSoft Farm Frenzy (remove only)
«farmcraft»=NevoSoft FarmCraft (remove only)
«Foxit Reader»=Foxit Reader
«Google Desktop»=Google Desktop
«HP Imaging Device Functions»=HP Imaging Device Functions 9.0
«HP Photosmart Essential»=HP Photosmart Essential 2.01
«HP Solution Center & Imaging Support Tools»=HP Solution Center 9.0
«HPExtendedCapabilities»=HP Customer Participation Program 9.0
«jigsaw_world»=NevoSoft Jigsaw World (remove only)
«KLiteCodecPack_is1″=K-Lite Mega Codec Pack 3.9.0
«lara_johns»=NevoSoft Lara Johns (remove only)
«legends_of_pirates»=NevoSoft Legends of Pirates (remove only)
«Magic Crystals_is1″=Magic Crystals
«magic_academy»=NevoSoft Magic Academy (remove only)
«Mahjong Infinity 2_is1″=Mahjong Infinity 2
«Microsoft .NET Framework 1.1 (1033)»=Microsoft .NET Framework 1.1
«Mozilla Firefox (3.0.4)»=Mozilla Firefox (3.0.4)
«mushroom_age»=NevoSoft Mushroom Age (remove only)
«MyCentria»=Интернет помощник MyCentria
«mystery_cookbook»=NevoSoft Mystery Cookbook (remove only)
«NOD32″=Антивирусная система NOD32
«OUTLOOK»=Microsoft Office Outlook 2007
«Paint.NET_addon»=Paint.NET v3.31
«Pearl Hunter_is1″=Pearl Hunter
«posh_shop_2″=NevoSoft Posh Shop 2 (remove only)
«poshshop»=NevoSoft PoshShop (remove only)
«pyramid_runner»=NevoSoft Pyramid Runner (remove only)
«QIP Infium_is1″=QIP Infium 1.0.9008 RC1
«Skype»=Skype
«The KMPlayer»=The KMPlayer
«Tomb Of Giza_is1″=Tomb Of Giza
«Total Commander»=Total Commander
«unicorn_castle»=NevoSoft Unicorn Castle (remove only)
«Vista Drive Icon_addon»=Vista Drive Icon
«Vista Games»=Vista Games 1.3 XP
«wedding_dash»=NevoSoft Wedding Dash (remove only)
«Windows Sidebar»=Боковая панель Windows
«WinRAR archiver»=Архиватор WinRAR
«WORD»=Microsoft Office Word 2007
«Веселая ферма»=Веселая ферма
«Веселая ферма II»=Веселая ферма II
«Луксор»=Луксор
«Модный бутик 2. Эксклюзив»=Модный бутик 2. Эксклюзив
«Натали Брукс. Тайна наследства»=Натали Брукс. Тайна наследства
«Панель инструментов Webalta_is1″=Панель инструментов Webalta 1.0
«Пляжный переполох»=Пляжный переполох
«Помощники для зверюшек»=Помощники для зверюшек
«Пчеловоломка»=Пчеловоломка
«Солнечная ферма»=Солнечная ферма
«Шерлок Холмс. Тайна персидского ковра»=Шерлок Холмс. Тайна персидского ковра
«Яндекс.Бар для Internet Explorer_is1″=Яндекс.Бар для Internet Explorer 3.5.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«Google Chrome»=Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«Google Chrome»=Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]
Error — 16.10.2008 2:39:17 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034
Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
(раз): 1.

Error — 16.10.2008 15:59:53 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034
Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
(раз): 1.

Error — 17.10.2008 15:37:59 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034
Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
(раз): 1.

< End of report >

ComboFix 08-11-23.02 — Admin 2008-11-24 20:03:02.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1268 [GMT 2:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-23 20:45 . 2008-11-23 20:45

d

---

c:documents and settingsAdminApplication DataGaijin Ent
2008-11-23 19:13 . 2008-11-23 19:13 d

---

c:documents and settingsAdminApplication DataMeridian93
2008-11-22 16:07 . 2008-11-22 16:07 d

---

c:documents and settingsAll UsersApplication DataPlayrix Entertainment
2008-11-21 22:36 . 2008-11-21 22:36 d

---

c:documents and settingsAll UsersApplication DataEscapeTheMuseum
2008-11-13 20:52 . 2008-11-13 20:52 d

---

c:documents and settingsLocalServiceApplication DataWebalta
2008-11-13 13:56 . 2008-11-13 13:56 d

---

c:documents and settingsAdminApplication DataGames
2008-11-13 12:57 . 2008-11-13 12:57 d

---

c:documents and settingsAll UsersApplication DataFriday’s games
2008-11-09 21:15 . 2008-11-09 21:15 d

---

c:program filesTrend Micro
2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a

---

c:windowssystem32driverstmcomm.sys
2008-11-09 20:46 . 2008-11-09 20:55 d

---

c:documents and settingsAdmin.housecall6.6
2008-11-09 10:31 . 2008-11-13 23:30 632 —a

---

C:settings.dat
2008-11-08 21:26 . 2008-11-08 21:26 d

---

c:documents and settingsAdminApplication DataBeezzle
2008-11-08 20:56 . 2008-11-08 20:56 d

---

c:documents and settingsAdminApplication DataBeachPartyCraze
2008-11-08 16:04 . 2008-11-08 16:04 d

---

c:program filesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

---

c:program filesCommon FilesYandex
2008-11-08 16:04 . 2008-11-08 16:04 d

---

c:documents and settingsAdminApplication DataYandex
2008-11-08 04:38 . 2008-11-08 04:50 d

---

c:documents and settingsAdminApplication DataLegends of pirates
2008-11-02 17:49 . 2008-11-02 17:49 d

---

c:program filesNevoSoft
2008-11-02 17:39 . 2008-11-24 19:41 d

---

c:program filesWebalta
2008-11-02 17:39 . 2008-11-02 17:39 d

---

c:documents and settingsAdminApplication DataWebalta
2008-11-02 16:33 . 2008-11-02 16:33 d

---

c:documents and settingsAdminApplication DataTemp App Data
2008-11-02 16:33 . 2008-11-02 16:33 d

---

c:documents and settingsAdminApplication DataMagic Academy
2008-11-01 23:32 . 2008-11-01 23:32 d

---

c:documents and settingsAll UsersApplication DataChristmasville
2008-11-01 20:49 . 2008-11-08 22:13 d

---

c:program filesИгры от NevoSoft
2008-11-01 17:44 . 2008-11-01 17:44 d

---

c:documents and settingsAll UsersApplication DataAstar Games
2008-11-01 12:44 . 2008-11-01 12:44 d

---

c:program filesMyCentria
2008-10-26 21:27 . 2008-10-26 21:27 d

---

c:documents and settingsAdminApplication DataQIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 18:45

---

d

---

w c:program filesИгры
2008-11-22 18:42

---

d

---

w c:program filesAIMP2
2008-11-21 19:02

---

d

---

w c:program filesAlawar.ru
2008-11-11 21:18

---

d

---

w c:documents and settingsAdminApplication DataSkype
2008-11-10 18:18

---

d

---

w c:program filesGoogle
2008-11-08 19:26

---

d

---

w c:documents and settingsAll UsersApplication DataAlawarWrapper
2008-11-06 23:01

---

d

---

w c:program filesESET
2008-10-29 17:40

---

d

---

w c:program filesFreeGamePick.com
2008-10-23 13:41

---

d

---

w c:documents and settingsAdminApplication DataAhead
2008-10-20 16:15

---

d

---

w c:program filesCommon FilesAhead
2008-10-20 16:13

---

d

---

w c:program filesNero
2008-10-20 16:06

---

d

---

w c:program filesAhead
2008-10-18 09:29

---

d

---

w c:documents and settingsAll UsersApplication DataSandlot Games
2008-10-18 07:15

---

d

---

w c:documents and settingsAll UsersApplication DataPlayFirst
2008-10-18 07:15

---

d

---

w c:documents and settingsAdminApplication DataPlayFirst
2008-10-14 16:53

---

d

---

w c:documents and settingsAdminApplication DataWindows Search
2008-10-14 16:51

---

d

---

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-14 16:48

---

d

---

w c:program filesWindows Desktop Search
2008-10-11 20:07

---

d

---

w c:documents and settingsAdminApplication DataMy Games
2008-10-11 19:07

---

d

---

w c:documents and settingsAll UsersApplication DataNevoSoft Games
2008-10-09 15:44

---

d

---

w c:program filesMyRealGames.com
2008-10-08 09:07

---

d

---

w c:documents and settingsAll UsersApplication DataAlawar Stargaze
2008-10-06 19:34

---

d

---

w c:program filesAskTBar
2008-10-05 05:59

---

d

---

w c:documents and settingsAll UsersApplication DataВеселаяФерма2
2008-10-02 09:39

---

d

---

w c:program filesThe KMPlayer
2008-09-28 11:33

---

d

---

w c:documents and settingsAdminApplication Datacerasus.media
2008-09-27 10:47

---

d

---

w c:documents and settingsAll UsersApplication DataEgoset
2008-09-26 17:43

---

d

---

w c:documents and settingsAdminApplication DataHPAppData
2008-09-25 13:58

---

d

---

w c:documents and settingsAdminApplication DataHP
2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}]
2008-11-13 20:52 738306 —a

---

c:progra~1WebaltaWEBALT~2.DLL

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]
«{D4C56A33-3488-495B-8033-9BF834E276D8}»= «c:progra~1WebaltaWEBALT~1.DLL» [2008-11-13 1693186]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
«Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
«Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
«NevoDRM»=»c:program filesИгрыNevoDRMNevoDRM.exe» [2008-07-29 201728]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

S2 WebaltaController;Webalta Controller;»c:program filesWebaltaWebaltaUpdaterService.exe» -service [14.10.2008 15:16:00 97794]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [23.09.2008 12:02:41 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??c:program filesAgnitumOutpost FirewallkernelARP.DLL [23.09.2008 12:02:41 17440]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [23.09.2008 12:02:41 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [23.09.2008 12:02:41 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [23.09.2008 12:02:41 9024]
S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [22.10.2008 20:46:09 30192]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [23.09.2008 12:02:41 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [23.09.2008 12:02:41 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [23.09.2008 12:02:41 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [23.09.2008 12:02:41 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [23.09.2008 12:02:41 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [23.09.2008 12:02:41 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [23.09.2008 12:02:41 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [23.09.2008 12:02:41 9696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar]
c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
«c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
«c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
.
Contents of the ‘Scheduled Tasks’ folder

2008-11-23 c:windowsTasksGoogleUpdateTaskUser.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
.
.

---

Supplementary Scan

---

.
FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles4gnh65qv.default
FF -: plugin — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.27npGoogleOneClick6.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 20:04:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(728)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll

— — — — — — — > ‘lsass.exe'(784)
c:windowssystem32SETUPAPI.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2008-11-24 20:05:00
ComboFix-quarantined-files.txt 2008-11-24 18:04:41
ComboFix2.txt 2008-11-13 18:37:14

Pre-Run: 16 525 176 832 байт свободно
Post-Run: 16,842,780,672 байт свободно

194