Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Просканировал с помощью Hijack This
- This topic has 34 ответа, 2 участника, and was last updated 16 years, 10 months назад by Admin. 
- 
		АвторСообщения
- 
		
			
				
9 ноября, 2008 в 7:51 пп #15893Просканировал с помощью Hijack This v2.0.2, как Вы и советовали. Разобраться, какие файлы удалять, не могу. Помогите. Зараннее благодарен. .Logfile of Trend Micro HijackThis v2.0.2 
 Scan saved at 21:16:27, on 09.11.2008
 Platform: Windows XP SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.20772)
 Boot mode: NormalRunning processes: 
 C:WINDOWSSystem32smss.exe
 C:WINDOWSsystem32winlogon.exe
 C:WINDOWSsystem32services.exe
 C:WINDOWSsystem32lsass.exe
 C:WINDOWSsystem32Ati2evxx.exe
 C:WINDOWSsystem32svchost.exe
 C:WINDOWSSystem32svchost.exe
 C:WINDOWSsystem32Ati2evxx.exe
 C:WINDOWSsystem32spoolsv.exe
 C:WINDOWSsystem32svchost.exe
 C:WINDOWSSystem32svchost.exe
 C:Program FilesEsetnod32krn.exe
 C:WINDOWSSystem32svchost.exe
 C:WINDOWSsystem32svchost.exe
 C:WINDOWSExplorer.EXE
 C:WINDOWSRTHDCPL.EXE
 C:Program FilesAmlMapleAmlMaple.exe
 C:Program FilesHPHP Software UpdateHPWuSchd2.exe
 C:Program FilesEsetnod32kui.exe
 C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
 C:WINDOWSsystem32ctfmon.exe
 C:Program FilesVistaDriveIconVistaDrv.exe
 C:Program FilesDownload Masterdmaster.exe
 C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
 C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
 C:Program FilesCommon FilesYandexYupdateyupdate.exe
 C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
 C:Program FilesHPDigital Imagingbinhpqtra08.exe
 C:Program FilesИгры от NevoSoftNevoDRMrun.exe
 C:client windowsclient.exe
 C:Program FilesHPDigital ImagingbinhpqSTE08.exe
 C:Program FilesMozilla Firefoxfirefox.exe
 C:Program FilesTrend MicroHijackThisHijackThis.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
 R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nevosoft.ru
 R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
 R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
 R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.kornet.ru/
 R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
 O2 — BHO: HP Print Enhancer — {0347C33E-8762-4905-BF09-768834316C61} — C:Program FilesHPSmart Web Printinghpswp_printenhancer.dll
 O2 — BHO: HP Print Clips — {053F9267-DC04-4294-A72C-58F732D338C0} — C:Program FilesHPSmart Web Printinghpswp_framework.dll
 O2 — BHO: wljlibP — {0696F721-79BC-455A-970C-28B97FC1F9EE} — C:WINDOWSsystem32wljlib.dll (file missing)
 O2 — BHO: arylibP — {27A21DF4-318D-4F98-8668-AF04DFBB5B4C} — C:WINDOWSsystem32arylib.dll (file missing)
 O2 — BHO: amylibP — {29B981AD-1CE1-42A4-84B1-EF7781BF4326} — C:WINDOWSsystem32amylib.dll (file missing)
 O2 — BHO: dtjlibP — {55E0286E-1193-4B77-B3F5-BFB6846113C5} — C:WINDOWSsystem32dtjlib.dll (file missing)
 O2 — BHO: WebaltaBHO Object — {6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5} — C:PROGRA~1WebaltaWEBALT~2.DLL
 O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_06binssv.dll
 O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
 O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4D91-8333-CF10577473F7} — C:Documents and SettingsAdminGooglegoogletoolbar1.dll
 O2 — BHO: kfclibP — {B006887D-E351-4D64-8C77-8BBFC5B8E325} — C:WINDOWSsystem32kfclib.dll (file missing)
 O2 — BHO: tpilibP — {EBD8D326-CFE2-4FDE-9F1B-C44696D16D5C} — C:WINDOWSsystem32tpilib.dll (file missing)
 O2 — BHO: pjzlibP — {ED04A368-E90F-43CF-BB44-6490F1C294E6} — C:Documents and SettingsAdminРабочий столupdater_15_52942131pjzlib.dll (file missing)
 O2 — BHO: gqalibP — {F6AC332A-0B72-4E32-A255-42957CB1EC0C} — C:WINDOWSsystem32gqalib.dll (file missing)
 O2 — BHO: qoylibP — {FC421820-FF29-4EBB-800F-59A7B3BBB00C} — C:WINDOWSsystem32qoylib.dll (file missing)
 O2 — BHO: MyCentria Internet Mate v2.2 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL
 O3 — Toolbar: &Webalta toolbar — {D4C56A33-3488-495B-8033-9BF834E276D8} — C:PROGRA~1WebaltaWEBALT~1.DLL
 O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
 O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
 O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
 O4 — HKLM..Run: [AmlMaple] C:Program FilesAmlMapleAmlMaple.exe
 O4 — HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
 O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
 O4 — HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewalloutpost.exe /waitservice
 O4 — HKLM..Run: [OutpostFeedBack] C:Program FilesAgnitumOutpost Firewallfeedback.exe /dump:os_startup
 O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
 O4 — HKLM..Run: [Google Desktop Search] «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup
 O4 — HKLM..Run: [NevoDRM] «C:Program FilesИгры от NevoSoftNevoDRMNevoDRM.exe»
 O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
 O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
 O4 — HKCU..Run: [Tok-Cirrhatus] «C:Documents and SettingsAdminLocal SettingsApplication Datasmss.exe»
 O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
 O4 — HKCU..Run: [Google Update] «C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
 O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
 O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
 O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
 O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
 O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
 O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
 O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
 O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
 O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
 O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
 O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
 O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
 O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
 O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
 O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
 O8 — Extra context menu item: Webalta — Добавить в Анти-Баннер — C:Program FilesWebaltaextentionsWebalta_antiban.htm
 O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
 O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
 O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
 O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
 O9 — Extra button: Быстрая настройка Outpost Firewall Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — C:Program FilesAgnitumOutpost FirewallPluginsBrowserBarie_bar.dll
 O9 — Extra button: Альбом клипов HP — {58ECB495-38F0-49cb-A538-10282ABF65E7} — C:Program FilesHPSmart Web Printinghpswp_extensions.dll
 O9 — Extra button: Расширенный выбор HP — {700259D7-1666-479a-93B1-3250410481E8} — C:Program FilesHPSmart Web Printinghpswp_extensions.dll
 O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
 O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
 O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
 O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
 O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
 O17 — HKLMSystemCCSServicesTcpip..{2729C846-E804-4E23-AEF5-82B14538E173}: NameServer = 195.230.99.6
 O20 — AppInit_DLLs: C:PROGRA~1AgnitumOUTPOS~1wl_hook.dll C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
 O20 — Winlogon Notify: crypt — C:WINDOWSSYSTEM32crypts.dll
 O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
 O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
 O23 — Service: Диспетчер Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) — Google — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
 O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
 O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
 O23 — Service: Outpost Firewall Service (OutpostFirewall) — Agnitum Ltd. — C:Program FilesAgnitumOutpost Firewalloutpost.exe
 O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
 O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
 O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
 O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
 O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
 O23 — Service: Webalta Controller (WebaltaController) — Unknown owner — C:Program FilesWebaltaWebaltaUpdaterService.exe
 O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe— 
 End of file — 11443 bytes P.S. Пользуюсь Mozilla Firefox и поэтому, думаю, Internet Explorer мне ненужен.10 ноября, 2008 в 6:44 дп #19665Здравствуйте, добро пожаловать на Spyware-ru форум. Пожалуйста подробно опишите вашу проблему. Судя по логу ваш компьютер заражён трояном показывающим всплывающие окна и трояном Troj/Agent-GJR. Запустите HijackThis, кликните по кнопке Do a system scan only. 
 Далее отметьте галочками (слева) следующие строки:O2 - BHO: wljlibP - {0696F721-79BC-455A-970C-28B97FC1F9EE} - C:WINDOWSsystem32wljlib.dll (file missing)
 O2 - BHO: arylibP - {27A21DF4-318D-4F98-8668-AF04DFBB5B4C} - C:WINDOWSsystem32arylib.dll (file missing)
 O2 - BHO: amylibP - {29B981AD-1CE1-42A4-84B1-EF7781BF4326} - C:WINDOWSsystem32amylib.dll (file missing)
 O2 - BHO: dtjlibP - {55E0286E-1193-4B77-B3F5-BFB6846113C5} - C:WINDOWSsystem32dtjlib.dll (file missing)
 O2 - BHO: kfclibP - {B006887D-E351-4D64-8C77-8BBFC5B8E325} - C:WINDOWSsystem32kfclib.dll (file missing)
 O2 - BHO: tpilibP - {EBD8D326-CFE2-4FDE-9F1B-C44696D16D5C} - C:WINDOWSsystem32tpilib.dll (file missing)
 O2 - BHO: pjzlibP - {ED04A368-E90F-43CF-BB44-6490F1C294E6} - C:Documents and SettingsAdminРабочий столupdater_15_52942131pjzlib.dll (file missing)
 O2 - BHO: gqalibP - {F6AC332A-0B72-4E32-A255-42957CB1EC0C} - C:WINDOWSsystem32gqalib.dll (file missing)
 O2 - BHO: qoylibP - {FC421820-FF29-4EBB-800F-59A7B3BBB00C} - C:WINDOWSsystem32qoylib.dll (file missing)
 O2 - BHO: MyCentria Internet Mate v2.2 - {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} - C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL
 O4 - HKCU..Run: [Tok-Cirrhatus] "C:Documents and SettingsAdminLocal SettingsApplication Datasmss.exe"
 O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
 O20 - Winlogon Notify: crypt - C:WINDOWSSYSTEM32crypts.dllКликните по кнопке Fix checked и подтвердите свои действия выбрав YES. Закройте HijackThis и перезагрузите компьютер. Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу. 
 После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.10 ноября, 2008 в 7:13 пп #19666Выполнил все, как вы рекомендовали в своем сообщении:ComboFix 08-11-09.04 — Admin 2008-11-10 20:17:21.1 — NTFSx86 
 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1290 [GMT 2:00]
 Running from: c:documents and settingsAdminРабочий столComboFix.exe
 * Created a new restore point
 * Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
 .((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) 
 .c:docume~1AdminLOCALS~1Tempinstall_flash_player.exe 
 c:documents and settingsAdminLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.jpg
 c:documents and settingsAdminLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
 c:documents and settingsAdminLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
 c:documents and settingsAdminLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
 c:documents and settingsAdminLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.jpg
 c:documents and settingsAdminLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
 c:documents and settingsAdminLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
 c:program filesGooglegoogletoolbar1.dll
 c:windowssystem32AutoRun.inf
 c:windowssystem32crypts.dll. 
 ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
 .
 Legacy_VFILT
 Service_VFILT((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) 
 .2008-11-09 21:15 . 2008-11-09 21:15 d 
 c:program filesTrend Micro
 2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a
 c:windowssystem32driverstmcomm.sys
 2008-11-09 20:46 . 2008-11-09 20:55d 
 c:documents and settingsAdmin.housecall6.6
 2008-11-09 10:31 . 2008-11-09 13:02 632 —a
 C:settings.dat
 2008-11-08 21:26 . 2008-11-08 21:26d 
 c:documents and settingsAdminApplication DataBeezzle
 2008-11-08 20:56 . 2008-11-08 20:56d 
 c:documents and settingsAdminApplication DataBeachPartyCraze
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:program filesYandex
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:program filesCommon FilesYandex
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:documents and settingsAdminApplication DataYandex
 2008-11-08 04:38 . 2008-11-08 04:50d 
 c:documents and settingsAdminApplication DataLegends of pirates
 2008-11-02 17:49 . 2008-11-02 17:49d 
 c:program filesNevoSoft
 2008-11-02 17:39 . 2008-11-08 22:09d 
 c:program filesWebalta
 2008-11-02 17:39 . 2008-11-02 17:39d 
 c:documents and settingsAdminApplication DataWebalta
 2008-11-02 16:33 . 2008-11-02 16:33d 
 c:documents and settingsAdminApplication DataTemp App Data
 2008-11-02 16:33 . 2008-11-02 16:33d 
 c:documents and settingsAdminApplication DataMagic Academy
 2008-11-01 23:32 . 2008-11-01 23:32d 
 c:documents and settingsAll UsersApplication DataChristmasville
 2008-11-01 20:49 . 2008-11-08 22:13d 
 c:program filesИгры от NevoSoft
 2008-11-01 17:44 . 2008-11-01 17:44d 
 c:documents and settingsAll UsersApplication DataAstar Games
 2008-11-01 12:44 . 2008-11-01 12:44d 
 c:program filesMyCentria
 2008-10-26 21:27 . 2008-10-26 21:27d 
 c:documents and settingsAdminApplication DataQIP
 2008-10-20 18:13 . 2008-10-20 18:13d 
 c:program filesNero
 2008-10-20 18:13 . 2008-10-20 18:15d 
 c:program filesCommon FilesAhead
 2008-10-20 18:07 . 2008-10-20 18:08d 
 c:tempNero-7.2.0.3b_rus_no_yt
 2008-10-20 18:07 . 2008-10-20 18:07d 
 C:temp
 2008-10-20 17:38 . 2008-10-20 20:59d 
 C:Downloads
 2008-10-18 11:29 . 2008-10-18 11:29d 
 c:documents and settingsAll UsersApplication DataSandlot Games
 2008-10-18 09:15 . 2008-10-18 09:15d 
 c:documents and settingsAll UsersApplication DataPlayFirst
 2008-10-18 09:15 . 2008-10-18 09:15d 
 c:documents and settingsAdminApplication DataPlayFirst
 2008-10-14 18:53 . 2008-10-14 18:53d 
 c:documents and settingsAdminApplication DataWindows Search
 2008-10-14 18:48 . 2008-10-14 18:48d 
 c:windowssystem32GroupPolicy
 2008-10-14 18:48 . 2008-10-14 18:48d 
 c:program filesWindows Desktop Search
 2008-10-14 18:48 . 2007-09-27 10:48 23,856 —a
 c:windowssystem32spupdsvc.exe
 2008-10-13 22:28 . 2008-11-02 00:32d 
 c:documents and settingsAdminGoogle
 2008-10-13 22:27 . 2008-11-10 20:18d 
 c:program filesGoogle
 2008-10-11 22:07 . 2008-10-11 22:07d 
 c:documents and settingsAdminApplication DataMy Games
 2008-10-11 21:07 . 2008-10-11 21:07d 
 c:documents and settingsAll UsersApplication DataNevoSoft Games. 
 (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
 .
 2008-11-08 20:20
 d
 w c:program filesИгры
 2008-11-08 19:26
 d
 w c:documents and settingsAll UsersApplication DataAlawarWrapper
 2008-11-08 14:00
 d
 w c:program filesAlawar.ru
 2008-11-06 23:01
 d
 w c:program filesESET
 2008-11-06 22:48
 d
 w c:documents and settingsAdminApplication DataSkype
 2008-11-06 17:49
 d
 w c:program filesAIMP2
 2008-10-29 17:40
 d
 w c:program filesFreeGamePick.com
 2008-10-23 13:41
 d
 w c:documents and settingsAdminApplication DataAhead
 2008-10-20 16:06
 d
 w c:program filesAhead
 2008-10-14 16:51
 d
 w c:documents and settingsAll UsersApplication DataMicrosoft Help
 2008-10-09 15:44
 d
 w c:program filesMyRealGames.com
 2008-10-08 09:07
 d
 w c:documents and settingsAll UsersApplication DataAlawar Stargaze
 2008-10-06 19:34
 d
 w c:program filesAskTBar
 2008-10-05 05:59
 d
 w c:documents and settingsAll UsersApplication DataВеселаяФерма2
 2008-10-02 09:39
 d
 w c:program filesThe KMPlayer
 2008-09-28 11:33
 d
 w c:documents and settingsAdminApplication Datacerasus.media
 2008-09-27 10:47
 d
 w c:documents and settingsAll UsersApplication DataEgoset
 2008-09-26 17:43
 d
 w c:documents and settingsAdminApplication DataHPAppData
 2008-09-25 13:58
 d
 w c:documents and settingsAdminApplication DataHP
 2008-09-25 12:04 360,960 —-a-w c:windowssystem32pjzlib.dll
 2008-09-23 10:50
 d
 w c:program filesTotal Commander
 2008-09-23 10:02
 d
 w c:program filesCommon FilesAgnitum Shared
 2008-09-23 10:02
 d
 w c:program filesAgnitum
 2008-09-23 09:54
 d
 w c:documents and settingsAdminApplication DataMedia Player Classic
 2008-09-23 09:50
 d
 w c:program filesDownload Master
 2008-09-23 09:49
 d
 w c:program filesWindows Sidebar
 2008-09-23 09:49
 d
 w c:program filesVista Games
 2008-09-23 09:48
 d
 w c:program filesSkype
 2008-09-23 09:48
 d
 w c:program filesQIP Infium
 2008-09-23 09:47
 d
 w c:program filesK-Lite Codec Pack
 2008-09-23 09:47
 d
 w c:program filesCommon FilesInstallShield
 2008-09-23 09:47
 d
 w c:program filesCommon FilesArsenal Shared
 2008-09-23 09:47
 d
 w c:program filesArsenal Company
 2008-09-23 09:41
 d
 w c:program filesMicrosoft.NET
 2008-09-23 09:41
 d
 w c:program filesMicrosoft Works
 2008-09-23 09:38
 d
 w c:program filesFoxit Reader
 2008-09-23 09:29 502,208 —-a-w c:windowssystem32driversamon.sys
 2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
 2008-09-23 09:27
 d
 w c:program filesmicrosoft frontpage
 2008-09-23 09:26 717,296 —-a-w c:windowssystem32driverssptd.sys
 2008-09-23 09:26
 d
 w c:program filesVistaDriveIcon
 2008-09-23 09:26
 d
 w c:program filesJava
 2008-09-23 09:26
 d
 w c:program filesCommon FilesJava
 2008-09-23 09:23
 d—a-w c:program filesAmlMaple
 2008-09-23 09:23
 d
 w c:documents and settingsAll UsersApplication DataWEBREG
 2008-09-23 09:22
 d
 w c:documents and settingsAll UsersApplication DataHewlett-Packard
 2008-09-23 09:20
 d
 w c:program filesHP
 2008-09-23 09:20
 d
 w c:documents and settingsAll UsersApplication DataHPSSUPPLY
 2008-09-23 09:19
 d
 w c:program filesHewlett-Packard
 2008-09-23 09:19
 d
 w c:program filesCommon FilesHP
 2008-09-23 09:19
 d
 w c:program filesCommon FilesHewlett-Packard
 2008-09-23 09:19
 d
 w c:documents and settingsAll UsersApplication DataHP Product Assistant
 2008-09-23 09:19
 d
 w c:documents and settingsAll UsersApplication DataHP
 2008-09-23 09:18
 d
 w c:program filesWindows Media Connect 2
 2008-09-23 09:18
 d
 w c:program filesPaint.NET
 2008-09-23 09:14
 d—h—w c:program filesInstallShield Installation Information
 2008-09-23 09:14
 d
 w c:program filesAtheros WLAN Client
 2008-09-23 09:14
 d
 w c:documents and settingsAll UsersApplication DataWLAN
 2008-09-23 09:14
 d
 w c:documents and settingsAdminApplication DataInstallShield
 .
 Sigcheck
 
 2008-05-20 17:54 579072 23b7d3f3f5ec8feea75ec381c71cbd5e c:windowssystem32user32.dll2008-05-20 17:54 952320 7a737e1453d01ff94801272f13497362 c:windowssystem32wininet.dll 2008-05-20 17:52 361344 030dc4d48cc2b894fee2f390d8e66ad5 c:windowssystem32driverstcpip.sys 2008-05-20 17:53 1721344 dc5d73a9809b66026231a9d49de6987f c:windowsexplorer.exe 2008-05-20 17:53 30208 ae0db25ee10900c73d923ad5880564cf c:windowssystem32ctfmon.exe 2008-05-20 17:55 80216 5f38b1b965527c6f5c30dedab0ab0550 c:windowssystem32wuauclt.exe 
 .
 ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}] 
 2008-10-14 15:49 736256 —a
 c:progra~1WebaltaWEBALT~2.DLL[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar] 
 «{D4C56A33-3488-495B-8033-9BF834E276D8}»= «c:progra~1WebaltaWEBALT~1.DLL» [2008-10-14 1691136]
 «{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser] 
 «{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}] 
 [HKEY_CLASSES_ROOTYandex.Toolbar.1]
 [HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
 [HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] 
 «CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
 «VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
 «Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
 «Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
 «BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
 «Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] 
 «AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
 «HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
 «nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
 «Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
 «OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
 «NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
 «Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
 «NevoDRM»=»c:program filesИгры от NevoSoftNevoDRMNevoDRM.exe» [2008-07-29 201728]
 «RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] 
 «CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
 «VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] 
 «IE7_011″=»shell32» [X]
 «ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
 «IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є 
 HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] 
 «NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] 
 «NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center] 
 «FirewallOverride»=dword:00000001
 «UpdatesDisableNotify»=dword:00000001
 «UpdatesOverride»=dword:00000001
 «AntiVirusDisableNotify»=dword:00000001
 «AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] 
 «EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] 
 «%windir%\Network Diagnostic\xpnetdiag.exe»=
 «%windir%\system32\sessmgr.exe»=
 «c:\Program Files\Skype\Phone\Skype.exe»=S2 WebaltaController;Webalta Controller;c:program filesWebaltaWebaltaUpdaterService.exe [2008-10-14 86528] 
 S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [2006-02-13 33600]
 S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:program filesAgnitumOutpost FirewallkernelARP.DLL [2006-02-13 17440]
 S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [2006-02-13 4896]
 S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [2006-02-13 14304]
 S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [2006-02-13 9024]
 S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-11-07 30192]
 S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [2006-02-13 11552]
 S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [2006-02-13 13248]
 S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [2006-02-13 7200]
 S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [2006-02-13 14912]
 S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [2006-02-13 6752]
 S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [2006-02-13 9984]
 S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [2006-02-13 16960]
 S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [2006-02-13 9696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] 
 HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc*Newly Created Service* — WUAUSERV [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar] 
 c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}] 
 «c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}] 
 «c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}] 
 regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
 .
 Contents of the ‘Scheduled Tasks’ folder2008-11-10 c:windowsTasksGoogleUpdateTaskUser.job 
 — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
 .
 — — — — ORPHANS REMOVED — — — —BHO-{0696F721-79BC-455A-970C-28B97FC1F9EE} — c:windowssystem32wljlib.dll 
 BHO-{27A21DF4-318D-4F98-8668-AF04DFBB5B4C} — c:windowssystem32arylib.dll
 BHO-{55E0286E-1193-4B77-B3F5-BFB6846113C5} — c:windowssystem32dtjlib.dll
 BHO-{B006887D-E351-4D64-8C77-8BBFC5B8E325} — c:windowssystem32kfclib.dll
 BHO-{EBD8D326-CFE2-4FDE-9F1B-C44696D16D5C} — c:windowssystem32tpilib.dll
 BHO-{ED04A368-E90F-43CF-BB44-6490F1C294E6} — c:documents and settingsAdminРабочий столupdater_15_52942131pjzlib.dll
 BHO-{F6AC332A-0B72-4E32-A255-42957CB1EC0C} — c:windowssystem32gqalib.dll
 BHO-{FC421820-FF29-4EBB-800F-59A7B3BBB00C} — c:windowssystem32qoylib.dll. 
 Supplementary Scan
 .
 FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles4gnh65qv.default
 FF -: plugin — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.25npGoogleOneClick6.dll
 FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
 FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
 .************************************************************************** catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net 
 Rootkit scan 2008-11-10 20:20:48
 Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully 
 hidden files: 0************************************************************************** 
 .
 DLLs Loaded Under Running Processes
 
 PROCESS: c:windowssystem32lsass.exe
 -> c:program filesEsetpr_imon.dll
 .
 Other Running Processes
 .
 c:windowssystem32ati2evxx.exe
 c:windowssystem32ati2evxx.exe
 c:program filesESETnod32krn.exe
 c:program filesc:program filesHPDigital Imagingbinhpqste08.exe
 .
 **************************************************************************
 .
 Completion time: 2008-11-10 20:23:01 — machine was rebooted
 ComboFix-quarantined-files.txt 2008-11-10 18:22:56Pre-Run: 16 634 396 672 байт свободно 
 Post-Run: 18,189,115,392 байт свободно281 11 ноября, 2008 в 3:18 дп #19667Combofix лог выглядит нормально. Ваша проблема была решена ? 11 ноября, 2008 в 5:42 пп #19668Проблема абсолютно не решена. Как выезжали окна с порно рекламой и Гранд Казино (извините, что не указал в своих сообщениях) при работе в и-нете, так и выезжают. По поводу трояна в экранном меню (какой то фаил ZENKOREA), NOD 32 пока не сообщал. Подскажите пожалуйста, что мне делать. Программы Hijack This и Combofix еще не удалял. Извините за настойчивость. Просто, переживаю, если что то случится с компом, то не переживу! 11 ноября, 2008 в 11:06 пп #19669Ваша проблема проявляется в каком браузере ? Firefox или InternetExplorer, или в обоих ? 12 ноября, 2008 в 4:52 пп #19670В обоих. Но так как постоянно пользуюсь Firefox, то в нем меня больше беспокоит зта проблема. 13 ноября, 2008 в 2:44 пп #19671Выскакивающие окна появляются только в браузерах ? 
 То есть запустить компьютер, но не открывать браузер. Появляются ли окна самостоятельно ?
 Пожалуйста свежий Combofix лог приложите.13 ноября, 2008 в 7:02 пп #19672Выскакивающие окна Проявляются только в браузерах! Самостоятельно, при работе вне и-нета, они никак не проявляются. Да, еще! Позавчера (уже после первого сканирования Combofix) проводил глубокий анализ (сканирование) C и D дисков по удалению вирусов с помощью NOD32. Был заражен Outpost Firewall Pro и антивирус его удалил. Могу ли я его с и-нета скачать? Или он мне, к примеру, вообще не нужен. Прилагаю новый лог сканирования Combofix: ComboFix 08-11-12.01 — Admin 2008-11-13 20:35:44.3 — NTFSx86 
 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1258 [GMT 2:00]
 Running from: c:documents and settingsAdminРабочий столComboFix.exe
 * Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
 .((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 ))))))))))))))))))))))))))))))) 
 .2008-11-13 13:56 . 2008-11-13 13:56 d 
 c:documents and settingsAdminApplication DataGames
 2008-11-13 12:57 . 2008-11-13 12:57d 
 c:documents and settingsAll UsersApplication DataFriday’s games
 2008-11-09 21:15 . 2008-11-09 21:15d 
 c:program filesTrend Micro
 2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a
 c:windowssystem32driverstmcomm.sys
 2008-11-09 20:46 . 2008-11-09 20:55d 
 c:documents and settingsAdmin.housecall6.6
 2008-11-09 10:31 . 2008-11-13 11:18 632 —a
 C:settings.dat
 2008-11-08 21:26 . 2008-11-08 21:26d 
 c:documents and settingsAdminApplication DataBeezzle
 2008-11-08 20:56 . 2008-11-08 20:56d 
 c:documents and settingsAdminApplication DataBeachPartyCraze
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:program filesYandex
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:program filesCommon FilesYandex
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:documents and settingsAdminApplication DataYandex
 2008-11-08 04:38 . 2008-11-08 04:50d 
 c:documents and settingsAdminApplication DataLegends of pirates
 2008-11-02 17:49 . 2008-11-02 17:49d 
 c:program filesNevoSoft
 2008-11-02 17:39 . 2008-11-08 22:09d 
 c:program filesWebalta
 2008-11-02 17:39 . 2008-11-02 17:39d 
 c:documents and settingsAdminApplication DataWebalta
 2008-11-02 16:33 . 2008-11-02 16:33d 
 c:documents and settingsAdminApplication DataTemp App Data
 2008-11-02 16:33 . 2008-11-02 16:33d 
 c:documents and settingsAdminApplication DataMagic Academy
 2008-11-01 23:32 . 2008-11-01 23:32d 
 c:documents and settingsAll UsersApplication DataChristmasville
 2008-11-01 20:49 . 2008-11-08 22:13d 
 c:program filesИгры от NevoSoft
 2008-11-01 17:44 . 2008-11-01 17:44d 
 c:documents and settingsAll UsersApplication DataAstar Games
 2008-11-01 12:44 . 2008-11-01 12:44d 
 c:program filesMyCentria
 2008-10-26 21:27 . 2008-10-26 21:27d 
 c:documents and settingsAdminApplication DataQIP
 2008-10-20 18:13 . 2008-10-20 18:13d 
 c:program filesNero
 2008-10-20 18:13 . 2008-10-20 18:15d 
 c:program filesCommon FilesAhead
 2008-10-20 18:07 . 2008-10-20 18:08d 
 c:tempNero-7.2.0.3b_rus_no_yt
 2008-10-20 18:07 . 2008-10-20 18:07d 
 C:temp
 2008-10-20 17:38 . 2008-10-20 20:59d 
 C:Downloads
 2008-10-18 11:29 . 2008-10-18 11:29d 
 c:documents and settingsAll UsersApplication DataSandlot Games
 2008-10-18 09:15 . 2008-10-18 09:15d 
 c:documents and settingsAll UsersApplication DataPlayFirst
 2008-10-18 09:15 . 2008-10-18 09:15d 
 c:documents and settingsAdminApplication DataPlayFirst
 2008-10-14 18:53 . 2008-10-14 18:53d 
 c:documents and settingsAdminApplication DataWindows Search
 2008-10-14 18:48 . 2008-10-14 18:48d 
 c:windowssystem32GroupPolicy
 2008-10-14 18:48 . 2008-10-14 18:48d 
 c:program filesWindows Desktop Search
 2008-10-14 18:48 . 2007-09-27 10:48 23,856 —a
 c:windowssystem32spupdsvc.exe
 2008-10-13 22:28 . 2008-11-10 21:52d 
 c:documents and settingsAdminGoogle
 2008-10-13 22:27 . 2008-11-10 20:18d 
 c:program filesGoogle. 
 (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
 .
 2008-11-13 11:50
 d
 w c:program filesAlawar.ru
 2008-11-11 21:18
 d
 w c:documents and settingsAdminApplication DataSkype
 2008-11-11 19:02
 d
 w c:program filesAIMP2
 2008-11-08 20:20
 d
 w c:program filesИгры
 2008-11-08 19:26
 d
 w c:documents and settingsAll UsersApplication DataAlawarWrapper
 2008-11-06 23:01
 d
 w c:program filesESET
 2008-10-29 17:40
 d
 w c:program filesFreeGamePick.com
 2008-10-23 13:41
 d
 w c:documents and settingsAdminApplication DataAhead
 2008-10-20 16:06
 d
 w c:program filesAhead
 2008-10-14 16:51
 d
 w c:documents and settingsAll UsersApplication DataMicrosoft Help
 2008-10-11 20:07
 d
 w c:documents and settingsAdminApplication DataMy Games
 2008-10-11 19:07
 d
 w c:documents and settingsAll UsersApplication DataNevoSoft Games
 2008-10-09 15:44
 d
 w c:program filesMyRealGames.com
 2008-10-08 09:07
 d
 w c:documents and settingsAll UsersApplication DataAlawar Stargaze
 2008-10-06 19:34
 d
 w c:program filesAskTBar
 2008-10-05 05:59
 d
 w c:documents and settingsAll UsersApplication DataВеселаяФерма2
 2008-10-02 09:39
 d
 w c:program filesThe KMPlayer
 2008-09-28 11:33
 d
 w c:documents and settingsAdminApplication Datacerasus.media
 2008-09-27 10:47
 d
 w c:documents and settingsAll UsersApplication DataEgoset
 2008-09-26 17:43
 d
 w c:documents and settingsAdminApplication DataHPAppData
 2008-09-25 13:58
 d
 w c:documents and settingsAdminApplication DataHP
 2008-09-23 10:50
 d
 w c:program filesTotal Commander
 2008-09-23 10:02
 d
 w c:program filesCommon FilesAgnitum Shared
 2008-09-23 10:02
 d
 w c:program filesAgnitum
 2008-09-23 09:54
 d
 w c:documents and settingsAdminApplication DataMedia Player Classic
 2008-09-23 09:50
 d
 w c:program filesDownload Master
 2008-09-23 09:49
 d
 w c:program filesWindows Sidebar
 2008-09-23 09:49
 d
 w c:program filesVista Games
 2008-09-23 09:48
 d
 w c:program filesSkype
 2008-09-23 09:48
 d
 w c:program filesQIP Infium
 2008-09-23 09:47
 d
 w c:program filesK-Lite Codec Pack
 2008-09-23 09:47
 d
 w c:program filesCommon FilesInstallShield
 2008-09-23 09:47
 d
 w c:program filesCommon FilesArsenal Shared
 2008-09-23 09:47
 d
 w c:program filesArsenal Company
 2008-09-23 09:41
 d
 w c:program filesMicrosoft.NET
 2008-09-23 09:41
 d
 w c:program filesMicrosoft Works
 2008-09-23 09:38
 d
 w c:program filesFoxit Reader
 2008-09-23 09:29 502,208 —-a-w c:windowssystem32driversamon.sys
 2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
 2008-09-23 09:27
 d
 w c:program filesmicrosoft frontpage
 2008-09-23 09:26 717,296 —-a-w c:windowssystem32driverssptd.sys
 2008-09-23 09:26
 d
 w c:program filesVistaDriveIcon
 2008-09-23 09:26
 d
 w c:program filesJava
 2008-09-23 09:26
 d
 w c:program filesCommon FilesJava
 2008-09-23 09:23
 d—a-w c:program filesAmlMaple
 2008-09-23 09:23
 d
 w c:documents and settingsAll UsersApplication DataWEBREG
 2008-09-23 09:22
 d
 w c:documents and settingsAll UsersApplication DataHewlett-Packard
 2008-09-23 09:20
 d
 w c:program filesHP
 2008-09-23 09:20
 d
 w c:documents and settingsAll UsersApplication DataHPSSUPPLY
 2008-09-23 09:19
 d
 w c:program filesHewlett-Packard
 2008-09-23 09:19
 d
 w c:program filesCommon FilesHP
 2008-09-23 09:19
 d
 w c:program filesCommon FilesHewlett-Packard
 2008-09-23 09:19
 d
 w c:documents and settingsAll UsersApplication DataHP Product Assistant
 2008-09-23 09:19
 d
 w c:documents and settingsAll UsersApplication DataHP
 2008-09-23 09:18
 d
 w c:program filesWindows Media Connect 2
 2008-09-23 09:18
 d
 w c:program filesPaint.NET
 2008-09-23 09:14
 d—h—w c:program filesInstallShield Installation Information
 2008-09-23 09:14
 d
 w c:program filesAtheros WLAN Client
 2008-09-23 09:14
 d
 w c:documents and settingsAll UsersApplication DataWLAN
 2008-09-23 09:14
 d
 w c:documents and settingsAdminApplication DataInstallShield
 .((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) 
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}] 
 2008-10-14 15:49 736256 —a
 c:progra~1WebaltaWEBALT~2.DLL[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar] 
 «{D4C56A33-3488-495B-8033-9BF834E276D8}»= «c:progra~1WebaltaWEBALT~1.DLL» [2008-10-14 1691136]
 «{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser] 
 «{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}] 
 [HKEY_CLASSES_ROOTYandex.Toolbar.1]
 [HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
 [HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] 
 «CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
 «VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
 «Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
 «Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
 «BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
 «Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] 
 «AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
 «HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
 «nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
 «Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
 «OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
 «NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
 «Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
 «NevoDRM»=»c:program filesИгры от NevoSoftNevoDRMNevoDRM.exe» [2008-07-29 201728]
 «RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] 
 «CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
 «VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] 
 «IE7_011″=»shell32» [X]
 «ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
 «IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є 
 HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] 
 «NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] 
 «NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center] 
 «FirewallOverride»=dword:00000001
 «UpdatesDisableNotify»=dword:00000001
 «UpdatesOverride»=dword:00000001
 «AntiVirusDisableNotify»=dword:00000001
 «AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] 
 «EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] 
 «%windir%\Network Diagnostic\xpnetdiag.exe»=
 «%windir%\system32\sessmgr.exe»=
 «c:\Program Files\Skype\Phone\Skype.exe»=S2 WebaltaController;Webalta Controller;c:program filesWebaltaWebaltaUpdaterService.exe [2008-10-14 86528] 
 S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [2006-02-13 33600]
 S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:program filesAgnitumOutpost FirewallkernelARP.DLL [2006-02-13 17440]
 S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [2006-02-13 4896]
 S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [2006-02-13 14304]
 S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [2006-02-13 9024]
 S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-11-07 30192]
 S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [2006-02-13 11552]
 S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [2006-02-13 13248]
 S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [2006-02-13 7200]
 S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [2006-02-13 14912]
 S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [2006-02-13 6752]
 S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [2006-02-13 9984]
 S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [2006-02-13 16960]
 S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [2006-02-13 9696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] 
 HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar] 
 c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}] 
 «c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}] 
 «c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}] 
 regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
 .
 Contents of the ‘Scheduled Tasks’ folder2008-11-13 c:windowsTasksGoogleUpdateTaskUser.job 
 — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
 .
 .
 Supplementary Scan
 .
 FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles4gnh65qv.default
 FF -: plugin — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.27npGoogleOneClick6.dll
 FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
 FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
 .************************************************************************** catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net 
 Rootkit scan 2008-11-13 20:36:32
 Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully 
 hidden files: 0************************************************************************** 
 .
 DLLs Loaded Under Running Processes
 
 PROCESS: c:windowssystem32lsass.exe
 -> c:program filesEsetpr_imon.dll
 .
 Completion time: 2008-11-13 20:37:13
 ComboFix-quarantined-files.txt 2008-11-13 18:37:00
 ComboFix2.txt 2008-11-10 18:23:02Pre-Run: 17,599,217,664 байт свободно 
 Post-Run: 17,601,490,944 байт свободно225 14 ноября, 2008 в 1:30 дп #19673Был заражен Outpost Firewall Pro и антивирус его удалил Combofix показывает что удалил, но не весь. В автозагрузке и в драйверах он всё равно прописан. Сейчас, после лечения NODом, проблема осталась ? 
 И ещё, запустите InternetExplorer, а затем Firefox. Есть ли какие-либо отличия между всплывающими окнами ?14 ноября, 2008 в 2:40 дп #19674Всплывающие окна одинаковы как в Explorer, так и в Mozilla. Различий нет. Проблема остается той же. 14 ноября, 2008 в 12:42 пп #196751. Пожалуйста сделайте скриншот в момент когда на экране всплывающее окно. Если рекламируется контент для взрослых, то скиньте эту картинку в личку, в другом случае присоедините к вашему следующему сообщению. 2. Вы можете примерно определить дату, когда впервые столкнулись с этой проблемой ? 23 ноября, 2008 в 8:55 пп #19676Предоставляю один из вариантов всплывающих окон… [картинка удалена] 24 ноября, 2008 в 2:36 пп #19677Глянул ваше вложение. 
 Продолжим поиск паразита.Скачайте OTViewIt кликнув по этой ссылке. 
 — Запишите файл на ваш Рабочий стол.
 — Запустите программу.
 — Отметьте галочкой «Scan All Users»
 — Кликните по кнопке «Run Scan»
 По завершении процесса сканирования откроется два лога, OTViewIt.txt будет открыт, второй Extra.txt будет свёрнут.Так же запустите ещё раз Combofix. Жду от вас три лога: 
 — два OTViewIt лога
 — Combofix лог24 ноября, 2008 в 6:11 пп #19678OTViewIt Extras logfile created on: 24.11.2008 19:53:45 — Run 
 OTViewIt by OldTimer — Version 1.0.20.0 Folder = C:Documents and SettingsAdminРабочий стол
 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
 Internet Explorer (Version = 7.0.5730.13)
 Locale: 00000422 | Country: Украина | Language: UKR | Date Format: dd.MM.yyyy1,75 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 68,81% Memory free 
 3,60 Gb Paging File | 3,21 Gb Available in Paging File | 89,23% Paging File free
 Paging file location(s): C:pagefile.sys 2046 4092;%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files 
 Drive C: | 27,16 Gb Total Space | 15,45 Gb Free Space | 56,90% Space Free | Partition Type: NTFS
 Drive D: | 84,62 Gb Total Space | 68,30 Gb Free Space | 80,71% Space Free | Partition Type: NTFS
 E: Drive not present or media not loaded
 F: Drive not present or media not loaded
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loadedComputer Name: MICROSOF-311F14 
 Current User Name: Admin
 Logged in as Administrator.Current Boot Mode: Normal 
 Scan Mode: All users
 Whitelist: On
 File Age = 30 Days========== File Associations ========== [HKEY_LOCAL_MACHINESOFTWAREClasses ] 
 .html [@ = Reg Error: Value does not exist or could not be read.] — Reg Error: Key does not exist or could not be opened. File not found========== Security Center Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] 
 «FirstRunDisabled»=1
 «FirewallDisableNotify»=0
 «FirewallOverride»=1
 «UpdatesDisableNotify»=1
 «UpdatesOverride»=1
 «AntiVirusDisableNotify»=1
 «AntiVirusOverride»=1
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]
 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile 
 «EnableFirewall»=0
 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplications]
 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPorts]========== Authorized Applications List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList] 
 [2008.04.15 14:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
 [2008.04.15 14:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] 
 [2008.04.15 14:00:00 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
 [2008.04.15 14:00:00 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
 [2008.04.23 15:45:34 | 22,058,792 | R— | M] (Skype Technologies S.A.) — C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinSock2Parameters] 
 NameSpace_Catalog5Catalog_Entries 00000000001 [TCP/IP] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
 NameSpace_Catalog5Catalog_Entries 00000000003 [Пространство имен службы сетевого расположения (NLA)] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
 Protocol_Catalog9Catalog_Entries 00000000001 — File not found
 Protocol_Catalog9Catalog_Entries 00000000002 — File not found
 Protocol_Catalog9Catalog_Entries 00000000003 — File not found
 Protocol_Catalog9Catalog_Entries 00000000004 — File not found
 Protocol_Catalog9Catalog_Entries 00000000005 — File not found
 Protocol_Catalog9Catalog_Entries 00000000006 — File not found
 Protocol_Catalog9Catalog_Entries 00000000007 — File not found
 Protocol_Catalog9Catalog_Entries 00000000008 — File not found
 Protocol_Catalog9Catalog_Entries 00000000009 — File not found
 Protocol_Catalog9Catalog_Entries 00000000010 — File not found
 Protocol_Catalog9Catalog_Entries 00000000011 — File not found
 Protocol_Catalog9Catalog_Entries 00000000012 — File not found
 Protocol_Catalog9Catalog_Entries 00000000013 — File not found
 Protocol_Catalog9Catalog_Entries 00000000014 — File not found
 Protocol_Catalog9Catalog_Entries 00000000015 — File not found
 Protocol_Catalog9Catalog_Entries 00000000016 — File not found
 Protocol_Catalog9Catalog_Entries 00000000017 — File not found
 Protocol_Catalog9Catalog_Entries 00000000018 — File not found
 Protocol_Catalog9Catalog_Entries 00000000019 — File not found
 Protocol_Catalog9Catalog_Entries 00000000020 — File not found
 Protocol_Catalog9Catalog_Entries 00000000021 — File not found========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] 
 [2008.04.15 14:00:00 | 01,431,552 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: подключаемый протокол])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] 
 ipp: [HKLM — No CLSID value][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers 
 [2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL ipp x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] 
 msdaipp: [HKLM — No CLSID value][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers 
 [2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaipp x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers 
 [2006.10.26 16:49:48 | 01,011,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaippoledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAIPP.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] 
 [2006.10.26 11:45:02 | 00,873,216 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] 
 [2008.04.15 14:00:00 | 01,431,552 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [ТВ: подключаемый протокол])========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters 
 [2008.05.20 17:54:45 | 26,688,512 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters 
 [2006.10.26 19:41:48 | 00,044,344 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] 
 «{10E1E87C-656C-4D08-86D6-5443D28583BE}»=TrayApp
 «{13F00518-807A-4B3A-83B0-A7CD90F3A398}»=MarketResearch
 «{1753255A-0AEB-4220-8C75-607B73F0C133}»=Copy
 «{22466889-7642-488d-AA0E-F619704CF7AB}»=DeviceDiscovery
 «{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}»=WebReg
 «{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}»=Microsoft .NET Framework 1.1 Russian Language Pack
 «{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}»=Scan
 «{3248F0A8-6813-11D6-A77B-00B0D0160060}»=Java(TM) 6 Update 6
 «{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}»=WebFldrs XP
 «{415CDA53-9100-476F-A7B2-476691E117C7}»=HP Smart Web Printing
 «{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}»=HPSSupply
 «{543E938C-BDC4-4933-A612-01293996845F}»=UnloadSupport
 «{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}»=eSupportQFolder
 «{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}»=CustomerResearchQFolder
 «{824D3839-DAA1-4315-A822-7AE3E620E528}»=VideoToolkit01
 «{8389382B-53BA-4A87-8854-91E3D80A5AC7}»=HP Photosmart Essential2.01
 «{90120000-0010-0419-0000-0000000FF1CE}»=Microsoft Software Update for Web Folders (Russian) 12
 «{90120000-0016-0000-0000-0000000FF1CE}»=Microsoft Office Excel 2007
 «{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}»=
 «{90120000-0016-0419-0000-0000000FF1CE}»=Microsoft Office Excel MUI (Russian) 2007
 «{90120000-001A-0000-0000-0000000FF1CE}»=Microsoft Office Outlook 2007
 «{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{2A33A0C2-2B09-446E-9022-1508A85ECD2D}»=
 «{90120000-001A-0419-0000-0000000FF1CE}»=Microsoft Office Outlook MUI (Russian) 2007
 «{90120000-001B-0000-0000-0000000FF1CE}»=Microsoft Office Word 2007
 «{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3520B304-0EF8-475D-8C52-47ABCCC75FC6}»=
 «{90120000-001B-0419-0000-0000000FF1CE}»=Microsoft Office Word MUI (Russian) 2007
 «{90120000-001F-0407-0000-0000000FF1CE}»=Microsoft Office Proof (German) 2007
 «{90120000-001F-0409-0000-0000000FF1CE}»=Microsoft Office Proof (English) 2007
 «{90120000-001F-0419-0000-0000000FF1CE}»=Microsoft Office Proof (Russian) 2007
 «{90120000-001F-0422-0000-0000000FF1CE}»=Microsoft Office Proof (Ukrainian) 2007
 «{90120000-002C-0419-0000-0000000FF1CE}»=Microsoft Office Proofing (Russian) 2007
 «{90120000-006E-0419-0000-0000000FF1CE}»=Microsoft Office Shared MUI (Russian) 2007
 «{9C395AAF-F3DB-FA42-2ADF-9CC22B281049}»=Nero 7 Premium
 «{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}»=Сократ Персональный 4.1
 «{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}»=HP Update
 «{AB5D51AE-EBC3-438D-872C-705C7C2084B0}»=DeviceManagementQFolder
 «{AEA07F97-9088-497c-8821-0F36BD5DC251}»=HPProductAssistant
 «{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}»=AIO_Scan
 «{B4F35A00-24FD-4fb3-BF5E-413D5423434D}»=DJ_AIO_Software_min
 «{B508B3F1-A24A-32C0-B310-85786919EF28}»=Microsoft .NET Framework 2.0 Service Pack 1
 «{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}»=SolutionCenter
 «{C1920D73-7374-49d9-8C37-58A6E49078A5}»=F2100_Help
 «{C5EF81AC-FE4C-4157-97E3-2E08B000742A}»=F2100_doccd
 «{CA50045C-5119-48e7-9BA7-6B317379857A}»=DJ_AIO_Software
 «{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}»=Microsoft .NET Framework 1.1
 «{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}»=Destination Component
 «{E2662C24-B31E-4349-A084-32EB76E8B760}»=BufferChm
 «{E548726E-F4E8-459f-BAB8-45551BC071E9}»=DJ_AIO_ProductContext
 «{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}»=Toolbox
 «{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}»=Realtek High Definition Audio Driver
 «{F1C409F0-8322-4c87-BD08-2F62777D490D}»=F2100
 «{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}»=32 Bit HP CIO Components Installer
 «{F4D0F248-2BF7-4912-814E-4FD751923838}»=Microsoft .NET Framework 2.0 Language Pack — RUS
 «{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}»=Atheros WLAN Client
 «{F72E2DDC-3DB8-4190-A21D-63883D955FE7}»=PSSWCORE
 «{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}»=HP Deskjet All-In-One Software 9.0
 «{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}»=Status
 «4_elements»=NevoSoft 4 Elements (remove only)
 «Adobe Flash Player ActiveX»=Adobe Flash Player ActiveX
 «Adobe Flash Player Plugin»=Adobe Flash Player 10 Plugin
 «Adventure Match_is1″=Adventure Match
 «Agnitum Outpost Firewall Pro_is1″=Agnitum Outpost Firewall Pro
 «AIMP2″=AIMP2
 «Amazing Jigsaw_is1″=Amazing Jigsaw
 «AmlMaple_addon»=AmlMaple
 «atelier»=NevoSoft Atelier (remove only)
 «ATI Display Driver»=ATI Display Driver
 «beach_party_craze»=NevoSoft Beach Party Craze (remove only)
 «cake_mania»=NevoSoft Cake Mania (remove only)
 «christmasville»=NevoSoft Christmasville (remove only)
 «detective_stories»=NevoSoft Detective Stories (remove only)
 «Download Master_is1″=Download Master 5.5.3.1131
 «escape_the_museum»=NevoSoft Escape The Museum (remove only)
 «EXCEL»=Microsoft Office Excel 2007
 «farm_frenzy»=NevoSoft Farm Frenzy (remove only)
 «farmcraft»=NevoSoft FarmCraft (remove only)
 «Foxit Reader»=Foxit Reader
 «Google Desktop»=Google Desktop
 «HP Imaging Device Functions»=HP Imaging Device Functions 9.0
 «HP Photosmart Essential»=HP Photosmart Essential 2.01
 «HP Solution Center & Imaging Support Tools»=HP Solution Center 9.0
 «HPExtendedCapabilities»=HP Customer Participation Program 9.0
 «jigsaw_world»=NevoSoft Jigsaw World (remove only)
 «KLiteCodecPack_is1″=K-Lite Mega Codec Pack 3.9.0
 «lara_johns»=NevoSoft Lara Johns (remove only)
 «legends_of_pirates»=NevoSoft Legends of Pirates (remove only)
 «Magic Crystals_is1″=Magic Crystals
 «magic_academy»=NevoSoft Magic Academy (remove only)
 «Mahjong Infinity 2_is1″=Mahjong Infinity 2
 «Microsoft .NET Framework 1.1 (1033)»=Microsoft .NET Framework 1.1
 «Mozilla Firefox (3.0.4)»=Mozilla Firefox (3.0.4)
 «mushroom_age»=NevoSoft Mushroom Age (remove only)
 «MyCentria»=Интернет помощник MyCentria
 «mystery_cookbook»=NevoSoft Mystery Cookbook (remove only)
 «NOD32″=Антивирусная система NOD32
 «OUTLOOK»=Microsoft Office Outlook 2007
 «Paint.NET_addon»=Paint.NET v3.31
 «Pearl Hunter_is1″=Pearl Hunter
 «posh_shop_2″=NevoSoft Posh Shop 2 (remove only)
 «poshshop»=NevoSoft PoshShop (remove only)
 «pyramid_runner»=NevoSoft Pyramid Runner (remove only)
 «QIP Infium_is1″=QIP Infium 1.0.9008 RC1
 «Skype»=Skype
 «The KMPlayer»=The KMPlayer
 «Tomb Of Giza_is1″=Tomb Of Giza
 «Total Commander»=Total Commander
 «unicorn_castle»=NevoSoft Unicorn Castle (remove only)
 «Vista Drive Icon_addon»=Vista Drive Icon
 «Vista Games»=Vista Games 1.3 XP
 «wedding_dash»=NevoSoft Wedding Dash (remove only)
 «Windows Sidebar»=Боковая панель Windows
 «WinRAR archiver»=Архиватор WinRAR
 «WORD»=Microsoft Office Word 2007
 «Веселая ферма»=Веселая ферма
 «Веселая ферма II»=Веселая ферма II
 «Луксор»=Луксор
 «Модный бутик 2. Эксклюзив»=Модный бутик 2. Эксклюзив
 «Натали Брукс. Тайна наследства»=Натали Брукс. Тайна наследства
 «Панель инструментов Webalta_is1″=Панель инструментов Webalta 1.0
 «Пляжный переполох»=Пляжный переполох
 «Помощники для зверюшек»=Помощники для зверюшек
 «Пчеловоломка»=Пчеловоломка
 «Солнечная ферма»=Солнечная ферма
 «Шерлок Холмс. Тайна персидского ковра»=Шерлок Холмс. Тайна персидского ковра
 «Яндекс.Бар для Internet Explorer_is1″=Яндекс.Бар для Internet Explorer 3.5.0========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall] 
 «Google Chrome»=Google Chrome========== HKEY_USERS Uninstall List ========== [HKEY_USERSS-1-5-21-329068152-1229272821-1177238915-500SOFTWAREMicrosoftWindowsCurrentVersionUninstall] 
 «Google Chrome»=Google Chrome========== Last 10 Event Log Errors ========== [ System Events ] 
 Error — 16.10.2008 2:39:17 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034
 Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
 (раз): 1.Error — 16.10.2008 15:59:53 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034 
 Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
 (раз): 1.Error — 17.10.2008 15:37:59 | Computer Name = MICROSOF-311F14 | Source = Service Control Manager | ID = 7034 
 Description = Служба «Outpost Firewall Service» неожиданно прервана. Это произошло
 (раз): 1.< End of report > ComboFix 08-11-23.02 — Admin 2008-11-24 20:03:02.4 — NTFSx86 
 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1268 [GMT 2:00]
 Running from: c:documents and settingsAdminРабочий столComboFix.exe
 * Created a new restore point
 * Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
 .((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))))) 
 .2008-11-23 20:45 . 2008-11-23 20:45 d 
 c:documents and settingsAdminApplication DataGaijin Ent
 2008-11-23 19:13 . 2008-11-23 19:13d 
 c:documents and settingsAdminApplication DataMeridian93
 2008-11-22 16:07 . 2008-11-22 16:07d 
 c:documents and settingsAll UsersApplication DataPlayrix Entertainment
 2008-11-21 22:36 . 2008-11-21 22:36d 
 c:documents and settingsAll UsersApplication DataEscapeTheMuseum
 2008-11-13 20:52 . 2008-11-13 20:52d 
 c:documents and settingsLocalServiceApplication DataWebalta
 2008-11-13 13:56 . 2008-11-13 13:56d 
 c:documents and settingsAdminApplication DataGames
 2008-11-13 12:57 . 2008-11-13 12:57d 
 c:documents and settingsAll UsersApplication DataFriday’s games
 2008-11-09 21:15 . 2008-11-09 21:15d 
 c:program filesTrend Micro
 2008-11-09 20:53 . 2008-11-09 20:47 102,664 —a
 c:windowssystem32driverstmcomm.sys
 2008-11-09 20:46 . 2008-11-09 20:55d 
 c:documents and settingsAdmin.housecall6.6
 2008-11-09 10:31 . 2008-11-13 23:30 632 —a
 C:settings.dat
 2008-11-08 21:26 . 2008-11-08 21:26d 
 c:documents and settingsAdminApplication DataBeezzle
 2008-11-08 20:56 . 2008-11-08 20:56d 
 c:documents and settingsAdminApplication DataBeachPartyCraze
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:program filesYandex
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:program filesCommon FilesYandex
 2008-11-08 16:04 . 2008-11-08 16:04d 
 c:documents and settingsAdminApplication DataYandex
 2008-11-08 04:38 . 2008-11-08 04:50d 
 c:documents and settingsAdminApplication DataLegends of pirates
 2008-11-02 17:49 . 2008-11-02 17:49d 
 c:program filesNevoSoft
 2008-11-02 17:39 . 2008-11-24 19:41d 
 c:program filesWebalta
 2008-11-02 17:39 . 2008-11-02 17:39d 
 c:documents and settingsAdminApplication DataWebalta
 2008-11-02 16:33 . 2008-11-02 16:33d 
 c:documents and settingsAdminApplication DataTemp App Data
 2008-11-02 16:33 . 2008-11-02 16:33d 
 c:documents and settingsAdminApplication DataMagic Academy
 2008-11-01 23:32 . 2008-11-01 23:32d 
 c:documents and settingsAll UsersApplication DataChristmasville
 2008-11-01 20:49 . 2008-11-08 22:13d 
 c:program filesИгры от NevoSoft
 2008-11-01 17:44 . 2008-11-01 17:44d 
 c:documents and settingsAll UsersApplication DataAstar Games
 2008-11-01 12:44 . 2008-11-01 12:44d 
 c:program filesMyCentria
 2008-10-26 21:27 . 2008-10-26 21:27d 
 c:documents and settingsAdminApplication DataQIP. 
 (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
 .
 2008-11-23 18:45
 d
 w c:program filesИгры
 2008-11-22 18:42
 d
 w c:program filesAIMP2
 2008-11-21 19:02
 d
 w c:program filesAlawar.ru
 2008-11-11 21:18
 d
 w c:documents and settingsAdminApplication DataSkype
 2008-11-10 18:18
 d
 w c:program filesGoogle
 2008-11-08 19:26
 d
 w c:documents and settingsAll UsersApplication DataAlawarWrapper
 2008-11-06 23:01
 d
 w c:program filesESET
 2008-10-29 17:40
 d
 w c:program filesFreeGamePick.com
 2008-10-23 13:41
 d
 w c:documents and settingsAdminApplication DataAhead
 2008-10-20 16:15
 d
 w c:program filesCommon FilesAhead
 2008-10-20 16:13
 d
 w c:program filesNero
 2008-10-20 16:06
 d
 w c:program filesAhead
 2008-10-18 09:29
 d
 w c:documents and settingsAll UsersApplication DataSandlot Games
 2008-10-18 07:15
 d
 w c:documents and settingsAll UsersApplication DataPlayFirst
 2008-10-18 07:15
 d
 w c:documents and settingsAdminApplication DataPlayFirst
 2008-10-14 16:53
 d
 w c:documents and settingsAdminApplication DataWindows Search
 2008-10-14 16:51
 d
 w c:documents and settingsAll UsersApplication DataMicrosoft Help
 2008-10-14 16:48
 d
 w c:program filesWindows Desktop Search
 2008-10-11 20:07
 d
 w c:documents and settingsAdminApplication DataMy Games
 2008-10-11 19:07
 d
 w c:documents and settingsAll UsersApplication DataNevoSoft Games
 2008-10-09 15:44
 d
 w c:program filesMyRealGames.com
 2008-10-08 09:07
 d
 w c:documents and settingsAll UsersApplication DataAlawar Stargaze
 2008-10-06 19:34
 d
 w c:program filesAskTBar
 2008-10-05 05:59
 d
 w c:documents and settingsAll UsersApplication DataВеселаяФерма2
 2008-10-02 09:39
 d
 w c:program filesThe KMPlayer
 2008-09-28 11:33
 d
 w c:documents and settingsAdminApplication Datacerasus.media
 2008-09-27 10:47
 d
 w c:documents and settingsAll UsersApplication DataEgoset
 2008-09-26 17:43
 d
 w c:documents and settingsAdminApplication DataHPAppData
 2008-09-25 13:58
 d
 w c:documents and settingsAdminApplication DataHP
 2008-09-23 09:29 270,336 —-a-w c:windowssystem32imon.dll
 .((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) 
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5}] 
 2008-11-13 20:52 738306 —a
 c:progra~1WebaltaWEBALT~2.DLL[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar] 
 «{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672]
 «{D4C56A33-3488-495B-8033-9BF834E276D8}»= «c:progra~1WebaltaWEBALT~1.DLL» [2008-11-13 1693186][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser] 
 «{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-06-02 1553672][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}] 
 [HKEY_CLASSES_ROOTYandex.Toolbar.1]
 [HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
 [HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] 
 «CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
 «VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
 «Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-01-26 3266560]
 «Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-10-20 133104]
 «BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-04-21 94208]
 «Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] 
 «AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
 «HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
 «nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-23 917504]
 «Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2006-02-13 91648]
 «OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2006-02-14 352324]
 «NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
 «Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-11-07 30192]
 «NevoDRM»=»c:program filesИгрыNevoDRMNevoDRM.exe» [2008-07-29 201728]
 «RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] 
 «CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
 «VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] 
 «IE7_011″=»shell32» [X]
 «ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]
 «IE7_012″=»advpack.dll» [2008-05-20 c:windowssystem32advpack.dll]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є 
 HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [11.03.2007 19:26:24 210520][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] 
 «NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] 
 «NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center] 
 «FirewallOverride»=dword:00000001
 «UpdatesDisableNotify»=dword:00000001
 «UpdatesOverride»=dword:00000001
 «AntiVirusDisableNotify»=dword:00000001
 «AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] 
 «EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] 
 «%windir%\Network Diagnostic\xpnetdiag.exe»=
 «%windir%\system32\sessmgr.exe»=
 «c:\Program Files\Skype\Phone\Skype.exe»=S2 WebaltaController;Webalta Controller;»c:program filesWebaltaWebaltaUpdaterService.exe» -service [14.10.2008 15:16:00 97794] 
 S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [23.09.2008 12:02:41 33600]
 S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??c:program filesAgnitumOutpost FirewallkernelARP.DLL [23.09.2008 12:02:41 17440]
 S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [23.09.2008 12:02:41 4896]
 S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [23.09.2008 12:02:41 14304]
 S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [23.09.2008 12:02:41 9024]
 S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [22.10.2008 20:46:09 30192]
 S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [23.09.2008 12:02:41 11552]
 S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [23.09.2008 12:02:41 13248]
 S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [23.09.2008 12:02:41 7200]
 S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [23.09.2008 12:02:41 14912]
 S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [23.09.2008 12:02:41 6752]
 S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [23.09.2008 12:02:41 9984]
 S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [23.09.2008 12:02:41 16960]
 S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [23.09.2008 12:02:41 9696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] 
 HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar] 
 c:windowssystem32hidec /W c:program filesWindows SidebarVAIOToolsREGTLIB.EXE «c:program filesWindows Sidebarsidebar.exe»[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}] 
 «c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}] 
 «c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}] 
 regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
 .
 Contents of the ‘Scheduled Tasks’ folder2008-11-23 c:windowsTasksGoogleUpdateTaskUser.job 
 — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-10-20 17:38]
 .
 .
 Supplementary Scan
 .
 FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles4gnh65qv.default
 FF -: plugin — c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.27npGoogleOneClick6.dll
 FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
 FF -: plugin — c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
 .************************************************************************** catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net 
 Rootkit scan 2008-11-24 20:04:19
 Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully 
 hidden files: 0************************************************************************** 
 .
 DLLs Loaded Under Running Processes
 
 — — — — — — — > ‘winlogon.exe'(728)
 c:windowssystem32SETUPAPI.dll
 c:windowssystem32Ati2evxx.dll
 c:windowssystem32cscui.dll
 c:windowssystem32COMRes.dll— — — — — — — > ‘lsass.exe'(784) 
 c:windowssystem32SETUPAPI.dll
 c:windowssystem32imon.dll
 c:program filesEsetpr_imon.dll
 .
 Completion time: 2008-11-24 20:05:00
 ComboFix-quarantined-files.txt 2008-11-24 18:04:41
 ComboFix2.txt 2008-11-13 18:37:14Pre-Run: 16 525 176 832 байт свободно 
 Post-Run: 16,842,780,672 байт свободно194 
- 
		АвторСообщения
- Для ответа в этой теме необходимо авторизоваться.
