[fredperry]

_____________________—вот лог—____________________________________________________________

ComboFix 09-06-19.01 — Administrator 20.06.2009 14:54.8 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.1023.652 [GMT 4:00]
Running from: D:ComboFix.exe
Command switches used :: D:CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesCounter-Strike 1.6cstrikeresourcebackgroundDesktop_.ini

c:windowssystem32sfcfiles.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-14 07:05 . 2009-06-14 07:05

---

d-sh—w- C:FOUND.009
2009-06-13 08:11 . 2009-06-13 08:11

---

d

---

w- c:windowsSun
2009-06-13 08:10 . 2009-06-13 08:10 410984 —-a-w- c:windowssystem32deploytk.dll
2009-06-13 08:10 . 2009-06-13 08:10

---

d

---

w- c:program filesJava
2009-06-13 08:10 . 2009-06-13 08:10

---

d

---

w- c:documents and settingsAll UsersApplication DataMcAfee
2009-06-13 08:10 . 2009-06-13 08:10 152576 —-a-w- c:documents and settingsAdministratorApplication DataSunJavajre1.6.0_14lzma.dll
2009-06-12 10:11 . 2009-06-12 10:11

---

d

---

w- c:program filesSkinAmp
2009-06-10 07:54 . 2009-06-10 07:54

---

d-sh—w- C:FOUND.008
2009-06-05 04:50 . 2002-12-10 01:17 45056 —-a-w- c:windowssystem32Whoru.dll
2009-06-05 04:50 . 2004-09-15 05:53 8576 —-a-w- c:windowssystem32driversGMFILTR.SYS
2009-06-05 04:50 . 2004-07-26 06:01 61440 —-a-w- c:windowssystem32KBHook.dll
2009-06-05 04:50 . 2003-12-30 06:02 49152 —-a-w- c:windowssystem32TaskKeyHook.dll
2009-06-05 04:50 . 2009-06-05 04:50

---

d

---

w- c:program filesScroll Mouse
2009-06-05 03:23 . 2009-06-05 03:23

---

d

---

w- c:documents and settingsAll UsersApplication DataNVIDIA
2009-06-05 03:18 . 2006-10-22 11:06 208896 —-a-w- c:windowssystem32NVUNINST.EXE
2009-06-05 03:17 . 2009-06-05 03:18

---

d

---

w- C:NVIDIA
2009-06-04 07:15 . 2009-06-04 07:15

---

d

---

w- c:documents and settingsAdministratorApplication DataWaves Audio
2009-06-04 07:12 . 2009-06-04 07:12

---

d

---

w- c:program filesWaves
2009-06-03 10:52 . 2009-06-03 10:52

---

d-sh—w- C:FOUND.007
2009-06-02 10:28 . 2009-06-02 10:28 13502 —-a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{E33350DF-0A12-4387-B6E8-128C08C0F1FF}ARPPRODUCTICON.exe
2009-06-02 03:23 . 2009-06-02 03:23

---

d

---

w- c:program filestrend micro
2009-05-30 19:04 . 2009-05-30 19:05

---

d—h—w- c:windows$hf_mig$
2009-05-29 11:31 . 2009-05-29 11:31

---

d

---

w- c:documents and settingsAdministratorApplication DataApple Computer
2009-05-29 10:25 . 2009-05-29 10:25

---

d

---

w- c:program filesQuickTime
2009-05-29 10:24 . 2009-05-29 10:24

---

d

---

w- c:documents and settingsAdministratorLocal SettingsApplication DataApple
2009-05-29 10:24 . 2009-05-29 10:24

---

d

---

w- c:documents and settingsAdministratorLocal SettingsApplication DataApple Computer
2009-05-28 13:10 . 2009-05-28 13:10

---

d

---

w- c:documents and settingsAdministratorLocal SettingsApplication DataNative Instruments
2009-05-28 13:05 . 2009-05-28 13:05

---

d

---

w- c:program filesNative Instruments
2009-05-28 13:05 . 2009-05-28 13:05

---

d

---

w- c:program filesCommon FilesNative Instruments
2009-05-28 11:43 . 2009-05-28 11:46 8 —-a-w- c:documents and settingsAll UsersApplication DataWordPadstconfig.sys
2009-05-28 11:43 . 2009-05-28 11:43

---

d

---

w- c:documents and settingsAll UsersApplication DataWordPad
2009-05-24 03:48 . 2009-06-17 20:18 480 —-a-w- C:win32.sys
2009-05-23 14:13 . 2009-05-23 14:13

---

d

---

w- c:documents and settingsAll UsersApplication DataAdobe Systems
2009-05-23 14:13 . 2009-05-23 14:13

---

d

---

w- c:program filesCommon FilesAdobe Systems Shared
2009-05-23 11:03 . 2009-05-23 11:03

---

d

---

w- c:program filesCommon FilesKV331 Audio
2009-05-23 11:03 . 2009-05-23 11:03

---

d

---

w- c:program filesCommon FilesDigidesign

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 14:39 . 2008-10-30 17:52 68960 —-a-w- c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-21 10:43 . 2009-05-21 10:43

---

d

---

w- c:program filesFAW
2009-05-20 14:34 . 2009-05-20 14:34

---

d

---

w- c:program filesu-he
2009-05-18 19:13 . 2009-05-18 19:13

---

d

---

w- c:program filesSteam
2009-05-16 18:24 . 2009-05-16 18:24

---

d

---

w- c:program filesePSXe PowerPack
2009-05-16 08:35 . 2008-10-29 07:01 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-05-16 02:28 . 2009-05-16 02:28 98304 —-a-w- c:windowssystem32CmdLineExt.dll
2009-05-14 14:35 . 2009-05-14 14:35

---

d

---

w- c:program filesPDF to Text
2009-05-14 14:18 . 2008-12-01 19:08 1206552 —sh—w- C:Sys.exe
2009-05-13 13:19 . 2009-05-13 13:19

---

d

---

w- c:program filesCommon Filesstardock
2009-05-13 13:19 . 2009-05-13 13:19

---

d

---

w- c:program filesStardock
2009-05-10 03:22 . 2009-05-10 03:22

---

d

---

w- c:program filesESET
2009-05-08 23:28 . 2009-05-08 23:28

---

d

---

w- c:program filesASIO4ALL v2
2009-05-08 23:25 . 2009-05-08 23:25

---

d

---

w- c:program filesVstPlugins
2009-05-08 23:25 . 2009-05-08 23:25

---

d

---

w- c:program filesOutsim
2009-05-08 23:24 . 2009-05-08 23:23

---

d

---

w- c:program filesImage-Line
2009-05-08 23:01 . 2009-05-08 23:01 315392 —-a-w- c:windowsHideWin.exe
2009-05-08 23:01 . 2009-05-08 23:01

---

d

---

w- c:program filesCommon FilesInstallShield
2009-05-07 19:21 . 2009-05-07 19:21 335304 —-a-w- c:windowsHelpskrulle.exe
2009-05-05 04:22 . 2008-10-29 06:31 98304 —-a-w- c:windowsDUMP3605.tmp
2009-04-27 04:23 . 2008-10-29 06:31 98304 —-a-w- c:windowsDUMP3641.tmp
2009-04-26 10:59 . 2008-12-01 17:22 1199928 —-a-w- c:windowsHelpUpdate.exe
2009-04-24 16:23 . 2008-12-01 17:39 30720 —-a-w- c:windowsHelpVNCPassView.exe
2009-04-24 16:23 . 2008-12-01 17:39 33553 —-a-w- c:windowsHelpvncpassview.zip
2009-04-24 16:23 . 2008-12-01 17:39 64000 —-a-w- c:windowsHelpmspass.exe
2009-04-24 16:23 . 2008-12-01 17:39 67127 —-a-w- c:windowsHelpmspass.zip
2009-04-24 16:23 . 2008-12-01 17:38 36864 —-a-w- c:windowsHelpPasswordFox.exe
2009-04-24 16:23 . 2008-12-01 12:48 42434 —-a-w- c:windowsHelppasswordfox.zip
2009-04-24 16:23 . 2008-12-01 04:45 42496 —-a-w- c:windowsHelpiepv.exe
2009-04-24 16:23 . 2008-12-01 04:45 49799 —-a-w- c:windowsHelpipw.zip
2009-04-20 04:47 . 2008-12-01 17:39 128000 —-a-w- c:windowsHelpChromePass.exe
2009-04-20 04:47 . 2008-12-01 17:38 132597 —-a-w- c:windowsHelpchromepass.zip
2009-04-16 13:14 . 2009-04-16 13:14 20480 —-a-w- c:windowsHelpfleu.exe
2009-04-15 06:04 . 2009-04-15 06:04 20480 —-a-w- c:windowsHelpflexqu.exe
2009-04-14 14:38 . 2009-04-14 14:38 20480 —-a-w- c:windowsHelpflexuss.exe
2009-04-13 18:42 . 2009-04-13 18:42 20480 —-a-w- c:windowsHelpflexus.exe
2009-03-11 07:00 . 2009-03-11 07:00 728760 —sh—w- c:windowssjikko2.exe
2009-03-11 08:00 . 2009-03-11 08:00 728760 —sh—w- c:windowssjikke.exe
2009-03-10 15:01 . 2009-03-10 15:01 322312 —sh—w- c:windowssystem32svcohst.exe
2009-03-10 18:35 . 2009-03-10 18:35 897336 —sh—w- c:windowssystem32calkis.exe
2008-12-30 19:32 . 2008-12-30 19:32 57344 —sh—w- c:windowssystemMSNMessengerAPI.dll
2009-02-12 21:20 . 2009-02-12 21:13 340600 —sh—w- c:windowsHelpMShelp.exe
2008-12-27 05:17 . 2008-12-01 04:35 914888 —sh—w- c:windowsHelpHelp.exe
2009-02-08 16:03 . 2009-02-08 16:03 332488 —sh—w- c:windowsHelphelp32svchost.exe
2009-03-06 18:47 . 2009-03-06 18:47 330392 —sh—w- c:windowsHelphlsvchost.exe
.

---

Sigcheck

---

[-] 2008-04-23 12:56 827392 6316C2F0C61271C8ABDFF7429174879E c:windowssystem32wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:windowsSoftwareDistributionDownload263159e92061f273983a0f9531635ce0sp3gdrwininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:windowsSoftwareDistributionDownload263159e92061f273983a0f9531635ce0sp3qfewininet.dll

[-] 2008-04-23 12:57 361344 DB0873CEE23F92FA2D7ECF6A73F082AC c:windowssystem32driverstcpip.sys

[-] 2008-04-14 08:00 1614848 D8731A102EFE55FCF78B3783F2CA4184 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-07_19.42.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-20 10:43 . 2009-06-20 10:43 16384 c:windowstempPerflib_Perfdata_3dc8.dat
— 2008-10-29 07:05 . 2009-06-07 05:47 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2008-10-29 07:05 . 2009-06-19 07:42 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2008-10-29 07:05 . 2009-06-17 14:29 16384 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2008-10-29 07:05 . 2009-06-06 10:50 16384 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2008-10-29 07:05 . 2009-06-17 14:29 16384 c:windowssystem32configsystemprofileCookiesindex.dat
— 2008-10-29 07:05 . 2009-06-06 10:50 16384 c:windowssystem32configsystemprofileCookiesindex.dat
+ 2009-06-13 08:10 . 2009-06-13 08:10 148888 c:windowssystem32javaws.exe
+ 2009-06-13 08:10 . 2009-06-13 08:10 144792 c:windowssystem32javaw.exe
+ 2009-06-13 08:10 . 2009-06-13 08:10 144792 c:windowssystem32java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«ICQ»=»c:program filesICQ6.5ICQ.exe» [2009-03-01 172792]
«Steam»=»c:program filesSteamSteam.exe» [2009-06-11 1217784]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-02-06 2021400]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-10-22 86016]
«mouseElf»=»c:progra~1SCROLL~1MouseElf.EXE» [2005-12-16 438364]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-06-13 148888]
«LTMSG»=»LTMSG.exe» — c:windowsltmsg.exe [2003-07-14 40960]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«vista_sound_register.inf»=»setupapi.dll» — c:windowssystem32setupapi.dll [2008-04-14 985088]
«aero_cursor_register.inf»=»setupapi.dll» — c:windowssystem32setupapi.dll [2008-04-14 985088]
«nltide_3″=»advpack.dll» — c:windowssystem32advpack.dll [2008-04-23 124928]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Counter-Strike 1.6\hl.exe»=
«c:\Program Files\Counter-Strike 1.6\hlds.exe»=
«d:\utorrent\uTorrent.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=

R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2/6/2009 2:23 PM 727720]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:windowssystem32driversgflmouhid.sys [8/7/2003 4:42 PM 6656]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/?clid=40316
TCP: {1B78E9BB-ABA5-4F18-AD02-F5C6D4A47362} = 213.234.192.7 85.21.192.5
FF — ProfilePath —
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 14:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionInstallerUserDataLocalSystemComponentsh–Ђ|яяяя¤•Ђ|щ•A~*]
«AB141C35E9F4BF344B9FC010BB17F68A»=»02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\Registered»
.
Completion time: 2009-06-20 14:59
ComboFix-quarantined-files.txt 2009-06-20 10:59
ComboFix2.txt 2009-06-13 07:59
ComboFix3.txt 2009-06-07 19:43

Pre-Run: 388 169 728 bytes free
Post-Run: 549 642 240 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

196 — E O F — 2009-05-30 19:05

=============================================================

но что то ничего не изменилось (

[fredperry]

здравствуйте
********************************************************** вот лог каспера *************************************************************8

---

ОТЧЕТ О ПРОВЕРКЕ KASPERSKY ONLINE SCANNER 7.0
13 Июнь 2009 г.
Операционная система: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Версия Kaspersky Online Scanner: 7.0.26.13
Последнее обновление баз: Saturday, June 13, 2009 10:03:36
Количество записей в базах: 2338930

---

Параметры проверки:
проверять, используя следующие базы: расширенные
Проверять архивы: да
Проверять почтовые базы: да

Область проверки — Мой компьютер:
A:
C:
D:
E:
F:
G:
H:

Статистика проверки:
Проверено объектов: 73136
Обнаружено угроз: 10
Обнаружено зараженных объектов: 24
Обнаружено подозрительных объектов: 0
Время проверки: 01:51:06

Имя файла / Имя угрозы / Количество угроз
C:WINDOWSsystem32sfcfiles.dll Зараженный: Trojan.Win32.Patched.fr 1
C:WINDOWSHelpmspass.zip Зараженный: not-a-virus:PSWTool.Win32.Messen.bh 1
C:WINDOWSHelpmspass.exe Зараженный: not-a-virus:PSWTool.Win32.Messen.bh 1
C:WINDOWSHelpvncpassview.zip Зараженный: not-a-virus:PSWTool.Win32.NetPass.m 1
C:WINDOWSHelpipw.zip Зараженный: not-a-virus:PSWTool.Win32.NetPass.et 1
C:WINDOWSHelpiepv.exe Зараженный: not-a-virus:PSWTool.Win32.NetPass.et 1
C:WINDOWSHelppasswordfox.zip Зараженный: not-a-virus:PSWTool.Win32.NetPass.fv 1
C:WINDOWSHelpPasswordFox.exe Зараженный: not-a-virus:PSWTool.Win32.NetPass.fv 1
C:WINDOWSHelpchromepass.zip Зараженный: not-a-virus:PSWTool.Win32.NetPass.fx 1
C:WINDOWSHelpChromePass.exe Зараженный: not-a-virus:PSWTool.Win32.NetPass.fx 1
C:WINDOWSHelpskrulle.exe Зараженный: Trojan.Win32.Delf.myl 1
C:WINDOWSHelpVNCPassView.exe Зараженный: not-a-virus:PSWTool.Win32.NetPass.m 1
C:WINDOWSHelpHelp.exe Зараженный: Trojan.Win32.Delf.lpm 1
C:WINDOWSHelpkl99.exe Зараженный: Trojan.Win32.Delf.lpm 1
C:QooboxQuarantineCProgram FilesInternet Explorermsn.exe.vir Зараженный: Trojan.Win32.Delf.mpj 1
C:QooboxQuarantineCProgram FilesInternet Explorerods.exe.vir Зараженный: Trojan.Win32.Delf.mng 1
C:Program FilesInternet Exploreripw.zip Зараженный: not-a-virus:PSWTool.Win32.NetPass.et 1
C:Program FilesInternet Exploreriepv.exe Зараженный: not-a-virus:PSWTool.Win32.NetPass.et 1
C:Program FilesInternet Explorermspass.zip Зараженный: not-a-virus:PSWTool.Win32.Messen.bh 1
C:Program FilesInternet Explorermspass.exe Зараженный: not-a-virus:PSWTool.Win32.Messen.bh 1
C:Program FilesInternet Explorervncpassview.zip Зараженный: not-a-virus:PSWTool.Win32.NetPass.m 1
C:Program FilesInternet Explorerchromepass.zip Зараженный: not-a-virus:PSWTool.Win32.NetPass.fx 1
C:Program FilesInternet ExplorerChromePass.exe Зараженный: not-a-virus:PSWTool.Win32.NetPass.fx 1
C:Program FilesInternet ExplorerVNCPassView.exe Зараженный: not-a-virus:PSWTool.Win32.NetPass.m 1

Выбранная область проверена.
********************************************************************************************************************************************

****************************************************вот лог комбофикс*******************************************************************
ComboFix 09-06-12.02 — Administrator 13.06.2009 11:54.7 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.1023.629 [GMT 4:00]
Running from: D:ComboFix.exe
Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesInternet Explorermsn.exe
c:program filesInternet ExplorerMSNMessengerAPI.dll
c:program filesInternet Explorerods.exe

c:windowssystem32sfcfiles.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-12 10:11 . 2009-06-12 10:11

---

d

---

w- c:program filesSkinAmp
2009-06-10 07:54 . 2009-06-10 07:54

---

d-sh—w- C:FOUND.008
2009-06-05 04:50 . 2002-12-10 01:17 45056 —-a-w- c:windowssystem32Whoru.dll
2009-06-05 04:50 . 2004-09-15 05:53 8576 —-a-w- c:windowssystem32driversGMFILTR.SYS
2009-06-05 04:50 . 2004-07-26 06:01 61440 —-a-w- c:windowssystem32KBHook.dll
2009-06-05 04:50 . 2003-12-30 06:02 49152 —-a-w- c:windowssystem32TaskKeyHook.dll
2009-06-05 04:50 . 2009-06-05 04:50

---

d

---

w- c:program filesScroll Mouse
2009-06-05 03:23 . 2009-06-05 03:23

---

d

---

w- c:documents and settingsAll UsersApplication DataNVIDIA
2009-06-05 03:18 . 2006-10-22 11:06 208896 —-a-w- c:windowssystem32NVUNINST.EXE
2009-06-05 03:17 . 2009-06-05 03:18

---

d

---

w- C:NVIDIA
2009-06-04 07:15 . 2009-06-04 07:15

---

d

---

w- c:documents and settingsAdministratorApplication DataWaves Audio
2009-06-04 07:12 . 2009-06-04 07:12

---

d

---

w- c:program filesWaves
2009-06-03 10:52 . 2009-06-03 10:52

---

d-sh—w- C:FOUND.007
2009-06-02 10:28 . 2009-06-02 10:28 13502 —-a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{E33350DF-0A12-4387-B6E8-128C08C0F1FF}ARPPRODUCTICON.exe
2009-06-02 03:23 . 2009-06-02 03:23

---

d

---

w- c:program filestrend micro
2009-05-30 19:04 . 2009-05-30 19:05

---

d—h—w- c:windows$hf_mig$
2009-05-29 11:31 . 2009-05-29 11:31

---

d

---

w- c:documents and settingsAdministratorApplication DataApple Computer
2009-05-29 10:25 . 2009-05-29 10:25

---

d

---

w- c:program filesQuickTime
2009-05-29 10:24 . 2009-05-29 10:24

---

d

---

w- c:documents and settingsAdministratorLocal SettingsApplication DataApple
2009-05-29 10:24 . 2009-05-29 10:24

---

d

---

w- c:documents and settingsAdministratorLocal SettingsApplication DataApple Computer
2009-05-28 13:10 . 2009-05-28 13:10

---

d

---

w- c:documents and settingsAdministratorLocal SettingsApplication DataNative Instruments
2009-05-28 13:05 . 2009-05-28 13:05

---

d

---

w- c:program filesNative Instruments
2009-05-28 13:05 . 2009-05-28 13:05

---

d

---

w- c:program filesCommon FilesNative Instruments
2009-05-28 11:43 . 2009-05-28 11:46 8 —-a-w- c:documents and settingsAll UsersApplication DataWordPadstconfig.sys
2009-05-28 11:43 . 2009-05-28 11:43

---

d

---

w- c:documents and settingsAll UsersApplication DataWordPad
2009-05-24 03:48 . 2009-06-12 15:36 480 —-a-w- C:win32.sys
2009-05-23 14:13 . 2009-05-23 14:13

---

d

---

w- c:documents and settingsAll UsersApplication DataAdobe Systems
2009-05-23 14:13 . 2009-05-23 14:13

---

d

---

w- c:program filesCommon FilesAdobe Systems Shared
2009-05-23 11:03 . 2009-05-23 11:03

---

d

---

w- c:program filesCommon FilesKV331 Audio
2009-05-23 11:03 . 2009-05-23 11:03

---

d

---

w- c:program filesCommon FilesDigidesign
2009-05-21 10:43 . 2009-05-21 10:43

---

d

---

w- c:program filesFAW
2009-05-21 10:42 . 2003-06-20 08:28 1777664 —-a-w- c:windowssystem32gdiplus.dll
2009-05-20 14:34 . 2009-05-20 14:34

---

d

---

w- c:program filesu-he
2009-05-20 07:46 . 2009-05-20 07:46

---

d

---

w- c:windowsuninstallStarplugs-Xciter
2009-05-20 07:46 . 2009-05-20 07:46

---

d

---

w- c:windowsuninstall
2009-05-18 19:13 . 2009-05-18 19:13

---

d

---

w- c:program filesSteam
2009-05-16 18:24 . 2009-05-16 18:24

---

d

---

w- c:program filesePSXe PowerPack
2009-05-16 08:52 . 2008-09-29 16:14 347136 —-a-w- c:windowsbinkw32.dll
2009-05-16 02:54 . 2009-05-16 02:54

---

d-sh—w- C:FOUND.006
2009-05-16 02:28 . 2009-05-16 02:28 98304 —-a-w- c:windowssystem32CmdLineExt.dll
2009-05-14 14:35 . 2009-05-14 14:35

---

d

---

w- c:program filesPDF to Text

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 14:39 . 2008-10-30 17:52 68960 —-a-w- c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-16 08:35 . 2008-10-29 07:01 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-05-14 14:18 . 2008-12-01 19:08 1206552 —sh—w- C:Sys.exe
2009-05-13 13:19 . 2009-05-13 13:19

---

d

---

w- c:program filesCommon Filesstardock
2009-05-13 13:19 . 2009-05-13 13:19

---

d

---

w- c:program filesStardock
2009-05-10 03:22 . 2009-05-10 03:22

---

d

---

w- c:program filesESET
2009-05-08 23:28 . 2009-05-08 23:28

---

d

---

w- c:program filesASIO4ALL v2
2009-05-08 23:25 . 2009-05-08 23:25

---

d

---

w- c:program filesVstPlugins
2009-05-08 23:25 . 2009-05-08 23:25

---

d

---

w- c:program filesOutsim
2009-05-08 23:24 . 2009-05-08 23:23

---

d

---

w- c:program filesImage-Line
2009-05-08 23:01 . 2009-05-08 23:01 315392 —-a-w- c:windowsHideWin.exe
2009-05-08 23:01 . 2009-05-08 23:01

---

d

---

w- c:program filesCommon FilesInstallShield
2009-05-07 19:21 . 2009-05-07 19:21 335304 —-a-w- c:windowsHelpskrulle.exe
2009-05-05 04:22 . 2008-10-29 06:31 98304 —-a-w- c:windowsDUMP3605.tmp
2009-04-27 04:23 . 2008-10-29 06:31 98304 —-a-w- c:windowsDUMP3641.tmp
2009-04-26 10:59 . 2008-12-01 17:22 1199928 —-a-w- c:windowsHelpUpdate.exe
2009-04-24 16:23 . 2008-12-01 17:39 30720 —-a-w- c:windowsHelpVNCPassView.exe
2009-04-24 16:23 . 2008-12-01 17:39 33553 —-a-w- c:windowsHelpvncpassview.zip
2009-04-24 16:23 . 2008-12-01 17:39 64000 —-a-w- c:windowsHelpmspass.exe
2009-04-24 16:23 . 2008-12-01 17:39 67127 —-a-w- c:windowsHelpmspass.zip
2009-04-24 16:23 . 2008-12-01 17:38 36864 —-a-w- c:windowsHelpPasswordFox.exe
2009-04-24 16:23 . 2008-12-01 12:48 42434 —-a-w- c:windowsHelppasswordfox.zip
2009-04-24 16:23 . 2008-12-01 04:45 42496 —-a-w- c:windowsHelpiepv.exe
2009-04-24 16:23 . 2008-12-01 04:45 49799 —-a-w- c:windowsHelpipw.zip
2009-04-20 04:47 . 2008-12-01 17:39 128000 —-a-w- c:windowsHelpChromePass.exe
2009-04-20 04:47 . 2008-12-01 17:38 132597 —-a-w- c:windowsHelpchromepass.zip
2009-04-19 16:36 . 2009-04-19 16:36

---

d

---

w- c:program filesICQ6.5
2009-04-16 13:14 . 2009-04-16 13:14 20480 —-a-w- c:windowsHelpfleu.exe
2009-04-15 06:04 . 2009-04-15 06:04 20480 —-a-w- c:windowsHelpflexqu.exe
2009-04-14 14:38 . 2009-04-14 14:38 20480 —-a-w- c:windowsHelpflexuss.exe
2009-04-13 18:42 . 2009-04-13 18:42 20480 —-a-w- c:windowsHelpflexus.exe
2009-03-11 07:00 . 2009-03-11 07:00 728760 —sh—w- c:windowssjikko2.exe
2009-03-11 08:00 . 2009-03-11 08:00 728760 —sh—w- c:windowssjikke.exe
2009-03-10 15:01 . 2009-03-10 15:01 322312 —sh—w- c:windowssystem32svcohst.exe
2009-03-10 18:35 . 2009-03-10 18:35 897336 —sh—w- c:windowssystem32calkis.exe
2008-12-30 19:32 . 2008-12-30 19:32 57344 —sh—w- c:windowssystemMSNMessengerAPI.dll
2009-02-12 21:20 . 2009-02-12 21:13 340600 —sh—w- c:windowsHelpMShelp.exe
2008-12-27 05:17 . 2008-12-01 04:35 914888 —sh—w- c:windowsHelpHelp.exe
2009-02-08 16:03 . 2009-02-08 16:03 332488 —sh—w- c:windowsHelphelp32svchost.exe
2009-03-06 18:47 . 2009-03-06 18:47 330392 —sh—w- c:windowsHelphlsvchost.exe
.

---

Sigcheck

---

[-] 2008-04-23 12:56 827392 6316C2F0C61271C8ABDFF7429174879E c:windowssystem32wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:windowsSoftwareDistributionDownload263159e92061f273983a0f9531635ce0sp3gdrwininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:windowsSoftwareDistributionDownload263159e92061f273983a0f9531635ce0sp3qfewininet.dll

[-] 2008-04-23 12:57 361344 DB0873CEE23F92FA2D7ECF6A73F082AC c:windowssystem32driverstcpip.sys

[-] 2008-04-14 08:00 1614848 D8731A102EFE55FCF78B3783F2CA4184 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-07_19.42.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-29 07:05 . 2009-06-13 07:33 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
— 2008-10-29 07:05 . 2009-06-07 05:47 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2008-10-29 07:05 . 2009-06-13 07:33 16384 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2008-10-29 07:05 . 2009-06-06 10:50 16384 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2008-10-29 07:05 . 2009-06-13 07:33 16384 c:windowssystem32configsystemprofileCookiesindex.dat
— 2008-10-29 07:05 . 2009-06-06 10:50 16384 c:windowssystem32configsystemprofileCookiesindex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«ICQ»=»c:program filesICQ6.5ICQ.exe» [2009-03-01 172792]
«Steam»=»c:program filesSteamSteam.exe» [2009-06-11 1217784]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-02-06 2021400]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-10-22 86016]
«mouseElf»=»c:progra~1SCROLL~1MouseElf.EXE» [2005-12-16 438364]
«LTMSG»=»LTMSG.exe» — c:windowsltmsg.exe [2003-07-14 40960]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«vista_sound_register.inf»=»setupapi.dll» — c:windowssystem32setupapi.dll [2008-04-14 985088]
«aero_cursor_register.inf»=»setupapi.dll» — c:windowssystem32setupapi.dll [2008-04-14 985088]
«nltide_3″=»advpack.dll» — c:windowssystem32advpack.dll [2008-04-23 124928]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Counter-Strike 1.6\hl.exe»=
«c:\Program Files\Counter-Strike 1.6\hlds.exe»=
«d:\utorrent\uTorrent.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=

R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2/6/2009 2:23 PM 727720]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:windowssystem32driversgflmouhid.sys [8/7/2003 4:42 PM 6656]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/?clid=40316
TCP: {1B78E9BB-ABA5-4F18-AD02-F5C6D4A47362} = 213.234.192.7 85.21.192.5
FF — ProfilePath —
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 11:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionInstallerUserDataLocalSystemComponentsh–Ђ|яяяя¤•Ђ|щ•A~*]
«AB141C35E9F4BF344B9FC010BB17F68A»=»02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\Registered»
.
Completion time: 2009-06-13 11:59
ComboFix-quarantined-files.txt 2009-06-13 07:59
ComboFix2.txt 2009-06-07 19:43

Pre-Run: 636 379 136 bytes free
Post-Run: 678 854 656 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
192 — E O F — 2009-05-30 19:05

[fredperry]

очень жду ответа

[fredperry]

вот лог

[fredperry]

Valeri — cпасибо за отклик

не помогло ❗

логи приЛОГаются

---

MOVEIT LOG

---

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
ServiceDriver sfc not found.
ServiceDriver key sfc deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E3EDD51-48FD-40F2-ACE4-0D2D9F2889AE}\ deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\MSV deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\SystemManger deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSsystem32driverssfc.sys not found.
File/Folder C:Documents and SettingsAll UsersApplication Datawxilib.dll not found.
C:Documents and SettingsAdministratorStart MenuProgramsStartuptaskmgr.exe moved successfully.
C:Documents and SettingsAdministratorStart MenuProgramsStartuptaksman.exe moved successfully.
File move failed. C:WINDOWShelphelp31svchost.exe scheduled to be moved on reboot.
C:Program FilesInternet Exploreriexplorer.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1ADMINI~1LOCALS~1TempHistoryHistory.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1ADMINI~1LOCALS~1TempCookiesindex.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1ADMINI~1LOCALS~1TempTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1ADMINI~1LOCALS~1TempJET7DB.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1ADMINI~1LOCALS~1Tempetilqs_6E5dmtGTbbejNPvli1Sp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultXUL.mfl scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaulturlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 06052009_080103

Files moved on Reboot…
C:WINDOWShelphelp31svchost.exe moved successfully.
File C:DOCUME~1ADMINI~1LOCALS~1TempJET7DB.tmp not found!
File C:DOCUME~1ADMINI~1LOCALS~1Tempetilqs_6E5dmtGTbbejNPvli1Sp not found!
C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_MAP_ moved successfully.
C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_001_ moved successfully.
C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_002_ moved successfully.
C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultCache_CACHE_003_ moved successfully.
C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaultXUL.mfl moved successfully.
C:Documents and SettingsAdministratorLocal SettingsApplication DataMozillaFirefoxProfiles95jmgls1.defaulturlclassifier3.sqlite moved successfully.

---

[fredperry]

Я ЧТО, ЧТО_ТО НЕ ТАК СДЕЛАЛ ???

[fredperry]

здравствуйте.

вот логи 2 в одном

[fredperry]

здравствуйте.

вот логи

спасибо.

[fredperry]

в смысле — включаешь Internet Explorer он 2 минуты работает — а потом ОШИБКА. он от случая к случаю. я не включал его 2 недели.

[fredperry]

вот что пишет TOTAL

Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.18.2 2008.11.18 —
AntiVir 7.9.0.31 2008.11.18 —
Authentium 5.1.0.4 2008.11.18 —
Avast 4.8.1281.0 2008.11.18 —
AVG 8.0.0.199 2008.11.18 —
BitDefender 7.2 2008.11.18 —
CAT-QuickHeal 10.00 2008.11.18 —
ClamAV 0.94.1 2008.11.18 —
DrWeb 4.44.0.09170 2008.11.18 —
eSafe 7.0.17.0 2008.11.18 —
eTrust-Vet 31.6.6214 2008.11.18 —
Ewido 4.0 2008.11.18 —
F-Prot 4.4.4.56 2008.11.18 —
F-Secure 8.0.14332.0 2008.11.18 —
Fortinet 3.117.0.0 2008.11.18 —
GData 19 2008.11.18 —
Ikarus T3.1.1.45.0 2008.11.18 —
K7AntiVirus 7.10.527 2008.11.18 —
Kaspersky 7.0.0.125 2008.11.18 —
McAfee 5437 2008.11.17 —
Microsoft 1.4104 2008.11.17 —
NOD32 3622 2008.11.18 —
Norman 5.80.02 2008.11.18 —
Panda 9.0.0.4 2008.11.18 —
PCTools 4.4.2.0 2008.11.18 —
Prevx1 V2 2008.11.18 —
Rising 21.04.12.00 2008.11.18 —
SecureWeb-Gateway 6.7.6 2008.11.18 —
Sophos 4.35.0 2008.11.18 —
Sunbelt 3.1.1801.2 2008.11.14 —
Symantec 10 2008.11.18 —
TheHacker 6.3.1.1.157 2008.11.18 —
TrendMicro 8.700.0.1004 2008.11.18 —
VBA32 3.12.8.9 2008.11.18 —
ViRobot 2008.11.18.1474 2008.11.18 —
VirusBuster 4.5.11.0 2008.11.18 —
Дополнительная информация
File size: 509440 bytes
MD5…: fad4579b18a9e134b5bac0a88874e2fd
SHA1..: cadbd606e4ccc38ebcda02bc34e77a9e18778c69
SHA256: 035dee262c139c101520ef8da5fde121901dbb8717f6a670f01d67d0377964e5
SHA512: 90f79db873f6dc563f2b51e38eff2c8fa09ea5ea1a18cd9ed58d6619058bcc2b
a88f88db17111b98a6197b3356655039241738090cb1e6d7135c877e7ae05ead
PEiD..: —
TrID..: File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x103e5e1
timedatestamp…..: 0x48027549 (Sun Apr 13 21:04:09 2008)
machinetype…….: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x70991 0x70a00 6.82 81527b9aba5399f8364dcc50f139894b
.data 0x72000 0x4e70 0x2000 6.28 fca073b60b2883dab4308d32c8083f1e
.rsrc 0x77000 0x96a8 0x9800 4.33 a222a17d3724d74d4bf13f97f05c4fbc

( 20 imports )
> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
> GDI32.dll: RemoveFontResourceW, AddFontResourceW
> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree
> msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
> NDdeApi.dll: -, -, -, —
> ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject
> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
> Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
> USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon
> WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
> WS2_32.dll: -, -, getaddrinfo

( 0 exports )

Внимание Внимание: VirusTotal является бесплатным сервисом, предложенным Hispasec Sistemas. Мы не гарантируем доступность и продолжение работы сервиса. Хотя показатель обнаружения обеспечивается использованием нескольких антивирусных программ, эти результаты НЕ гарантируют безвредность файла. В настоящее время отсутствует какое-либо решение, которое обеспечило бы 100% эффективность выявления вирусов и вредоносных программ.

---

я не пользуюсь IExplorer — он у меня просто не работает — поэтому пользуюсь firefox
спасибо.

[fredperry]

проблема такая же как я описывал в самом начале. Захожу на сайт а там все заголовки в 2 раза больше. и буквы местами перепутаны. и когда такое происходит интернет пропадает.
вот лог.[attachment=0:24ix81n6]combofix log2.txt[/attachment:24ix81n6]

спасибо.

[fredperry]

Только я обрадовался.

ОПЯТЬ ВСЁ ТОЖЕ САМОЕ. и тормозит интернет по страшному. целый день работал отлично. и тут вдруг хлоп и опять.

[fredperry]

Спасибо Вам большое.

Пока компьютер работает нормально. Только интернет иногда не может отобразить страницу. Может это просто на сайтах такая проблема ??

[fredperry]

здравствуйте.

вот лог.

ComboFix 08-11-24.01 — пппп 2008-11-25 10:58:47.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.254 [GMT 3:00]
Running from: c:интернетComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:install.exe
d:windowssystem32FOLESVR.DLL
d:windowssystem32msvcsv60.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_NPF

---

Legacy_ODBCASVC

---

Service_odbcasvc

((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 15:48 . 2008-11-25 10:54

dr-h

---

d:documents and settingsппппRecent
2008-11-24 15:48 . 2008-11-25 10:54 dr-h

---

d:documents and settingsппппRecent
2008-11-21 13:16 . 2008-11-21 13:16 d

---

d:documents and settingsAll Users.WINDOWSApplication DataSony
2008-11-21 13:07 . 2006-06-29 13:07 14,048

---

d:windowssystem32spmsg2.dll
2008-11-21 13:04 . 2008-11-21 13:04 d

---

d:documents and settingsппппApplication DataSony Setup
2008-11-20 22:59 . 2008-11-20 22:59 d

---

d:windowsSun
2008-11-20 22:59 . 2008-11-20 23:43 d

---

d:documents and settingsпппп.housecall6.6
2008-11-20 22:59 . 2008-11-20 23:43 d

---

d:documents and settingsпппп.housecall6.6
2008-11-20 22:55 . 2008-11-20 22:55 d

---

d:documents and settingsппппApplication DataMalwarebytes
2008-11-20 22:55 . 2008-11-20 22:55 d

---

d:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2008-11-20 22:38 . 2008-11-20 22:38 410,976 —a

---

d:windowssystem32deploytk.dll
2008-11-20 22:38 . 2008-11-20 22:38 73,728 —a

---

d:windowssystem32javacpl.cpl
2008-11-20 22:37 . 2008-11-20 22:37 d

---

d:documents and settingsппппApplication DataSun
2008-11-19 04:30 . 2007-09-05 23:22 289,144 —a

---

d:windowssystem32VCCLSID.exe
2008-11-19 04:30 . 2006-04-27 16:49 288,417 —a

---

d:windowssystem32SrchSTS.exe
2008-11-19 04:30 . 2008-10-01 14:51 87,552 —a

---

d:windowssystem32VACFix.exe
2008-11-19 04:30 . 2008-10-10 07:58 82,944 —a

---

d:windowssystem32o4Patch.exe
2008-11-19 04:30 . 2008-05-18 20:40 82,944 —a

---

d:windowssystem32IEDFix.exe
2008-11-19 04:30 . 2008-10-10 07:58 82,944 —a

---

d:windowssystem32IEDFix.C.exe
2008-11-19 04:30 . 2008-08-18 11:19 82,432 —a

---

d:windowssystem32404Fix.exe
2008-11-19 04:30 . 2004-07-31 17:50 51,200 —a

---

d:windowssystem32dumphive.exe
2008-11-19 04:30 . 2007-10-03 23:36 25,600 —a

---

d:windowssystem32WS2Fix.exe
2008-11-19 04:26 . 2008-11-19 04:30 3,222 —a

---

d:windowssystem32tmp.reg
2008-11-19 03:58 . 2008-11-19 03:58 1,393 —a

---

d:windowsimsins.BAK
2008-11-18 06:28 . 2008-11-18 06:28 d

---

d:documents and settingsппппApplication DataMacromedia
2008-11-18 06:04 . 2008-11-18 06:04 11 —a

---

d:windows3DShadow.INI
2008-11-18 03:10 . 2008-11-18 03:10 d

---

d:program filesCommon FilesWise Installation Wizard
2008-11-18 00:49 . 2008-11-18 00:49 d

---

d:windowssystem32bits
2008-11-18 00:36 . 2008-11-18 00:36 0 —a—-t- d:windows005435_.tmp
2008-11-17 13:46 . 2008-11-17 13:46 77,824 —a—-t- d:windowssystem32DRWEBSP.DLL
2008-11-17 07:01 . 2008-11-17 07:01 d

---

d:documents and settingsппппApplication Datavlc
2008-11-17 01:10 . 2008-11-17 01:10 552 —a

---

d:windowssystem32d3d8caps.dat
2008-11-15 19:22 . 2008-10-03 20:26 6,066,176

---

c— d:windowssystem32dllcacheieframe.dll
2008-11-15 19:22 . 2007-04-17 12:32 2,455,488

---

c— d:windowssystem32dllcacheieapfltr.dat
2008-11-15 19:22 . 2007-03-08 08:12 1,060,864

---

c— d:windowssystem32dllcacheieframe.dll.mui
2008-11-15 19:22 . 2008-08-26 11:26 459,264

---

c— d:windowssystem32dllcachemsfeeds.dll
2008-11-15 19:22 . 2008-08-26 11:26 383,488

---

c— d:windowssystem32dllcacheieapfltr.dll
2008-11-15 19:22 . 2008-08-26 11:26 267,776

---

c— d:windowssystem32dllcacheiertutil.dll
2008-11-15 19:22 . 2008-08-26 11:26 63,488

---

c— d:windowssystem32dllcacheicardie.dll
2008-11-15 19:22 . 2008-08-26 11:26 52,224

---

c— d:windowssystem32dllcachemsfeedsbs.dll
2008-11-15 19:22 . 2008-08-25 11:38 13,824

---

c— d:windowssystem32dllcacheieudinit.exe
2008-11-15 19:18 . 2008-04-14 19:10 276,992

---

d:windowssystem32wmphoto.dll
2008-11-15 19:18 . 2008-04-14 19:10 69,120

---

d:windowssystem32wlanapi.dll
2008-11-15 19:16 . 2004-08-03 22:41 1,041,536

---

d:windowssystem32drivershsfdpsp2.sys
2008-11-15 07:50 . 2008-11-15 07:50 d

---

d:program filesuTorrent
2008-11-15 07:50 . 2008-11-19 13:37 d-a

---

d:documents and settingsAll Users.WINDOWSApplication DataTEMP
2008-11-15 00:42 . 2008-11-21 08:53 d

---

d:documents and settingsппппApplication DataLavasoft
2008-11-15 00:19 . 2008-10-24 14:21 455,296

---

c— d:windowssystem32dllcachemrxsmb.sys
2008-11-15 00:13 . 2008-11-15 07:51 d—hs—- d:documents and settingsппппUserData
2008-11-15 00:13 . 2008-11-15 07:51 d—hs—- d:documents and settingsппппUserData
2008-11-14 21:09 . 2008-11-14 21:12 d

---

d:program filesEsetOnlineScanner
2008-11-11 02:19 . 2008-11-24 15:36 d

---

d:documents and settingsппппApplication DatauTorrent
2008-11-10 18:53 . 2008-11-10 18:53 d

---

d:program filesSourceTec
2008-11-10 18:53 . 2007-09-27 08:00 44,544 —a

---

d:windowssystem32msxml4a.dll
2008-11-10 11:41 . 2008-11-15 07:50 d

---

d:program filesStereo Pictures 1.0
2008-11-10 03:41 . 2008-11-25 11:02 16,986,112 —a

---

d:documents and settingsппппntuser.dat
2008-11-10 03:41 . 2008-11-25 11:02 16,986,112 —a

---

d:documents and settingsппппntuser.dat
2008-11-02 06:19 . 2008-11-02 06:19 d

---

d:documents and settingsппппApplication DataThinstall
2008-11-01 19:51 . 2008-11-15 12:54 54,156 —ah

---

d:windowsQTFont.qfn
2008-11-01 19:51 . 2008-11-01 19:51 1,409 —a

---

d:windowsQTFont.for
2008-11-01 09:30 . 2008-06-30 17:16 234,640 —a

---

d:windowssystem32driversafwcore.sys
2008-11-01 09:29 . 2008-07-11 15:41 673,920 —a

---

d:windowssystem32driversSandBox.sys
2008-11-01 09:29 . 2008-06-30 17:16 30,864 —a

---

d:windowssystem32driversafw.sys
2008-11-01 09:29 . 2007-10-25 19:17 49 —a

---

d:windowstransp.gif
2008-11-01 09:28 . 2008-11-17 13:06 d

---

d:windowssystem32Filt
2008-11-01 09:28 . 2008-11-01 09:28 d

---

d:program filesAgnitum
2008-11-01 09:28 . 2008-11-01 09:28 d

---

d:documents and settingsAll Users.WINDOWSApplication DataAgnitum
2008-11-01 03:40 . 2008-11-01 03:40 d

---

d:program filesVideoLAN
2008-10-31 22:25 . 2008-10-31 22:25 d

---

d:windowsl2schemas
2008-10-31 22:21 . 2008-10-31 22:25 d

---

d:windowsServicePackFiles
2008-10-31 20:40 . 2008-11-16 01:01 d

---

d:windowssystem32ru-ru
2008-10-31 18:38 . 2008-10-31 18:54 d

---

d:documents and settingsппппApplication DataSendSpace Wizard
2008-10-30 20:59 . 2008-11-01 03:40 d

---

d:documents and settingsппппApplication Datavlc(2)
2008-10-30 12:21 . 2008-10-30 12:56 d

---

d:documents and settingsппппApplication DataYaChatData
2008-10-30 12:20 . 2008-10-30 12:20 d

---

d:program filesYandex
2008-10-30 12:20 . 2008-11-18 00:41 d

---

d:documents and settingsппппApplication DataYandex
2008-10-30 07:11 . 2008-10-30 07:11 d

---

d:program filesLokas
2008-10-30 07:11 . 2008-10-30 07:30 44,544

---

d:windowsAWuninstall.exe
2008-10-30 06:08 . 2008-10-30 06:09 d

---

d:program filesVertus Fluid Mask 3
2008-10-30 06:08 . 2008-10-30 06:08 d

---

d:documents and settingsAll Users.WINDOWSApplication DataVertusTech
2008-10-30 06:06 . 2008-10-30 06:06 d

---

d:program filesImage Doctor
2008-10-29 07:45 . 2008-10-29 07:45 d

---

d:program filesTeleport Pro
2008-10-29 07:15 . 2004-07-17 11:35 67,866

---

d:windowssystem32driversnetwlan5.img
2008-10-29 07:12 . 2004-07-17 11:36 64,352

---

d:windowssystem32driversativmc20.cod
2008-10-29 03:02 . 2008-10-29 03:02 d

---

d:program filesMSXML 4.0
2008-10-29 00:54 . 2008-09-08 13:41 333,824

---

c— d:windowssystem32dllcachesrv.sys
2008-10-29 00:54 . 2008-06-14 20:35 272,512 —a

---

d:windowssystem32driversbthport.sys
2008-10-29 00:54 . 2008-06-14 20:35 272,512

---

c— d:windowssystem32dllcachebthport.sys
2008-10-29 00:54 . 2008-08-14 13:04 138,496

---

c— d:windowssystem32dllcacheafd.sys
2008-10-29 00:53 . 2008-08-14 16:26 2,190,976

---

c— d:windowssystem32dllcachentoskrnl.exe
2008-10-29 00:53 . 2008-08-14 16:26 2,147,328

---

c— d:windowssystem32dllcachentkrnlmp.exe
2008-10-29 00:53 . 2008-08-14 16:26 2,067,840

---

c— d:windowssystem32dllcachentkrnlpa.exe
2008-10-29 00:53 . 2008-08-14 16:26 2,025,984

---

c— d:windowssystem32dllcachentkrpamp.exe
2008-10-29 00:53 . 2008-09-15 18:27 1,846,528

---

c— d:windowssystem32dllcachewin32k.sys
2008-10-29 00:52 . 2008-05-08 17:02 203,136

---

c— d:windowssystem32dllcachermcast.sys
2008-10-29 00:51 . 2008-04-11 22:06 691,712

---

c— d:windowssystem32dllcacheinetcomm.dll
2008-10-29 00:49 . 2008-10-15 19:37 337,408

---

c— d:windowssystem32dllcachenetapi32.dll
2008-10-28 19:56 . 2008-10-30 13:14 d

---

d:documents and settingsппппApplication DataMozilla
2008-10-28 19:56 . 2008-10-28 19:56 0 —a

---

d:windowsnsreg.dat
2008-10-28 19:44 . 2005-11-17 07:46 337,320 —a

---

d:windowssystem32difxapi.dll
2008-10-28 19:44 . 2007-05-16 11:20 43,008 —a

---

d:windowssystem32driversdlkfet5b.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 10:34

---

d

---

w d:documents and settingsппппApplication DataSony
2008-11-21 10:16

---

d

---

w d:program filesSony
2008-11-21 10:03

---

d

---

w d:program filesSony Setup
2008-11-20 19:38

---

d

---

w d:program filesJava
2008-11-20 18:38

---

d

---

w d:program filesEasy FLV Converter
2008-11-20 08:59

---

d

---

w d:program filesKoolMoves
2008-11-17 14:44

---

d—h—w d:program filesInstallShield Installation Information
2008-11-17 00:50

---

d

---

w d:program filesVstPlugins
2008-11-17 00:49

---

d

---

w d:documents and settingsAll Users.WINDOWSApplication DataACD Systems
2008-11-17 00:48

---

d

---

w d:program filesCommon FilesACD Systems
2008-11-16 23:42

---

d

---

w d:documents and settingsAll Users.WINDOWSApplication DataRight Hemisphere
2008-11-15 04:51

---

d

---

w d:program filesSilent Hill 2
2008-11-15 04:50

---

d

---

w d:program filesImage-Line
2008-11-15 04:50

---

d

---

w d:program filesCommon FilesSourceTec
2008-11-10 10:12

---

d

---

w d:program filesCounter-Strike 1.6
2008-11-05 22:27

---

d

---

w d:program filesCommon FilesMacromedia
2008-11-01 00:40

---

d

---

w d:documents and settingsAll Users.WINDOWSApplication DataSmartSound Software Inc
2008-10-30 16:56

---

d

---

w d:program filesCommon FilesUlead Systems
2008-10-30 16:56

---

d

---

w d:documents and settingsAll Users.WINDOWSApplication DataUlead Systems
2008-10-30 14:36

---

d

---

w d:program filesJetAudio
2008-10-30 07:02

---

d

---

w d:program filesCommon FilesAdobe
2008-10-28 22:20

---

d

---

w d:program filesVirtualNetwork
2008-10-28 19:16

---

d

---

w d:program filesEset
2008-10-28 19:16

---

d

---

w d:documents and settingsAll Users.WINDOWSApplication DataESET
2008-10-24 11:21 455,296 —-a-w d:windowssystem32driversmrxsmb.sys
2008-10-23 15:04

---

d

---

w d:program filesWaves
2008-10-21 01:04

---

d

---

w d:program filesRoger Nichols Digital, Inc
2008-10-18 14:45

---

d

---

w d:program filesWWAYM
2008-10-04 22:11

---

d

---

w d:program filesCommon FilesStardock
2008-05-17 14:55 281 —-a-w d:documents and settingsппппApplication DataDelAll.bat
2008-01-13 18:24 94,080 —-a-w d:documents and settingsппппApplication Dataezplay.sys
2008-01-13 18:24 81,920 —-a-w d:documents and settingsппппApplication Dataezpinst.exe
2008-01-13 18:24 47,360 —-a-w d:documents and settingsппппApplication Datapcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»d:windowssystem32ctfmon.exe» [2008-04-14 15360]
«EVEREST AutoStart»=»d:program filesLavalysEVEREST Ultimate Editioneverest.exe» [2006-02-21 46080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ATICCC»=»d:program filesATI TechnologiesATI.ACEcli.exe» [2005-08-12 45056]
«NeroFilterCheck»=»d:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«ISUSPM Startup»=»d:program filesCommon FilesInstallShieldUpdateServiceisuspm.exe» [2005-08-11 249856]
«ISUSScheduler»=»d:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«Transparent»=»d:program filesTweakNow Accelerator XPTransparent.exe» [2001-10-23 17408]
«WinampAgent»=»d:program filesWinampWinampa.exe» [2006-09-01 35328]
«egui»=»d:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«SunJavaUpdateSched»=»d:program filesJavajre6binjusched.exe» [2008-11-20 136600]
«RTHDCPL»=»RTHDCPL.EXE» [2006-08-01 d:windowsRTHDCPL.EXE]
«SkyTel»=»SkyTel.EXE» [2006-05-16 d:windowsSkyTel.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»d:windowssystem32CTFMON.EXE» [2008-04-14 15360]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«MaxRecentDocs»= 11 (0xb)
«NoViewOnDrive»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyMCPClient]
2003-08-25 11:25 139264 d:program filesCommon FilesStardockMCPStub.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3ivx»= 3ivxVfWCodec.dll
«vidc.3iv2″= 3ivxVfWCodec.dll
«msacm.divxa32″= divxa32.acm
«VIDC.HFYU»= huffyuv.dll
«VIDC.VP31″= vp31vfw.dll
«VIDC.ACDV»= ACDV.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregA!K Mouse Off-road]
—a

---

2008-04-02 22:09 620032 d:program filesA!K Research LabsOff-roadOffRoad.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
—a

---

2006-08-22 09:52 94208 d:program filesCommon FilesAheadLibNMBgMonitor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaFirewall]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe»=
«c:\ИГРЫ\Q3Ademo\quake3.exe»=
«d:\Program Files\InterVideo\DVD6\WinDVD.exe»=
«d:\Program Files\Counter-Strike 1.6\hl.exe»=
«d:\Program Files\uTorrent\uTorrent.exe»=
«d:\Program Files\Counter-Strike 1.6\hltv.exe»=
«d:\Program Files\VideoLAN\VLC\vlc.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Unreal Tournament 2004\System\UT2004.exe»=

R1 epfwtdir;epfwtdir;d:windowssystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 SandBox;SandBox;d:windowssystem32DRIVERSSandBox.sys [2008-11-01 673920]
R2 litdpl;litdpl;d:windowssystem32DRIVERSlitdpl.sys [2008-02-12 4736]
R3 CLEDX;Team H2O CLEDX service;d:windowssystem32DRIVERScledx.sys [2008-05-09 33792]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;??d:program filesLavalysEVEREST Ultimate Editionkerneld.wnt [2007-12-19 11776]
S2 PTsup5;PsViatau;d:program filesTrident SoftwarePragmaptsup5.exe [2007-03-16 77824]
S3 afwcore;afwcore;d:windowssystem32driversafwcore.sys [2008-11-01 234640]
S3 ASWFilt;ASWFilt;d:windowssystem32FiltASWFilt.dll [2008-11-01 33408]
S3 ATE_PROCMON;ATE_PROCMON;??d:program filesAnti Trojan EliteATEPMon.sys []
S3 EWAVE;EWAVE;??d:windowssystem32driversew.sys []
S3 FILESPY;FILESPY;??d:windowssystem32driversFILESPY.sys []
S3 NSTATION;NSTATION;??d:windowssystem32driversnstation.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;??E:NTGLM7X.sys []

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F]
ShellAutoRuncommand — f:menumenu.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
ShellAutoRuncommand — G:autorun.exe

*Newly Created Service* — EVERESTDRIVER
.
— — — — ORPHANS REMOVED — — — —

Notify-avldr — avldr.dll

.

---

Supplementary Scan

---

.
FireFox -: Profile — d:documents and settingsппппApplication DataMozillaFirefoxProfileswydwmfza.default
FireFox -: prefs.js — STARTUP.HOMEPAGE — hxxp://www.yandex.ru/?clid=40795
FF -: plugin — d:program filesJavajre6binnew_pluginnpdeploytk.dll
FF -: plugin — d:program filesJavajre6binnew_pluginnpjp2.dll
FF -: plugin — d:program filesMozilla Firefoxpluginsnpdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 11:04:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(816)
d:windowssystem32Ati2evxx.dll
d:program filesCommon FilesStardockmcpstub.dll
.

---

Other Running Processes

---

.
d:windowssystem32ati2evxx.exe
d:program filesCommon FilesStardocksdmcp.exe
d:program filesSymantecLiveUpdateAluSchedulerSvc.exe
d:program filesEsetESET NOD32 Antivirusekrn.exe
d:program filesJavajre6binjqs.exe
d:program filesCommon FilesUlead SystemsDVDULCDRSvr.exe
d:windowssystem32wdfmgr.exe
d:windowssystem32ati2evxx.exe
d:windowssystem32wbemwmiapsrv.exe
d:program filesStardockObject DesktopIconXIconX.exe
d:program filesLavalysEVEREST Ultimate Editioneverest.bin
d:windowssystem32wpabaln.exe
.
**************************************************************************
.
Completion time: 2008-11-25 11:08:36 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-25 08:08:32

Pre-Run: 5 056 454 656 байт свободно
Post-Run: 4,960,989,184 байт свободно

283 — E O F — 2008-11-19 00:58:41

спасибо.

[fredperry]

пробовал удалять и пере устанавливать и Firewall и NOD — но это ничего не дало.
спасибо.
вот лог.

[Автор]

Сообщения