Personal Antivirus — у меня похожая проблема

[adna]

Здравствуйте!
у меня похожая проблема:(.Разница в том что программу Malwarebytes Anti-Malware я устанавливала и запускала.Она обнаруживала этот вирус и даже якобы удалила,но не надолго: после перезагрузки он изменил своё название и появился вновь.Единственное ,что изменилось так это то что он перестал блокировать антивирус Nod32…
Пожалуйста, подскажите как его можно удалить?

P.S.программу Combofix скачала.после проерки она выдала следующее:

ComboFix 09-09-22.03 — admin 23.09.2009 22:14.4.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1251.7.1033.18.511.164 [GMT 8:00]
Running from: c:documents and settingsadminDesktopComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsadminLocal SettingsTemporary Internet Filesodyro.bin
c:documents and settingsadminLocal SettingsTemporary Internet Filesuxesymoqa.dl
c:documents and settingsadminLocal SettingsTemporary Internet Fileswezur.bat
c:documents and settingsadminLocal SettingsTemporary Internet Fileswuvum.inf
c:documents and settingsadminLocal SettingsTemporary Internet Filesyfunulyf.reg
c:documents and settingsAll UsersApplication Dataacype.inf
c:documents and settingsAll UsersApplication Dataanilaz.bat
c:documents and settingsAll UsersApplication Dataapemyfedoj.bin
c:documents and settingsAll UsersApplication Databeven.dl
c:documents and settingsAll UsersApplication Datacusebyky.inf
c:documents and settingsAll UsersApplication Dataidyzozyz.sys
c:documents and settingsAll UsersApplication Dataojurytadi.sys
c:documents and settingsAll UsersApplication Datarejenyk.dll
c:documents and settingsAll UsersApplication Datasazuvy.dl
c:documents and settingsAll UsersApplication Dataucycykylas.dl
c:documents and settingsAll UsersApplication Datavuvov.reg
c:documents and settingsAll UsersApplication Dataxigadefoz.vbs
c:documents and settingsAll UsersApplication Dataxuly.sys
c:documents and settingsAll UsersApplication Dataywavosoji.lib
c:documents and settingsAll UsersDocumentsadyxubitec.scr
c:documents and settingsAll UsersDocumentsazijyhyn.dl
c:documents and settingsAll UsersDocumentsbaxub.reg
c:documents and settingsAll UsersDocumentsbyfozisak.vbs
c:documents and settingsAll UsersDocumentscapihe.sys
c:documents and settingsAll UsersDocumentscyhi.bat
c:documents and settingsAll UsersDocumentsejehahopu.exe
c:documents and settingsAll UsersDocumentsenotojadi.dl
c:documents and settingsAll UsersDocumentsidugik.bat
c:documents and settingsAll UsersDocumentsigiwipu.bat
c:documents and settingsAll UsersDocumentsiqopaz._dl
c:documents and settingsAll UsersDocumentsiraliq.exe
c:documents and settingsAll UsersDocumentsjyxa.sys
c:documents and settingsAll UsersDocumentskosapel.bat
c:documents and settingsAll UsersDocumentsmibamote.com
c:documents and settingsAll UsersDocumentsnehof.vbs
c:documents and settingsAll UsersDocumentsocyfysi.bat
c:documents and settingsAll UsersDocumentsoqaboxu.dl
c:documents and settingsAll UsersDocumentsotyp.reg
c:documents and settingsAll UsersDocumentsovuvorux.reg
c:documents and settingsAll UsersDocumentspepu.vbs
c:documents and settingsAll UsersDocumentsrukem.bin
c:documents and settingsAll UsersDocumentsucuzyha.scr
c:documents and settingsAll UsersDocumentsxupufa.bat
c:documents and settingsAll UsersDocumentsxysyvo.scr
c:documents and settingsAll UsersDocumentsygerafeh.scr
c:documents and settingsAll UsersDocumentsywujypyvyh.bat
c:documents and settingsAll UsersDocumentsyxatile.vbs
c:documents and settingsLocalServiceApplication Dataalotefybyp.vbs
c:documents and settingsLocalServiceApplication Databagusar.vbs
c:documents and settingsLocalServiceApplication Datacalosobozu.bat
c:documents and settingsLocalServiceApplication Dataefedad.exe
c:documents and settingsLocalServiceApplication Dataibucici.bat
c:documents and settingsLocalServiceApplication Dataicuvo.ban
c:documents and settingsLocalServiceApplication Dataifire.reg
c:documents and settingsLocalServiceApplication Datailerowyhuw.inf
c:documents and settingsLocalServiceApplication Dataimijem.bin
c:documents and settingsLocalServiceApplication Dataipavakeh.reg
c:documents and settingsLocalServiceApplication Dataivypydylyx.vbs
c:documents and settingsLocalServiceApplication Datanapeni.vbs
c:documents and settingsLocalServiceApplication Dataodetodu.sys
c:documents and settingsLocalServiceApplication Dataqesaj._dl
c:documents and settingsLocalServiceApplication Dataqukaci.bat
c:documents and settingsLocalServiceApplication Datarupewo.scr
c:documents and settingsLocalServiceApplication Dataucojenygem.vbs
c:documents and settingsLocalServiceApplication Dataunygumyb.pif
c:documents and settingsLocalServiceApplication Dataybasiwoz.ban
c:documents and settingsLocalServiceApplication Datayxytahegoq.scr
c:documents and settingsLocalServiceApplication Datazonahihovy.com
c:documents and settingsLocalServiceCookiesadavyp.com
c:documents and settingsLocalServiceCookiesbisyzitewy.dl
c:documents and settingsLocalServiceCookiesbudezomak.bat
c:documents and settingsLocalServiceCookiescamyfi._dl
c:documents and settingsLocalServiceCookiesdajyquf.dat
c:documents and settingsLocalServiceCookiesebapepe._dl
c:documents and settingsLocalServiceCookiesesaconyl.bin
c:documents and settingsLocalServiceCookiesgupyjyk.dl
c:documents and settingsLocalServiceCookiesilumugyse.reg
c:documents and settingsLocalServiceCookiesiqumigat.scr
c:documents and settingsLocalServiceCookiesiwor.dll
c:documents and settingsLocalServiceCookiesjemuvo.scr
c:documents and settingsLocalServiceCookiesjiduz.db
c:documents and settingsLocalServiceCookieskomu.bin
c:documents and settingsLocalServiceCookieslore.dl
c:documents and settingsLocalServiceCookiesnelasi.scr
c:documents and settingsLocalServiceCookiesohiwutefy.vbs
c:documents and settingsLocalServiceCookiesoxufeqybur.dl
c:documents and settingsLocalServiceCookiesrehad.dl
c:documents and settingsLocalServiceCookiesribaxeru.db
c:documents and settingsLocalServiceCookiessejum.com
c:documents and settingsLocalServiceCookiestagaduxik.pif
c:documents and settingsLocalServiceCookiestolupo.exe
c:documents and settingsLocalServiceCookiestopa.sys
c:documents and settingsLocalServiceCookiesuxyhozyj.ban
c:documents and settingsLocalServiceCookiesvobabokozi.sys
c:documents and settingsLocalServiceCookiesvumecun.dll
c:documents and settingsLocalServiceCookiesvygeli.pif
c:documents and settingsLocalServiceCookieswadi.com
c:documents and settingsLocalServiceCookiesydoretimar.dat
c:documents and settingsLocalServiceCookiesysihosydeq.ban
c:documents and settingsLocalServiceLocal SettingsApplication Dataaquk.inf
c:documents and settingsLocalServiceLocal SettingsApplication Datadamovykoma.bat
c:documents and settingsLocalServiceLocal SettingsApplication Dataepyt.com
c:documents and settingsLocalServiceLocal SettingsApplication Datafehazes.ban
c:documents and settingsLocalServiceLocal SettingsApplication Datagevimy.dll
c:documents and settingsLocalServiceLocal SettingsApplication Datailobivepip.dl
c:documents and settingsLocalServiceLocal SettingsApplication Dataisevuza.com
c:documents and settingsLocalServiceLocal SettingsApplication Dataivuzy.vbs
c:documents and settingsLocalServiceLocal SettingsApplication Datajonyp._sy
c:documents and settingsLocalServiceLocal SettingsApplication Dataketufik.bat
c:documents and settingsLocalServiceLocal SettingsApplication Datamike.com
c:documents and settingsLocalServiceLocal SettingsApplication Datamucujyryge.vbs
c:documents and settingsLocalServiceLocal SettingsApplication Datanezonyjafu.sys
c:documents and settingsLocalServiceLocal SettingsApplication Dataopyby.ban
c:documents and settingsLocalServiceLocal SettingsApplication Dataputecydet.inf
c:documents and settingsLocalServiceLocal SettingsApplication Dataqynuqukyr.vbs
c:documents and settingsLocalServiceLocal SettingsApplication Datasowudotu.pif
c:documents and settingsLocalServiceLocal SettingsApplication Dataunyk.sys
c:documents and settingsLocalServiceLocal SettingsApplication Dataupiw.dll
c:documents and settingsLocalServiceLocal SettingsApplication Datausosy.reg
c:documents and settingsLocalServiceLocal SettingsApplication Datawetafi.com
c:documents and settingsLocalServiceLocal SettingsApplication Datawoliro.bat
c:documents and settingsLocalServiceLocal SettingsApplication Datawoviva.reg
c:documents and settingsLocalServiceLocal SettingsApplication Datayhygixulo.inf
c:documents and settingsLocalServiceLocal SettingsApplication Datazocehytyz.reg
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesagixy._dl
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesbido.com
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesderulur.dat
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesdogu.sys
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesdunijyjive._sy
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Fileseceqedo.vbs
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesefalo.db
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesejitare.bin
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesgehuqopicy.lib
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Fileshomud.com
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesinasi._sy
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesiqejaso.dll
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesiselon.ban
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesjelohelino.bin
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesonexywex.bat
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesovapirezel.bat
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesozyry.inf
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filespoqabuq.dl
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filestijuhyhury.reg
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesudog._dl
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesviqujiroc.com
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Fileswerigyg.lib
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Fileswugo._dl
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesxudywitet.vbs
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesybumu.pif
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesylohub.db
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesyzal.dll
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Fileszogiraf.lib
c:documents and settingsLocalServiceoashdihasidhasuidhiasdhiashdiuasdhasd
C:F.tmp
c:program filesAntivirusPro_2010
c:program filesAntivirusPro_2010AntivirusPro_2010.cfg
c:program filesAntivirusPro_2010AntivirusPro_2010.exe
c:program filesAntivirusPro_2010AVEngn.dll
c:program filesAntivirusPro_2010datadaily.cvd
c:program filesAntivirusPro_2010htmlayout.dll
c:program filesAntivirusPro_2010Microsoft.VC80.CRTMicrosoft.VC80.CRT.manifest
c:program filesAntivirusPro_2010Microsoft.VC80.CRTmsvcm80.dll
c:program filesAntivirusPro_2010Microsoft.VC80.CRTmsvcp80.dll
c:program filesAntivirusPro_2010Microsoft.VC80.CRTmsvcr80.dll
c:program filesAntivirusPro_2010pthreadVC2.dll
c:program filesAntivirusPro_2010Uninstall.exe
c:program filesAntivirusPro_2010wscui.cpl
c:program filesCommon Filesapadufa.reg
c:program filesCommon Filesaxyhyb.bat
c:program filesCommon Filescoxuw._dl
c:program filesCommon Filesdicozykad.ban
c:program filesCommon Filesedylufari.dll
c:program filesCommon Fileshaho.bin
c:program filesCommon Fileshasimipozy.sys
c:program filesCommon Fileshusejic.pif
c:program filesCommon Filesinyzykam.ban
c:program filesCommon Fileskesirog.reg
c:program filesCommon Filesmagyt.sys
c:program filesCommon Filesofuvo.bat
c:program filesCommon Filesorazuwizoc.bat
c:program filesCommon Filesosanorim.com
c:program filesCommon Filespadadaso.bat
c:program filesCommon Filespurifi.scr
c:program filesCommon Filesqegefo.inf
c:program filesCommon Filesxuzujo.bat
c:program filesCommon Filesyxezobo.reg
c:program filesCommon Filesyxude.exe
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:program filesMyCentria
c:windowsabuxety.exe
c:windowsajibuqylu.reg
c:windowsajim.exe
c:windowsamewujut.bat
c:windowsaxiki.inf
c:windowsdakamyked.pif
c:windowsegan.scr
c:windowseqiqybecyp.reg
c:windowsfoken.ban
c:windowsfutiwe.pif
c:windowsgutebypu.ban
c:windowshubo.dl
c:windowsibiwar.exe
c:windowsikenaf.sys
c:windowsimiroxoxi.inf
c:windowsipylyx.dll
c:windowsjasa.dll
c:windowsjozi.vbs
c:windowsjynijilid.inf
c:windowslaqix.reg
c:windowslopiw.sys
c:windowsodabo.vbs
c:windowspuba.bat
c:windowsrabafun.exe
c:windowsrojytu.scr
c:windowssystem32_scui.cpl
c:windowssystem32abuwopa.dl
c:windowssystem32braviax.exe
c:windowssystem32cecumadapi.bat
c:windowssystem32equvahude.inf
c:windowssystem32ezaqumola.reg
c:windowssystem32fimyratyhi.bat
c:windowssystem32iqilikonav.dll
c:windowssystem32ised.bin
c:windowssystem32lapu.scr
c:windowssystem32lino.vbs
c:windowssystem32mivenuh._dl
c:windowssystem32mofi.reg
c:windowssystem32muvasysaw.dl
c:windowssystem32qiqevy.ban
c:windowssystem32sihideryha.inf
c:windowssystem32svсhost.exe
c:windowssystem32ucawen._dl
c:windowssystem32uvyx.pif
c:windowssystem32veduzila._dl
c:windowssystem32wisdstr.exe
c:windowssystem32zazoje.dl
c:windowssystem32zoju.inf
c:windowssyxor.vbs
c:windowstopilyka.inf
c:windowstuwaryzop.ban
c:windowsugatu.sys
c:windowsugih.exe
c:windowsujigydysyg.bat
c:windowsujotoqi.dll
c:windowsukakehi.bin
c:windowsunyzato.dl
c:windowsuqozyxyda.dll
c:windowsutysejak.sys
c:windowsuxajevo.bat
c:windowsvuhinylisu.vbs
c:windowsvupag.bat
c:windowsvuqyg.pif
c:windowswehepi.sys
c:windowswiaserviv.log
c:windowswiloxaheh.bat
c:windowswyme.ban
c:windowswyvanyvu.pif
c:windowsxylaqufize.vbs
c:windowsylavax.pif
c:windowsyvoqygulu.bin
c:windowszomukyfy.sys

c:windowssystem32qmgr.dll . . . is infected!!

Infected copy of c:windowssystem32driversAGP440.sys was found and disinfected
Restored copy from — c:system volume information_restore{51FE155D-F9D4-4CB0-B822-30CCEBA24801}RP381A0426076.sys

.
((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-09-21 13:02 . 2009-09-21 13:02 17946 —-a-w- c:windowsocixa.dat
2009-09-19 15:39 . 2009-09-19 15:39 18438 —-a-w- c:windowsnurevoduvi.com
2009-09-19 13:04 . 2009-09-19 13:04 13092 —-a-w- c:windowsgukaq.dat
2009-09-18 13:59 . 2009-09-18 13:59 15692 —-a-w- c:windowssystem32ihixywy.dat
2009-09-12 14:05 . 2009-09-12 14:05 13799 —-a-w- c:windowsawijulamyh.dat
2009-09-11 13:54 . 2009-09-11 13:54 19927 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Datalarodel.dat
2009-09-11 13:53 . 2009-09-11 13:53

---

d

---

w- C:AntivirusPro_2010
2009-09-11 12:48 . 2009-09-11 12:48

---

d

---

w- c:documents and settingsadminApplication DataMalwarebytes
2009-09-11 12:48 . 2009-09-10 06:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-11 12:48 . 2009-09-11 12:48

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2009-09-11 12:48 . 2009-09-11 12:48

---

d

---

w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-09-11 12:48 . 2009-09-10 06:53 18520 —-a-w- c:windowssystem32driversmbam.sys
2009-09-09 10:52 . 2009-09-09 11:13

---

d

---

w- c:documents and settingsAll UsersApplication DataNOS
2009-09-01 16:52 . 2004-08-21 16:30 5776 —-a-r- c:windowssystem32driversslabwhnt.sys
2009-09-01 16:52 . 2004-08-21 16:30 5776 —-a-r- c:windowssystem32driversslabwh.sys
2009-09-01 16:52 . 2004-08-21 16:30 51040 —-a-r- c:windowssystem32driversslabbus.sys
2009-09-01 16:52 . 2004-08-21 16:30 47616 —-a-r- c:windowssystem32USB2k.exe
2009-09-01 16:50 . 2009-09-01 16:50

---

d

---

w- C:USB_Data_Cable
2009-09-01 16:29 . 2009-09-01 16:29

---

d

---

w- C:WUTemp
2009-08-28 14:01 . 2009-08-28 14:01 19534 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Dataenabog.dat
2009-08-28 14:01 . 2009-08-28 14:01 16861 —-a-w- c:program filesCommon Filesrolequxuta.dat
2009-08-28 11:04 . 2009-08-28 11:04

---

d

---

w- c:documents and settingsadminApplication DataPicJet
2009-08-28 10:43 . 2009-08-28 11:04

---

d

---

w- c:program filesPicJet Studio 3.3.1
2009-08-28 09:09 . 2009-08-28 09:09 16635 —-a-w- c:windowsfiwev.com
2009-08-28 08:03 . 2009-08-28 08:03 18914 —-a-w- c:windowsfuzypuwujo.com
2009-08-28 08:02 . 2009-08-28 08:02

---

d

---

w- C:PC_Antispyware2010
2009-08-27 11:09 . 2009-08-27 11:09

---

d

---

w- c:documents and settingsadminApplication DataAVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 13:43 . 2009-09-23 10:31 14848 —-a-w- c:documents and settingsLocalServiceApplication Datasvcst.exe
2009-09-23 13:43 . 2009-09-23 10:31 14848 —-a-w- c:documents and settingsLocalServiceApplication Dataseres.exe
2009-09-23 12:24 . 2007-12-27 14:14

---

d

---

w- c:documents and settingsadminApplication DataThe Bat!
2009-09-21 13:02 . 2009-09-21 13:02 19484 —-a-w- c:program filesCommon Filesarafe._sy
2009-09-21 13:02 . 2009-09-21 13:02 12787 —-a-w- c:program filesCommon Filesheqor._sy
2009-09-19 15:39 . 2009-09-19 15:39 17501 —-a-w- c:program filesCommon Filesjomivylas.lib
2009-09-19 15:39 . 2009-09-19 15:39 12036 —-a-w- c:documents and settingsAll UsersApplication Datahyqymoke.dat
2009-09-19 13:04 . 2009-09-19 13:04 16655 —-a-w- c:program filesCommon Filesjyfanyr.db
2009-09-12 14:05 . 2009-09-12 14:05 12087 —-a-w- c:program filesCommon Filesyxid.db
2009-09-11 12:21 . 2009-07-20 11:16 78 —sh—w- c:windowssystem32driversios.sys
2009-08-28 14:01 . 2009-08-28 14:01 13803 —-a-w- c:program filesCommon Filesimokive.db
2009-08-28 14:01 . 2009-08-28 14:01 11603 —-a-w- c:program filesCommon Filesbehijo.db
2009-08-27 13:06 . 2009-03-08 15:03

---

d

---

w- c:program filesNo1 Video Converter
2009-08-25 13:59 . 2002-08-29 03:13 613280 —-a-w- c:windowssystem32driversntfs.sys
2009-08-22 12:28 . 2009-08-22 12:20

---

d

---

w- c:documents and settingsadminApplication DataMra
2009-08-22 12:20 . 2009-08-22 12:20

---

d

---

w- c:program filesMail.Ru
2009-08-22 09:31 . 2009-08-22 09:31

---

d

---

w- c:program filesOpera
2009-08-22 08:35 . 2008-05-24 11:42

---

d

---

w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-08-21 08:46 . 2009-08-21 08:46 18894 —-a-w- c:windowsceram.sys
2009-08-21 08:46 . 2009-08-21 08:46 17356 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Datasywamucok.dat
2009-08-21 08:46 . 2009-08-21 08:46 15974 —-a-w- c:windowssystem32ugypanibu.scr
2009-08-21 08:46 . 2009-08-21 08:46 10999 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Dataulagibine.dat
2009-08-21 08:46 . 2009-08-21 08:46 10518 —-a-w- c:documents and settingsAll UsersApplication Datayboqy.com
2009-08-21 08:46 . 2009-08-21 08:46 17782 —-a-w- c:program filesCommon Filesutawog._sy
2009-08-21 08:46 . 2009-08-21 08:46 16072 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Dataveduhek.dll
2009-08-20 15:18 . 2009-08-20 15:18 19960 —-a-w- c:windowssystem32cyno.exe
2009-08-20 15:18 . 2009-08-20 15:18 17936 —-a-w- c:windowssystem32ehaw.exe
2009-08-20 15:18 . 2009-08-20 15:18 16950 —-a-w- c:windowssystem32uvihocub.dll
2009-08-20 15:18 . 2009-08-20 15:18 15251 —-a-w- c:windowsgiryk.dat
2009-08-20 15:18 . 2009-08-20 15:18 13707 —-a-w- c:windowssystem32erygez.pif
2009-08-20 15:18 . 2009-08-20 15:18 11151 —-a-w- c:windowssystem32gubopa.dat
2009-08-20 15:18 . 2009-08-20 15:18 10276 —-a-w- c:documents and settingsAll UsersApplication Dataizemaba.pif
2009-08-20 12:59 . 2009-08-20 12:59 15517 —-a-w- c:documents and settingsAll UsersApplication Datauzihubogac.sys
2009-08-20 12:59 . 2009-08-20 12:59 14985 —-a-w- c:windowssystem32yvyfibi.com
2009-08-20 12:59 . 2009-08-20 12:59 13966 —-a-w- c:windowscasuxosy.sys
2009-08-20 12:59 . 2009-08-20 12:59 13490 —-a-w- c:documents and settingsAll UsersApplication Dataveceky.sys
2009-08-20 12:59 . 2009-08-20 12:59 11740 —-a-w- c:documents and settingsadminApplication Datafowekimu.bin
2009-08-20 12:59 . 2009-08-20 12:59 10769 —-a-w- c:documents and settingsadminLocal SettingsApplication Dataibate.exe
2009-08-20 12:59 . 2009-08-20 12:59 18071 —-a-w- c:documents and settingsadminLocal SettingsApplication Dataabemyce.sys
2009-08-20 12:59 . 2009-08-20 12:59 15222 —-a-w- c:program filesCommon Filesqefiq.sys
2009-08-20 12:01 . 2009-08-20 12:01 15916 —-a-w- c:windowslorywi.com
2009-08-20 12:01 . 2009-08-20 12:01 15718 —-a-w- c:documents and settingsLocalServiceApplication Dataiqoqo.dat
2009-08-20 12:01 . 2009-08-20 12:01 12982 —-a-w- c:documents and settingsAll UsersApplication Datarenekuqani.pif
2009-08-20 12:01 . 2009-08-20 12:01 14006 —-a-w- c:windowslutevizo.com
2009-08-20 12:01 . 2009-08-20 12:01 12271 —-a-w- c:windowsysyxo.com
2009-08-20 12:01 . 2009-08-20 12:01 11745 —-a-w- c:program filesCommon Filesreqabajuk.bin
2009-08-20 12:01 . 2009-08-20 12:01 11485 —-a-w- c:program filesCommon Filesqakimodo.dat
2009-08-20 12:00 . 2009-08-20 12:00 11724 —-a-w- c:windowsexytopic.bin
2009-08-20 12:00 . 2009-08-20 12:00 15041 —-a-w- c:documents and settingsLocalServiceApplication Dataxajagelo.sys
2009-08-20 12:00 . 2009-08-20 12:00 12241 —-a-w- c:program filesCommon Filesjahuva.exe
2009-08-20 09:38 . 2009-08-20 09:38 15782 —-a-w- c:program filesCommon Filesuwylihivoq.exe
2009-08-20 09:38 . 2009-08-20 09:38 13997 —-a-w- c:documents and settingsadminApplication Datasyhahixos.pif
2009-08-20 09:38 . 2009-08-20 09:38 19559 —-a-w- c:program filesCommon Filesesilen.dat
2009-08-17 09:41 . 2009-02-20 11:39

---

d

---

w- c:program filesOpera7
2009-07-29 08:51 . 2008-11-22 12:25

---

d

---

w- c:documents and settingsadminApplication Datadvdcss
2009-07-26 11:40 . 2008-11-23 06:39

---

d

---

w- c:documents and settingsadminApplication DatauTorrent
2009-07-26 11:33 . 2009-03-08 13:26

---

d

---

w- c:program filesTotal Video Converter
2009-07-20 15:54 . 2007-12-27 12:18 355942 —-a-w- c:windowssystem32PerfStringBackup.TMP
.

---

Sigcheck

---

[-] 2009-08-25 13:59 . A2F8548DAFB32F16C1A4449A579C5149 . 613280 . . . . c:windowssystem32dllcachentfs.sys
[-] 2009-08-25 13:59 . A2F8548DAFB32F16C1A4449A579C5149 . 613280 . . . . c:windowssystem32driversntfs.sys

c:windowssystem32driversbeep.sys … is missing !!
c:windowssystem32wscntfy.exe … is missing !!
c:windowssystem32xmlprov.dll … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2007-03-12 153136]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2002-08-20 1511453]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-10-29 4620288]
«NvMediaCenter»=»c:windowsSystem32NvMcTray.dll» [2004-10-29 86016]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2004-12-20 33792]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-12-05 949376]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-08-22 7975608]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«BluetoothAuthenticationAgent»=»irprops.cpl» — c:windowssystem32irprops.cpl [2002-09-24 111104]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2004-05-14 67072]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-10-29 921600]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2002-08-29 13312]

c:documents and settingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng1.exe [2005-6-16 49152]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«110:TCP»= 110:TCP:svchost

R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [05.12.2008 21:09 15424]
S3 AC2003;AC2003;c:windowssystem32driversAC2003.sys [27.12.2007 21:26 4224]
S3 utexnjq5;AVZ Kernel Driver;??c:windowsSystem32Driversutexnjq5.sys —> c:windowsSystem32Driversutexnjq5.sys [?]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.com
uDefault_Search_URL =
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Загрузить используя Download &Express — c:documents and settingsadminDesktopDownload ExpressAdd_Url.htm
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
LSP: c:windowsSystem32imon.dll
Name-Space Handler: ftpHIEClickCatcher — {E131C96E-4DDB-11D4-84B8-008048B33DEA} — c:docume~1adminDesktopDOWNLO~1mdpph.dll
Name-Space Handler: httpHIEClickCatcher — {E131C96E-4DDB-11D4-84B8-008048B33DEA} — c:docume~1adminDesktopDOWNLO~1mdpph.dll
Name-Space Handler: httpsHIEClickCatcher — {E131C96E-4DDB-11D4-84B8-008048B33DEA} — c:docume~1adminDesktopDOWNLO~1mdpph.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} — hxxp://sm.kristel.ru/video/xplugLite.cab
.
— — — — ORPHANS REMOVED — — — —

HKLM-Run-Vj — c:windowssystem32svсhost.exe
AddRemove-BSPlayer1 — c:documents and settingsadminDesktopBSplayerProuninstall.exe
AddRemove-Kristel IPTV Player 1.00 — c:documents and settingsadminDesktopKristel IPTV PlayerUninstall.exe
AddRemove-MyCentria — c:program filesMyCentriaMyCentriaUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 22:25
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(384)
c:windowsSystem32ODBC32.dll

— — — — — — — > ‘lsass.exe'(448)
c:windowssystem32MSVCIRT.dll
c:windowsSystem32imon.dll
c:program filesEsetpr_imon.dll
c:windowsSystem32dssenh.dll

— — — — — — — > ‘explorer.exe'(5960)
c:program filesCommon FilesAheadLibNeroSearchBar.dll
c:program filesCommon FilesAheadLibMFC71U.DLL
c:program filesCommon FilesAheadLibBCGCBPRO860un71.dll
c:windowsSystem32ODBC32.dll
c:windowsSystem32msi.dll
c:program filesMicrosoft OfficeOFFICE11msohev.dll
.

---

Other Running Processes

---

.
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesEsetnod32krn.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe
c:program filesCommon FilesAheadLibNMIndexingService.exe
c:program filesCommon FilesAheadLibNMIndexStoreSvr.exe
c:program filesToshibaBluetooth Toshiba StackTosA2dp.exe
c:program filesToshibaBluetooth Toshiba StackTosBtHid.exe
.
**************************************************************************
.
Completion time: 2009-09-23 22:28 — machine was rebooted
ComboFix-quarantined-files.txt 2009-09-23 14:27

Pre-Run: 50 374 037 504 bytes free
Post-Run: 50 423 795 712 байт свободно

479

[adna]

вообще-то я не создавала новой темы!!! а всего лишь ответила в уже созданную пользователем ShadowOfTime и имела ввиду, что у меня схожая с ним проблема…

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

вообще-то я не создавала новой темы!!!

Для каждой отдельной проблемы нужна отдельная тема.

Необходима дополнительная проверка.
Скачайте Win32kDiag с одного из следующих ресурсов 1, 2 or 3.

Дважды кликните по файлу Win32kDiag.exe для запуска Win32kDiag.
Откроется черное окошко, когда в нём появится надпись «Finished! Press any key to exit…», нажмите любую клавишу для закрытия окна. На вашем рабочем столе должен появится файл Win32kDiag.txt.

Вставьте содержимое файла Win32kDiag.txt в ваш ответ.

И ещё.
Кликните Пуск -> Выполнить
В строке ввода введите notepad и нажмите Enter.
Вствавьте в блокнот следующий текст:

dir C:WINDOWSntfs.sys C:WINDOWSbeep.sys C:WINDOWSagp440.sys C:WINDOWSscecli.dll C:WINDOWSnetlogon.dll C:WINDOWSeventlog.dll C:Windowscngaudit.dll /a h /s > file.txt

Кликните Файл, Сохранить как.
Смените тип файла на: Все файлы.
Введите имя файла find_file.bat и кликните Ok.
Сохраните файл на ваш рабочий стол.
Закройте блокнот.
Дважды кликните по созданному нами файлу find_file.bat.
По-завершению работы на рабочем столе появится файл File.txt, вставьте так же его содержимое в ваш ответ.

[adna]

Running from: C:Documents and SettingsadminDesktopWin32kDiag.exe

Log file at : C:Documents and SettingsadminDesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching ‘C:WINDOWS’…

Finished!

’®¬ ў гбва®©б⢥ C ­Ґ Ё¬ҐҐв ¬ҐвЄЁ.
‘ҐаЁ©­л© ­®¬Ґа ⮬ : C436-42D6

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSERDNTcache

17.08.2001 14:58 25я472 AGP440.sys

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSERDNTcache

29.08.2002 12:41 174я592 scecli.dll

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSERDNTcache

29.08.2002 12:41 399я360 netlogon.dll

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSERDNTcache

29.08.2002 12:40 49я152 eventlog.dll
4 д ©«®ў 648я576 Ў ©в

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32

29.08.2002 12:41 174я592 scecli.dll

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32

29.08.2002 12:41 399я360 netlogon.dll

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32

29.08.2002 12:40 49я152 eventlog.dll
3 д ©«®ў 623я104 Ў ©в

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32dllcache

25.08.2009 21:59 613я280 ntfs.sys

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32dllcache

25.09.2009 22:07 77я536 agp440.sys

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32dllcache

29.08.2002 12:41 174я592 scecli.dll

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32dllcache

29.08.2002 12:41 399я360 netlogon.dll

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32dllcache

29.08.2002 12:40 49я152 eventlog.dll
5 д ©«®ў 1я313я920 Ў ©в

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32drivers

25.08.2009 21:59 613я280 ntfs.sys

‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:WINDOWSsystem32drivers

25.09.2009 22:07 77я536 AGP440.sys
2 д ©«®ў 690я816 Ў ©в

[Admin]

Скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.

* Дважды кликните по скачанному файлу.
* Если у вас есть файрвал (firewall) и он покажет, что программа RSIT пытается выйти в Интернет, то разрешите ей.
* Кликните по кнопке Continue.
* Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).

Вставьте оба RSIT лога в ваш ответ. Каждый лог в отдельное сообщение.

[Автор]

Сообщения