[TimP]

up

[TimP]

малавайка эти вирусы не нашла((( а вот combofix нашел)))

[TimP]

нет не пробовал((( а почему не один сканер их не удаляет?

[TimP]

еще раз проверил вот логи

ComboFix 10-01-24.03 — Администратор 25.01.2010 13:36:03.2.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.978.606 [GMT 8:00]
Running from: c:1ComboFix.exe
AV: Doctor Web Anti-Virus *On-access scanning disabled* (Outdated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
.

((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-21 08:49 . 2010-01-21 08:49 10240 —-a-w- c:windowssystem32DsrSleep.dll
2010-01-21 08:49 . 2010-01-21 08:49

---

d

---

w- c:windowsdata
2010-01-21 01:18 . 2010-01-21 01:20

---

d

---

w- c:windowssystem32Side 9 Screensaver dir
2010-01-21 01:18 . 2010-01-21 01:18 520192 —-a-w- c:windowssystem32Side 9 Screensaver.scr
2010-01-12 09:30 . 2010-01-25 05:34

---

d

---

w- C:1
2010-01-12 04:10 . 2010-01-18 07:12

---

d

---

w- C:Автодозвон
2010-01-11 01:42 . 2010-01-11 01:42

---

d

---

w- c:windowssystem32log
2010-01-11 01:09 . 2010-01-25 03:33 80604 —-a-w- c:windowssystem32prfc0419.dat
2010-01-11 01:09 . 2010-01-25 03:33 477906 —-a-w- c:windowssystem32prfh0419.dat
2009-12-29 01:22 . 2009-12-29 01:22

---

d

---

w- c:program filesAIMP2 Tools
2009-12-29 01:21 . 2009-12-29 01:21

---

d

---

w- c:documents and settingsАдминистраторLocal SettingsApplication DataYandex
2009-12-29 01:21 . 2009-12-29 01:21

---

d

---

w- c:documents and settingsАдминистраторApplication DataYandex
2009-12-29 01:21 . 2009-12-29 01:21

---

d

---

w- c:program filesYandex

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 03:33 . 2008-05-28 07:22

---

d

---

w- c:program filesTrend Micro
2010-01-21 09:00 . 2009-12-16 09:27

---

d

---

w- c:documents and settingsАдминистраторApplication DataAIMP
2010-01-21 08:52 . 2009-04-03 05:45 27 —-a-w- c:windowspopcinfo.dat
2010-01-20 00:43 . 2009-05-03 23:59

---

d

---

w- c:program filesuTorrent Ulanovka Edition
2010-01-20 00:19 . 2009-11-23 23:55 11264 —-a-w- c:windowssystem32driversuzexnjq5.sys
2010-01-20 00:16 . 2009-11-30 06:22

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2010-01-12 07:15 . 2009-04-08 04:52

---

d

---

w- c:program filesQIP
2010-01-11 03:28 . 2009-10-08 05:49

---

d

---

w- c:program filesUfasoft
2010-01-11 01:40 . 2009-11-30 02:31

---

d

---

w- c:program filesMillioner
2010-01-11 00:04 . 2009-12-11 09:59

---

d

---

w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-01-07 08:07 . 2009-11-30 06:22 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-01-07 08:07 . 2009-11-30 06:22 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-12-29 01:21 . 2009-11-26 00:39

---

d

---

w- c:program filesAIMP2
2009-12-26 07:48 . 2009-12-25 01:07

---

d

---

w- c:program filesTELESHELL
2009-12-26 00:07 . 2009-12-26 00:07

---

d

---

w- c:program filesAtmel
2009-12-26 00:06 . 2009-12-26 00:06

---

d

---

w- c:program filesJava
2009-12-26 00:06 . 2009-12-26 00:06

---

d

---

w- c:program filesCommon FilesJava
2009-12-25 09:52 . 2009-12-25 09:52 12528 —-a-w- c:documents and settingsАдминистратор.WORK-797787B3AFLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-12-22 02:48 . 2009-03-16 00:05

---

d

---

w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-12-18 06:03 . 2009-07-14 02:29

---

d

---

w- c:program filesABBYY PDF Transformer 2.0
2009-12-10 10:52 . 2009-12-10 10:52

---

d

---

w- c:documents and settingsАдминистраторApplication DataLavasoft
2009-12-10 05:35 . 2008-11-26 08:11

---

d

---

w- c:program filesRestorator 2007
2009-12-10 05:16 . 2009-12-10 02:12

---

d

---

w- c:program filesavz4
2009-12-10 03:07 . 2009-06-17 06:09

---

d

---

w- c:program filesMail.Ru
2009-12-10 03:07 . 2009-12-10 03:07

---

d

---

w- c:documents and settingsАдминистраторApplication DataMra
2009-12-10 02:13 . 2009-12-10 02:13

---

d

---

w- c:documents and settingsАдминистраторApplication DataInstallShield
2009-12-10 02:12 . 2009-12-10 02:12 23552 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}Icon78CC3BAB2.exe
2009-12-10 02:12 . 2009-12-10 02:12 23552 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}Icon78CC3BAB.exe
2009-12-10 02:12 . 2009-12-10 02:12

---

d

---

w- c:program filesLavasoft
2009-12-02 05:55 . 2009-12-02 05:55

---

d

---

w- c:documents and settingsАдминистраторApplication DataGRETECH
2009-12-02 05:53 . 2009-12-02 05:53

---

d

---

w- c:program filesGRETECH
2009-12-01 00:26 . 2009-12-01 00:26

---

d

---

w- c:documents and settingsАдминистраторApplication DataTuneUp Software
2009-12-01 00:25 . 2009-12-01 00:25

---

d

---

w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-12-01 00:24 . 2009-12-01 00:24

---

d-sh—w- c:documents and settingsAll UsersApplication Data{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-01 00:24 . 2009-06-01 02:30

---

d

---

w- c:program filesVector
2009-11-30 06:22 . 2009-11-30 06:22

---

d

---

w- c:documents and settingsАдминистраторApplication DataMalwarebytes
2009-11-30 06:22 . 2009-11-30 06:22

---

d

---

w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-11-30 00:57 . 2009-10-16 07:01

---

d

---

w- c:program filesЗоркий Глаз
2009-11-27 03:53 . 2009-11-27 03:47

---

d

---

w- c:program filesABBYY FineReader 9.0
2009-11-27 03:50 . 2009-11-27 03:50

---

d

---

w- c:program filesCommon FilesABBYY
2009-11-21 16:03 . 2006-03-01 20:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
2009-06-01 14:23 . 2009-06-01 23:06 8396649 —-a-w- c:program filesPG5.0.0.6.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Handy Backup»=»c:program filesNovosoftHandy Backuphbagent.exe» [2009-05-12 3157592]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«XLWinLock»=»c:program filesXLWinLockxllockauto.exe» [2002-10-01 190464]
«RTHDCPL»=»RTHDCPL.EXE» [2009-08-24 18702336]
«OrderReminder»=»c:program filesHewlett-PackardOrderReminderOrderReminder.exe» [2006-01-30 98304]
«OSSelectorReinstall»=»c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe» [2007-03-26 2227256]
«FlashAntivir»=»c:program filesЗоркий ГлазAntivirь.exe» [2009-09-29 515072]
«Kernel and Hardware Abstraction Layer»=»KHALMNPR.EXE» [2009-06-17 55824]
«SunJavaUpdateSched»=»c:program filesJavajre1.5.0_11binjusched.exe» [2006-12-14 75520]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

c:documents and settingsЂ¤¬Ё­Ёбва в®аѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Purrint.lnk — c:program filesPurrintPurrint.exe [2005-3-31 116224]

c:documents and settingsЂ¤¬Ё­Ёбва в®аѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Purrint.lnk — c:program filesPurrintPurrint.exe [2005-3-31 116224]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Program Neighborhood Agent.lnk — c:program filesCitrixICA Clientpnagent.exe [2006-11-8 233744]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoRecentDocsNetHood»= 1 (0x1)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\uTorrent Ulanovka Edition\utorrent.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 mv61xx;mv61xx;c:windowssystem32driversmv61xx.sys [14.10.2009 8:49 155688]
R1 uzexnjq5;AVZ-RK Kernel Driver;c:windowssystem32driversuzexnjq5.sys [24.11.2009 7:55 11264]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [06.12.2007 21:03 660768]
R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;c:program filesNovosoftHandy BackupBackupNetworkCoordinator.exe [12.05.2009 11:26 32856]
R2 SIQBOS;SIQBOS;c:program filesSIQSIQBOS.exe [28.10.2004 10:48 167936]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [09.02.2009 11:20 721904]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian — DefaultInstance;c:program filesFirebirdFirebird_1_5binfbguard.exe -s —> c:program filesFirebirdFirebird_1_5binfbguard.exe -s [?]
S2 SIQAuth;SIQAuth; [x]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [14.10.2009 8:46 1684736]
S3 FirebirdServerDefaultInstance;Firebird Server — DefaultInstance;c:program filesFirebirdFirebird_1_5binfbserver.exe -s —> c:program filesFirebirdFirebird_1_5binfbserver.exe -s [?]
S3 jesqijqk;jesqijqk; [x]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:windowssystem32driversk510bus.sys [03.12.2008 9:26 58288]
S3 mirrorv3;mirrorv3;c:windowssystem32driversrminiv3.sys [01.11.2006 4:01 3328]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:program filesUfasoftSnifferusft_sn4.sys [11.01.2010 11:28 35200]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://10.2.64.234/
uInternet Settings,ProxyServer = 10.2.64.13:3128
uInternet Settings,ProxyOverride = *.sibirtelecom.ru;10.2.64.234;
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {0548537C-455C-4FA1-99FD-236DD66ADDBD} = 87.103.161.61
TCP: {98D760A0-A493-40C0-B92F-DEE82E5ACDA9} = 10.2.64.200,10.2.64.64
.
— — — — ORPHANS REMOVED — — — —

URLSearchHooks-{83821C2B-32A8-4DD7-B6D4-44309A78E668} — c:program filesMail.RuAgentMradllnewmrasearch.dll

**************************************************************************
scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files:

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘explorer.exe'(140)
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
Completion time: 2010-01-25 13:42:21
ComboFix-quarantined-files.txt 2010-01-25 05:42
ComboFix2.txt 2010-01-25 02:24

Pre-Run: 14 454 812 672 байт свободно
Post-Run: 14 412 144 640 байт свободно

Current=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,4,5,6
— — End Of File — — DDFEC4158A0E38C4B89945768E32600F

[Автор]

Сообщения