[victorlan]

Спасибо за помощь !
Проблема решена … ПЕРЕУСТАНОВКОЙ СИСТЕМЫ !!!

З.Ы. хреновый вы специалист …

[victorlan]

ComboFix 09-02-21.01 — Администратор 2009-02-23 9:00:42.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1014.607 [GMT 2:00]
Running from: e:my_installAntiComboFix.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.

2009-02-17 10:19 . 2009-02-17 10:20

d

---

C:rsit
2009-02-17 10:19 . 2009-02-23 08:52 d

---

c:program filestrend micro
2009-02-17 09:16 . 2009-02-18 14:50 d

---

c:documents and settingsАдминистратор.ZHMCZ.001Application DataThe Bat!
2009-02-17 09:13 . 2009-02-17 09:20 d—hs—- C:RECYCLER(2)
2009-02-17 09:06 . 2009-02-18 10:05 5,767,168 —a

---

c:documents and settingsАдминистратор.ZHMCZ.001ntuser.dat
2009-02-17 09:06 . 2009-02-18 10:05 5,767,168 —a

---

c:documents and settingsАдминистратор.ZHMCZ.001ntuser.dat
2009-02-17 08:29 . 2009-02-17 08:29 d

---

c:program filesWebMoney Agent
2009-02-17 08:15 . 2009-02-17 08:29 d

---

c:documents and settingsАдминистратор.ZHMCZ.001Application DataWebMoney
2009-02-17 08:13 . 2009-02-17 08:29 d

---

c:program filesWebMoney
2009-02-17 08:13 . 2009-02-20 12:16 d-a

---

c:documents and settingsAll UsersApplication DataTEMP
2009-02-12 10:15 . 2009-02-12 10:15 d

---

c:program filesPokerStrategy
2009-02-11 17:22 . 2009-02-11 17:22 d

---

c:program filesCombined Community Codec Pack
2009-02-09 14:50 . 2009-02-12 14:59 d

---

c:documents and settingsАдминистратор.ZHMCZ.001Application DataBitTorrent
2009-02-09 14:49 . 2009-02-20 15:13 d

---

c:program filesDNA
2009-02-09 14:49 . 2009-02-09 14:49 d

---

c:program filesBitTorrent
2009-02-09 14:49 . 2009-02-23 09:00 d

---

c:documents and settingsАдминистратор.ZHMCZ.001Application DataDNA
2009-02-05 15:51 . 2009-02-06 15:17 d

---

c:program filesPokerStars.NET
2009-02-03 16:56 . 2009-02-03 16:56 d

---

c:documents and settingsАдминистратор.ZHMCZ.001Application DataLeadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 16:04

---

d

---

w c:documents and settingsАдминистратор.ZHMCZ.001Application DataVso
2009-02-17 07:58

---

d

---

w c:program filesRadmin
2009-01-22 16:24

---

d

---

w c:documents and settingsАдминистратор.ZHMCZ.001Application DataAdobeUM
2009-01-09 08:31

---

d

---

w c:program filesDVDFab Platinum 3
2009-01-09 08:20

---

d

---

w c:documents and settingsAll UsersApplication Datavsosdk
2009-01-07 15:10

---

d

---

w c:program filesCommon FilesINCA Shared
2008-12-29 14:46

---

d

---

w c:program filesWinamp
2008-12-26 13:00

---

d

---

w c:program filesAlawar.ru
2008-12-26 12:55

---

d

---

w c:documents and settingsAll UsersApplication DataAlawarWrapper
2008-12-23 12:02

---

d

---

w c:program filesQIP Infium
2008-10-28 07:13 47,360 —-a-w c:documents and settingsАдминистратор.ZHMCZ.001Application Datapcouffin.sys
2008-06-05 06:10 16,688 —-a-w c:documents and settingsАдминистратор.ZHMCZ.001Application DataGDIPFONTCACHEV1.DAT
.

---

Sigcheck

---

2008-04-25 16:42 584192 371c41f777924f3ea3bfad18c6a04502 c:windowssystem32user32.dll

2008-04-24 01:22 361344 eaec6ea32bdabd7622371c10b8d68a17 c:windowssystem32driverstcpip.sys

2008-04-25 16:38 2165248 60d59d502589f1c0459fddb5fc22b161 c:windowssystem32ntkrnlpa.exe

2008-04-23 18:42 2286592 7668e176f08b158d7ef2a17d8eb2b8d3 c:windowssystem32ntoskrnl.exe

2008-04-25 16:41 1597952 a0f98bb46beeaf2a94593ff9ab856a80 c:windowsexplorer.exe

2008-04-25 16:41 17408 0ce07543b08fd1e209d99d504076102b c:windowssystem32ctfmon.exe

2008-04-25 16:42 123904 7477564ec8aa190d95a7f3fbb6471f4f c:windowssystem32wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-25 17408]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096]
«CursorXP»=»c:program filesCursorXPCursorXP.exe» [2005-01-19 128000]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2007-07-02 220544]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2009-02-09 342848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-04-20 142104]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-04-20 162584]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-04-20 138008]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-05-26 949376]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«RTHDCPL»=»RTHDCPL.EXE» [2007-04-10 c:windowsRTHDCPL.exe]
«SkyTel»=»SkyTel.EXE» [2007-04-04 c:windowsSkyTel.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-25 17408]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096]

c:documents and settingsЂ¤¬Ё­Ёбва в®а.ZHMCZ.001ѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
UserGate.lnk — f:usergateUserGate.exe [2003-08-18 2116608]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
BTTray.lnk — c:program filesD-LinkBluetooth SoftwareBTTray.exe [2006-04-12 643133]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 83360]
REG_NT_BUH.lnk — c:buh_winREG_NT.bat [2008-06-02 0]
REG_NT_FIN.lnk — c:finreg_nt.bat [2008-06-06 0]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«msacm.divxa32″= divxa32.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv
«VIDC.FFDS»= c:progra~1COMBIN~1FiltersFFDShowff_vfw.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«e:\my_Install\Internet_Tool\QIP8010\qip.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«f:\UserGate\UserGate.exe»=
«c:\EnterSystem\programlauncher.exe»=
«d:\R2Online\r2.exe»=
«d:\R2Online\R2Client.exe»= d:\R2Online\R2Client.exe
«c:\Program Files\BitTorrent\bittorrent.exe»=

R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2008-05-26 15424]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:windowssystem32driversl151x86.sys [2008-05-26 39424]
S3 kvpndev;Kerio VPN adapter;c:windowssystem32driverskvpndrv.sys [2007-12-07 65024]
S3 kwflower;Kerio WinRoute Firewall Driver — Lower Layer;c:windowssystem32DRIVERSkwflower.sys —> c:windowssystem32DRIVERSkwflower.sys [?]

— Other Services/Drivers In Memory —

*Deregistered* — msclcosd
*Deregistered* — msjmksd
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
IE: &Отправить на устройство Bluetooth… — c:program filesD-LinkBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:windowssystem32imon.dll
TCP: {53D4B95B-4558-430A-AD5E-8294D5C86EBB} = 10.1.77.35
TCP: {69F93D05-92AE-4D89-8EC2-499A7EAA254D} = 212.1.108.2,195.230.150.70
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 09:01:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(524)
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll

— — — — — — — > ‘lsass.exe'(580)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-02-23 9:02:08
ComboFix-quarantined-files.txt 2009-02-23 07:01:57
ComboFix2.txt 2009-02-17 07:47:19

Pre-Run: 15,870,615,552 байт свободно
Post-Run: 15,891,632,128 байт свободно

165

[victorlan]

Ну что спецы ? что скажите ?

[Автор]

Сообщения