[решено] если переустановка системы не избавила от вируса

nimrod78 · Конфигурация компьютера

вот текст

Код:

ComboFix 12-10-30.03 - колибри 30.10.2012  20:41:33.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.3326.2854 [GMT 4:00]
Running from: c:\documents and settings\ъюышсЁш\¦рсюўшщ ёЄюы\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\msxml4-KB2721691-enu.LOG
c:\windows\regopt.log
c:\windows\system32\Branded.scr
c:\windows\system32\Branded.scr.manifest
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\TZLog.log
.
.
(((((((((((((((((((((((((   Files Created from 2012-09-28 to 2012-10-30  )))))))))))))))))))))))))))))))
.
.
2012-10-28 20:58 . 2012-10-28 21:00	--------	d-----w-	C:\rsit
2012-10-25 16:43 . 2012-10-25 16:43	--------	d-----w-	C:\NVIDIA
2012-10-24 20:14 . 2012-10-25 16:12	--------	d-----w-	C:\Медиа
2012-10-24 19:15 . 2012-10-28 21:13	--------	d-----w-	C:\резерв
2012-10-23 19:54 . 2012-10-28 21:13	--------	d-----w-	C:\проба
2012-10-22 23:02 . 2012-10-28 20:58	--------	d-----r-	C:\Program Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 22:55 . 2012-07-25 10:53	24920	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-10-23 22:55 . 2012-05-25 15:38	24408	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2012-08-30 20:29 . 2010-02-01 13:44	669184	----a-w-	c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2010-01-28 18:27	61952	----a-w-	c:\windows\system32\tdc.ocx
2012-08-30 20:29 . 2010-01-28 18:27	81920	----a-w-	c:\windows\system32\ieencode.dll
2012-08-30 20:25 . 2010-01-28 18:27	370688	----a-w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2010-01-28 18:27	178176	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2009-02-10 10:29	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2008-05-15 12:59	2029568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-17 17:39 . 2012-08-17 17:39	200632	----a-w-	c:\windows\system32\klogon.dll
2012-08-13 12:49 . 2012-08-13 12:49	144344	----a-w-	c:\windows\system32\drivers\kneps.sys
2012-10-11 01:05 . 2012-10-22 19:57	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-01 13:41 . C927875EE475355CB4FC0C4DE5E01AB9 . 815616 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2010-02-01 . 5649A58CF092E47C2CCEEB9E720BE2C7 . 2119168 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-15 . 4CDEBF40AD7C2230B52BB456FE3E382F . 215040 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-02-01 . 821117550E30CC46CBD49BD981A64088 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2010-02-01 . 8E43C7B04002DFE68F3791E1F475039F . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-02-01 37376]
.
c:\documents and settings\колибри\Главное меню\Программы\Автозагрузка\
USBGuard.lnk - c:\program files\USBGuard\USBGuard.exe [2008-10-9 798720]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"Schedule"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OscarEditor"="c:\program files\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
"Microsoft Office Outlook"=c:\progra~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Vistadrv"=c:\program files\VistaDrive\vsdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
.
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [08.06.2012 11:38 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [13.08.2012 16:49 144344]
R1 Prio;Prio;c:\windows\system32\drivers\prio.sys [11.09.2007 18:50 34064]
R1 uzqwodiy;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzqwodiy.sys [26.10.2012 1:56 11264]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [24.10.2012 16:59 399432]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [27.06.2012 14:09 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [25.05.2012 19:38 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [25.07.2012 14:53 24920]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [23.10.2012 3:05 1381632]
S1 4001492drv;4001492drv;c:\windows\system32\drivers\4001492drv.sys [28.10.2012 2:46 475736]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24.10.2012 16:59 676936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24.10.2012 16:59 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [22.10.2012 23:58 115168]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
UPHClean	REG_MULTI_SZ   	UPHClean
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NewUserCustom]
2008-04-15 12:00	100352	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.chipxp.ru/
mStart Page = hxxp://www.chipxp.ru/
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{CDD1DD61-F439-482C-8524-70DEC92C976B}: NameServer = 85.175.46.122 85.175.46.130
FF - ProfilePath - c:\documents and settings\колибри\Application Data\Mozilla\Firefox\Profiles\vul31dsr.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-30 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_UJQWODIY\0000]
@DACL=(02 0000)
"Service"="ujqwodiy"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AVZ-SG Kernel Driver"
"Capabilities"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_UTQWODIY\0000]
@DACL=(02 0000)
"Capabilities"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_UZQWODIY\0000]
@DACL=(02 0000)
"Capabilities"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\Prio\prio.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\program files\Prio\prio.dll
.
Completion time: 2012-10-30  20:47:50
ComboFix-quarantined-files.txt  2012-10-30 16:47
.
Pre-Run: 46*319*783*936 байт свободно
Post-Run: 46*379*081*728 байт свободно
.
- - End Of File - - D7E7F313DE75761B22DCBD136C6DFC3B