[решено] Не запускается проверка диска

sm1t · Отправлено: **14:32, 12-02-2009** | #11

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\E25A~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_162605

Files moved on Reboot...
C:\DOCUME~1\E25A~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\Антон\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

sm1t · Отправлено: **15:04, 12-02-2009** | #12

SDFix: Version 1.240
Run by Ђ¤¬Ё*Ёбва*в®а on 12.02.2009 at 16:50

Microsoft Windows XP [‚ҐабЁп 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 17:02:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Антон\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:зTorrent"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\KVIrc\\kvirc.exe"="C:\\Program Files\\KVIrc\\kvirc.exe:*:Enabled:K Visual IRC Client Executable"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.000"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.000:*:Enabled:BlueSoleil"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\ЂбмЈ®6.5\\ICQ6.5\\ICQ.exe"="C:\\Program Files\\ЂбмЈ®6.5\\ICQ6.5\\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\43a5cd99c5a1bc18709a2b4bef165658\BIT1.tmp"

Finished!

sm1t · Отправлено: **16:07, 12-02-2009** | #13

Malwarebytes' Anti-Malware 1.33
Версия базы данных: 1654
Windows 5.1.2600 Service Pack 2

12.02.2009 18:03:58
mbam-log-2009-02-12 (18-03-58).txt

Тип проверки: Полная (C:\|)
Проверено объектов: 117449
Прошло времени: 44 minute(s), 45 second(s)

Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 3

Заражено процессов в памяти:
(Вредоносные программы не обнаружены)

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
(Вредоносные программы не обнаружены)

Заражено значений реестра:
(Вредоносные программы не обнаружены)

Заражено параметров реестра:
(Вредоносные программы не обнаружены)

Заражено папок:
(Вредоносные программы не обнаружены)

Заражено файлов:
C:\Documents and Settings\Антон\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msqpdxxvklrrdk.dll (Trojan.Agent) -> Not selected for removal.
C:\WINDOWS\system32\drivers\msqpdxkwnthqlt.sys (Trojan.Agent) -> Not selected for removal.
Первый файл удалил, а остальные что-то не рискнул. Что с ними делать?

akok · Отправлено: **17:19, 12-02-2009** | #14

Цитата sm1t:

Первый файл удалил, а остальные что-то не рискнул. Что с ними делать? »

Удалить

Еще один лог пропустили (ComboFix)

sm1t · Отправлено: **17:28, 12-02-2009** | #15

Код:

ComboFix 09-02-11.03 - Антон 2009-02-12 18:28:26.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1251.1.1049.18.255.118 [GMT 5:00]
Running from: c:\documents and settings\Антон\Рабочий стол\ComboFix.exe
Command switches used :: c:\documents and settings\Антон\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\msqpdxkwnthqlt.sys
c:\windows\system32\msqpdxxvklrrdk.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS


(((((((((((((((((((((((((   Files Created from 2009-01-12 to 2009-02-12  )))))))))))))))))))))))))))))))
.

2009-02-12 17:11 . 2009-02-12 17:11	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2009-02-12 17:11 . 2009-02-12 17:11	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 17:11 . 2009-02-12 17:11	<DIR>	d--------	c:\documents and settings\Антон\Application Data\Malwarebytes
2009-02-12 17:11 . 2009-01-14 16:11	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 17:11 . 2009-01-14 16:11	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2009-02-12 17:03 . 2009-02-12 17:03	<DIR>	d--hs----	c:\documents and settings\Антон\Recent
2009-02-12 17:03 . 2009-02-12 17:03	<DIR>	d--hs----	c:\documents and settings\Антон\Recent
2009-02-12 16:26 . 2009-02-12 16:26	<DIR>	d--------	C:\_OTMoveIt
2009-02-11 22:39 . 2009-02-11 22:39	<DIR>	d--hs----	C:\found.000
2009-02-11 18:07 . 2008-10-20 13:54	<DIR>	dr-h-----	c:\documents and settings\Администратор.ANTON.000\SendTo
2009-02-11 18:07 . 2008-10-20 13:54	<DIR>	dr-h-----	c:\documents and settings\Администратор.ANTON.000\SendTo
2009-02-11 18:07 . 2009-02-11 18:08	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\Recent
2009-02-11 18:07 . 2009-02-11 18:08	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\Recent
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\PrintHood
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\PrintHood
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\NetHood
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\NetHood
2009-02-11 18:07 . 2009-02-12 18:29	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\Local Settings
2009-02-11 18:07 . 2009-02-12 18:29	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\Local Settings
2009-02-11 18:07 . 2009-02-12 16:47	<DIR>	d---s----	c:\documents and settings\Администратор.ANTON.000\Cookies
2009-02-11 18:07 . 2009-02-12 16:47	<DIR>	d---s----	c:\documents and settings\Администратор.ANTON.000\Cookies
2009-02-11 18:07 . 2009-02-11 19:28	<DIR>	d---s----	c:\documents and settings\Администратор.ANTON.000\Application Data\Microsoft
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	dr-h-----	c:\documents and settings\Администратор.ANTON.000\Application Data
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	dr-h-----	c:\documents and settings\Администратор.ANTON.000\Application Data
2009-02-11 18:07 . 2008-10-20 13:51	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\Шаблоны
2009-02-11 18:07 . 2008-10-20 13:51	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON.000\Шаблоны
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON.000\Рабочий стол
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON.000\Рабочий стол
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON.000\Мои документы
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON.000\Мои документы
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	dr-------	c:\documents and settings\Администратор.ANTON.000\Главное меню
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	dr-------	c:\documents and settings\Администратор.ANTON.000\Главное меню
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON.000\Избранное
2009-02-11 18:07 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON.000\Избранное
2009-02-11 18:07 . 2009-02-11 18:07	<DIR>	d--------	c:\documents and settings\Администратор.ANTON.000
2009-02-11 18:07 . 2009-02-12 16:54	786,432	--ah-----	c:\documents and settings\Администратор.ANTON.000\NTUSER.DAT
2009-02-11 18:07 . 2009-02-12 16:54	786,432	--ah-----	c:\documents and settings\Администратор.ANTON.000\NTUSER.DAT
2009-02-11 17:21 . 2008-10-20 13:54	<DIR>	dr-h-----	c:\documents and settings\Администратор.ANTON\SendTo
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON\Recent
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON\PrintHood
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON\NetHood
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON\Local Settings
2009-02-11 17:21 . 2009-02-12 16:21	<DIR>	d---s----	c:\documents and settings\Администратор.ANTON\Cookies
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	dr-h-----	c:\documents and settings\Администратор.ANTON\Application Data
2009-02-11 17:21 . 2008-10-20 13:51	<DIR>	d--h-----	c:\documents and settings\Администратор.ANTON\Шаблоны
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON\Рабочий стол
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON\Мои документы
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	dr-------	c:\documents and settings\Администратор.ANTON\Главное меню
2009-02-11 17:21 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор.ANTON\Избранное
2009-02-11 17:21 . 2009-02-11 17:21	<DIR>	d--------	c:\documents and settings\Администратор.ANTON
2009-02-11 17:21 . 2009-02-11 17:53	524,288	--ah-----	c:\documents and settings\Администратор.ANTON\NTUSER.DAT
2009-02-11 16:31 . 2008-10-20 13:54	<DIR>	dr-h-----	c:\documents and settings\Администратор\SendTo
2009-02-11 16:31 . 2009-02-11 16:33	<DIR>	d--h-----	c:\documents and settings\Администратор\Recent
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор\PrintHood
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор\NetHood
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	d--h-----	c:\documents and settings\Администратор\Local Settings
2009-02-11 16:31 . 2009-02-12 16:21	<DIR>	d---s----	c:\documents and settings\Администратор\Cookies
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	dr-h-----	c:\documents and settings\Администратор\Application Data
2009-02-11 16:31 . 2008-10-20 13:51	<DIR>	d--h-----	c:\documents and settings\Администратор\Шаблоны
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор\Рабочий стол
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор\Мои документы
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	dr-------	c:\documents and settings\Администратор\Главное меню
2009-02-11 16:31 . 2008-10-20 19:43	<DIR>	d--------	c:\documents and settings\Администратор\Избранное
2009-02-11 16:31 . 2009-02-11 16:31	<DIR>	d--------	c:\documents and settings\Администратор
2009-02-11 16:31 . 2009-02-11 16:52	524,288	--ah-----	c:\documents and settings\Администратор\NTUSER.DAT
2009-02-07 18:12 . 2009-02-07 18:14	<DIR>	d--------	c:\windows\system32\NtmsData
2009-02-07 17:10 . 2009-02-07 17:10	<DIR>	d--------	c:\documents and settings\Антон\DoctorWeb
2009-02-07 17:10 . 2009-02-07 17:10	<DIR>	d--------	c:\documents and settings\Антон\DoctorWeb
2009-02-07 15:42 . 2009-02-07 15:42	<DIR>	d--------	c:\windows\ERUNT
2009-02-07 15:29 . 2009-02-12 17:02	<DIR>	d--------	C:\SDFix
2009-02-07 14:45 . 2009-02-07 14:45	<DIR>	d--------	c:\program files\avz4
2009-02-05 19:16 . 2009-02-12 15:48	<DIR>	d--------	c:\program files\Unlocker
2009-02-05 19:16 . 2009-02-12 18:03	<DIR>	d--------	c:\documents and settings\Антон\Application Data\Desktopicon
2009-02-04 15:52 . 2009-02-04 15:52	<DIR>	d--------	c:\program files\Асьго6.5
2009-01-24 16:09 . 2009-01-24 16:32	<DIR>	d--------	c:\documents and settings\Антон\Application Data\Hamachi
2009-01-24 16:08 . 2009-01-24 16:09	<DIR>	d--------	c:\program files\Hamachi
2009-01-24 16:08 . 2009-01-24 16:08	25,280	--a------	c:\windows\system32\drivers\hamachi.sys
2009-01-21 18:43 . 2009-01-21 18:43	<DIR>	d--------	c:\program files\QIP Infium(Olezhan)
2009-01-21 17:18 . 2009-02-04 19:54	<DIR>	d--------	c:\program files\ICQ6Toolbar
2009-01-21 17:18 . 2009-02-04 15:58	<DIR>	d--------	c:\documents and settings\All Users\Application Data\ICQ
2009-01-21 17:18 . 2009-01-21 17:18	<DIR>	d--------	c:\documents and settings\Антон\Application Data\Mozilla
2009-01-21 17:08 . 2009-01-21 17:08	<DIR>	d--------	c:\program files\ICQ6.5
2009-01-19 17:20 . 2009-01-19 17:20	<DIR>	d--------	c:\documents and settings\Антон\Application Data\Apple Computer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 13:25	---------	d-----w	c:\program files\FlashGet
2009-02-12 13:25	---------	d-----w	c:\documents and settings\Антон\Application Data\DNA
2009-02-12 12:13	---------	d-----w	c:\program files\DNA
2009-02-12 10:21	---------	d-----w	c:\program files\Opera
2009-02-11 08:55	---------	d-----w	c:\program files\QIP Infium
2009-02-10 12:06	---------	d-----w	c:\program files\Valve
2009-02-04 11:00	---------	d-----w	c:\documents and settings\Антон\Application Data\ICQ
2009-02-04 10:50	---------	d-----w	c:\program files\ICQ6.517_08_24
2009-01-23 02:44	---------	d-----w	c:\program files\QIP
2009-01-01 13:02	---------	d-----w	c:\program files\KVIrc
2008-12-21 06:43	16,176	----a-w	c:\documents and settings\Антон\Application Data\stat.dat
2008-12-21 06:37	800	----a-w	c:\documents and settings\Антон\Application Data\tema.dat
2008-12-20 12:09	---------	d-----w	c:\program files\uTorrent
.

------- Sigcheck -------

2004-08-04 05:00  975360  dc8ec7f2250d54d6380d6555cfdbef27	c:\windows\explorer.exe
2008-04-14 21:10  1034240  847c01ca71883702cc7445364dd9d097	c:\windows\SoftwareDistribution\Download\eced8b5ea8e636fb8bff2b719fa62647\explorer.exe
2004-08-04 05:00  975360  dc8ec7f2250d54d6380d6555cfdbef27	c:\windows\system32\dllcache\explorer.exe

2008-04-14 21:11  111616  6b97c94d178c4a8edf12a0affe1b2f9c	c:\windows\SoftwareDistribution\Download\eced8b5ea8e636fb8bff2b719fa62647\wuauclt.exe
2007-07-30 18:19  68440  84d9a61860272d6177d46c86b8431557	c:\windows\system32\wuauclt.exe
2007-07-30 18:19  68440  84d9a61860272d6177d46c86b8431557	c:\windows\system32\dllcache\wuauclt.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{83821C2B-32A8-4DD7-B6D4-44309A78E668}"= "c:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll" [2008-10-27 79352]

[HKEY_CLASSES_ROOT\clsid\{83821c2b-32a8-4dd7-b6d4-44309a78e668}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"MAgent"="c:\program files\Mail.Ru\Agent\MAgent.exe" [2008-10-27 4412920]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-04-28 872526]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /p \??\C:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\KVIrc\\kvirc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.000"=
"c:\\Program Files\\Асьго6.5\\ICQ6.5\\ICQ.exe"=

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-01-21 222456]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2008-12-01 228352]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Infium - c:\program files\QIP Infium\QIP Infium\infium.exe


.
------- Supplementary Scan -------
.
IE: &Закачать все при помощи FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Закачать при помощи FlashGet - c:\program files\FlashGet\jc_link.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 18:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D0B7A31-FEDB-A5C0-4A5D-CFE54D466031}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaacagemopkooaikel"=hex:6a,61,68,6b,61,6f,6e,6f,6f,65,6d,61,63,64,62,66,70,66,
   6c,6c,00,f0
"hacbkplmfjgonhnl"=hex:6a,61,68,6b,61,6f,6e,6f,6f,65,6d,61,63,64,62,66,70,66,
   6c,6c,00,f0
.
Completion time: 2009-02-12 18:32:11
ComboFix-quarantined-files.txt  2009-02-12 13:31:52

Pre-Run: 61,638,406,144 байт свободно
Post-Run: 61,623,787,520 байт свободно

203	--- E O F ---	2008-10-24 07:50:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:02, on 12.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QIP\qip.exe
C:\VQS\mirc.exe
C:\games\Soldat\Soldat.exe
C:\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Закачать все при помощи FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Закачать при помощи FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Асьго6.5\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Асьго6.5\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshel...onGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F113089-A10D-4435-9BAA-76EBEB0A110B}: NameServer = 217.20.80.40 212.96.192.1
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe

--
End of file - 5412 bytes

Pili · Отправлено: **18:48, 12-02-2009** | #16

По логу SDFix

Код:

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Запускали не с правами администратора? Если так, запустите ещё раз с правами администратора и выложите новый лог.
FlashGet рекомендую деинсталлировать.
Проверьте на virustotal.com

Код:

c:\documents and settings\Антон\Application Data\stat.dat
c:\windows\explorer.exe
c:\Program Files\BitTorrent\bittorrent.exe
c:\Program Files\DNA\btdna.exe
C:\WINDOWS\SoftwareDistribution\Download\43a5cd99c5a1bc18709a2b4bef165658\BIT1.tmp

Скачайте Gmer, запустите программу. После автоматической экспресс-проверки, отметьте галочкой системный диск и нажмите на кнопку "Scan". После окончания проверки сохраните лог (нажмите на кнопку Save - gmer.log) и вложите в сообщение.
Проблема ещё наблюдается?

sm1t · Отправлено: **20:16, 12-02-2009** | #17

Что значит запустить с правами администратора? Я запускал через безопасный режим в учетной администратора. КомбоФИКС не просил установить консоль восстановления, в чем дело?

Pili · Отправлено: **20:50, 12-02-2009** | #18

Цитата sm1t:

Я запускал через безопасный режим в учетной администратора. »

Однако SDFix сказал, что нет прав "please note that you need administrator rights to perform deep scan" и не смог просканировать папку C:\WINDOWS\

Цитата sm1t:

КомбоФИКС не просил установить консоль восстановления, в чем дело? »

А вы внимательно прочитали инструкцию поста?

Цитата Pili:

скачайте установочный файл для своей ОС (например Windows XP с пакетом обновления 2 (SP2) - для Windows XP SP3 использовать этот же файл) на рабочий стол, закройте все остальные приложения и мышкой перенесите установочный файл на иконку ComboFix и установите Microsoft Recovery Console. Доп. см. Программа для Windows XP Professional с пакетом обновления 2 (SP2): Установочные диски для установки с гибкого диска. »

Делали?

sm1t · Отправлено: **21:08, 12-02-2009** | #19

Хорошо, попробую сдфикс снова. Да, я скачал эти файлы, прочитал инструкцию, перетащил, комбофикс спросил скачать ли обновления, я скачал, потом он спросил выполнить ли проверку, я выполнил и все.

Pili · Отправлено: **23:00, 12-02-2009** | #20

sm1t, да, судя по логу, вы перетащили на иконку combofix файл WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe

Код:

Command switches used :: c:\documents and settings\Антон\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe

Но консоль comboofix не установил, это может быть связано с тем, что файл не подошел вашей системе, у вас Windows XP SP2 RUS?

Цитата Pili:

Проверьте на virustotal.com »

проверили?
Где лог gmer?

Цитата Pili:

Проблема ещё наблюдается? »