Re: Re: Как избавиться от вирусов

24 февраля, 2009 в 12:17 пп #22328

Аноним

Гость

Темы:532
Сообщений:1553

☆☆☆☆☆

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Админ at 2009-02-24 15:00:25
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 18 GB (12%) free of 153 GB
Total RAM: 1023 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:42, on 24.02.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDrWeb AV-DeskDRWAGNUI.EXE
C:WindowsSystem32rundll32.exe
C:Program FilesDrWeb AV-DeskSPIDERML.EXE
C:Program FilesDrWeb AV-DeskSPIDERUI.EXE
C:WindowsSystem32wpcumi.exe
C:Program FilesWinampwinampa.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesICQ6.5ICQ.exe
C:WindowsSystem32mobsync.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32MacromedFlashFlashUtil9f.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersАдминDownloadsRSIT.exe
C:Program Filestrend microАдмин.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU5090.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [DrWebAgentUI] «C:Program FilesDrWeb AV-Deskdrwagnui.exe»
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWeb AV-Deskspiderml.exe»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DRWEBA~1spiderui.exe /agent
O4 — HKLM..Run: [WPCUMI] C:Windowssystem32WpcUmi.exe
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU5090.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU5090.dll/dic.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O13 — Gopher Prefix:
O16 — DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) — http://cdn.scan.onecare.live.com/resource/download/scanner/ru-ru/wlscctrl2.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{8D8BFDB3-A6F2-4D38-821B-C77FB643202A}: NameServer = 85.21.192.5 213.234.192.7
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: Dr.Web(R) AV-Desk Agent (drwagntd) — Doctor Web, Ltd. — C:Program FilesDrWeb AV-Deskdrwagntd.exe
O23 — Service: Dr.Web(R) AV-Desk Upgrade Service (drwupgrade) — Doctor Web, Ltd. — C:Program FilesDrWeb AV-Desk1drwupgrade.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DRWEBA~1spidernt.exe

—
End of file — 5711 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU5090.dll [2007-07-30 804336]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-19 1008184]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-09-12 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-09-12 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-09-12 81920]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-09 153136]
«DrWebAgentUI»=C:Program FilesDrWeb AV-Deskdrwagnui.exe [2008-07-11 812336]
«SpIDerMail»=C:Program FilesDrWeb AV-Deskspiderml.exe [2008-06-10 501080]
«SpIDerNT»=C:PROGRA~1DRWEBA~1spiderui.exe [2008-10-27 197896]
«WPCUMI»=C:Windowssystem32WpcUmi.exe [2006-11-02 176128]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-19 1233920]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-03-12 153136]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2008-11-30 172792]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«LogonHoursAction»=2
«DontDisplayLogonHoursWarnings»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

======List of files/folders created in the last 1 months======

2009-02-24 15:00:26 —-D—- C:Program Filestrend micro
2009-02-24 15:00:25 —-D—- C:rsit
2009-02-22 19:46:36 —-A—- C:Windowssystem32hidcon.exe
2009-02-21 21:54:31 —-D—- C:Ragnarok Online
2009-02-21 15:32:03 —-D—- C:Gravity
2009-02-21 15:19:23 —-D—- C:Program FilesGravity
2009-02-21 13:40:00 —-A—- C:WindowsIFinst27.exe
2009-02-11 10:21:17 —-A—- C:Windowssystem32mshtml.dll
2009-02-11 10:21:16 —-A—- C:Windowssystem32ieframe.dll
2009-02-11 10:21:15 —-A—- C:Windowssystem32wininet.dll
2009-02-11 10:21:15 —-A—- C:Windowssystem32urlmon.dll
2009-02-11 10:21:15 —-A—- C:Windowssystem32msfeeds.dll
2009-02-11 10:21:14 —-A—- C:Windowssystem32mstime.dll
2009-02-11 10:21:14 —-A—- C:Windowssystem32iertutil.dll
2009-02-11 10:21:13 —-A—- C:Windowssystem32jsproxy.dll

======List of files/folders modified in the last 1 months======

2009-02-24 15:00:37 —-D—- C:WindowsPrefetch
2009-02-24 15:00:32 —-D—- C:WindowsTemp
2009-02-24 15:00:26 —-RD—- C:Program Files
2009-02-24 14:57:07 —-D—- C:Program FilesDrWeb AV-Desk
2009-02-24 08:47:31 —-SHD—- C:System Volume Information
2009-02-24 08:43:11 —-D—- C:Windowssystem32spool
2009-02-23 22:23:40 —-D—- C:UsersАдминAppDataRoaminguTorrent
2009-02-23 22:11:21 —-SHD—- C:WindowsInstaller
2009-02-23 19:01:35 —-D—- C:Windowssystem32catroot2
2009-02-22 21:39:34 —-D—- C:Program FilesMyCentria
2009-02-22 19:46:36 —-D—- C:WindowsSystem32
2009-02-21 21:58:55 —-D—- C:Windowssystem32Tasks
2009-02-21 13:40:00 —-D—- C:Windows
2009-02-15 22:49:39 —-D—- C:Windowsinf
2009-02-15 22:49:39 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-02-11 16:31:18 —-D—- C:Windowswinsxs
2009-02-11 12:27:24 —-D—- C:Windowssystem32catroot
2009-02-11 12:27:02 —-D—- C:Program FilesWindows Mail
2009-02-04 02:21:12 —-A—- C:Windowssystem32mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 StarOpen;StarOpen; C:Windowssystem32driversStarOpen.sys [2006-07-24 5632]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2008-09-27 278984]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2008-09-27 25416]
R3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-09-12 7623968]
R3 RTL8169;Realtek 8169 NT драйвер; C:Windowssystem32DRIVERSRtlh86.sys [2006-11-02 44544]
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-19 5632]
S3 GMSIPCI;GMSIPCI; ??D:INSTALLGMSIPCI.SYS []
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-19 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-19 6016]
S3 spider;SpIDer Guard File System Monitor; ??C:PROGRA~1DRWEBA~1spider.sys [2008-10-27 268040]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:Windowssystem32DRIVERSss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:Windowssystem32DRIVERSss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:Windowssystem32DRIVERSss_mdm.sys [2007-05-02 109704]
S3 usbscan;Драйвер USB-сканера; C:Windowssystem32DRIVERSusbscan.sys [2008-01-19 35328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 drwagntd;Dr.Web(R) AV-Desk Agent; C:Program FilesDrWeb AV-Deskdrwagntd.exe [2008-07-11 1860912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-12 271920]
S2 drwupgrade;Dr.Web(R) AV-Desk Upgrade Service; C:Program FilesDrWeb AV-Desk1drwupgrade.exe [2008-07-11 410928]
S3 aspnet_state;Служба состояний ASP.NET; C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-01-05 33800]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DRWEBA~1spidernt.exe [2008-10-27 197896]

EOF