не уверен, что машина выздоровела окончательно

This topic has 3 ответа, 2 участника, and was last updated 16 years, 3 months назад by Admin.

Просмотр 4 сообщений - с 1 по 4 (из 4 всего)

Автор

Сообщения
4 февраля, 2009 в 1:12 пп #16241
Fil@
Participant
- Темы:1
- Сообщений:2
Добрый день!
Очень пригодилась информация, которую нашел здесь. Спасибо за Вашу помощь.
Прогнал систему с помощью Malwarebytes’ Anti-Malware, исправил кучу ошибок.
И все же не уверен, что машина выздоровела окончательно.
Не могли бы вы и мне помочь?

Logfile of AnVir Task Manager v5.5.1 http://www.anvir.net
Log saved at 04.02.2009 14:59
Platform: Windows Vista_32
MSIE: Internet Explorer v7.0

Running processes:
{Not Microsoft}
C:WindowsSystem32Ati2evxx.exe {CPU time=0:00, Memory=4 MB, PageFile=2 MB, Security=22%}
C:WindowsSystem32Ati2evxx.exe {CPU time=0:00, Memory=6 MB, PageFile=2 MB, Security=22%}
C:Program FilesATK HotkeyASLDRSrv.exe {CPU time=0:00, Memory=3 MB, Security=44%}
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe {CPU time=0:00, Security= 0%}
C:Program FilesAlwil SoftwareAvast4ashServ.exe {CPU time=2:45, Memory=34 MB, PageFile=29 MB, Security= 0%}
C:Program FilesATK HotkeyHControl.exe {CPU time=0:00, Memory=6 MB, PageFile=7 MB, Security=34%}
C:Program FilesATKOSD2ATKOSD2.exe {CPU time=0:00, Memory=4 MB, PageFile=1.2 MB, Security=36%}
C:Program FilesATK HotkeyATKOSD.exe {CPU time=0:00, Memory=4 MB, Security=36%}
C:WindowsRtHDVCpl.exe {CPU time=0:00, Memory=7 MB, PageFile=8 MB, Security=12%}
C:Program FilesMotorolaSMSERIALsm56hlpr.exe {CPU time=0:00, Memory=4 MB, PageFile=1.4 MB, Security=12%}
C:Program FilesAlwil SoftwareAvast4ashDisp.exe {CPU time=0:01, Memory=10 MB, PageFile=6 MB, Security= 0%}
C:Program Files2gisUpdateClientWin32UpdateClientUI.exe {CPU time=0:00, Memory=10 MB, PageFile=3 MB, Security=38%}
C:Program FilesPunto Switcherpunto.exe {CPU time=0:01, Memory=12 MB, PageFile=10 MB, Security= 0%}
C:Program FilesOperaopera.exe {CPU time=0:29, Memory=63 MB, PageFile=54 MB, Security=18%}
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe {CPU time=0:00, Memory=1.2 MB, PageFile=3 MB, Security= 0%}
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe {CPU time=0:01, Memory=12 MB, PageFile=24 MB, Security= 0%}
C:Program Files2gisUpdateClientWin32UpdateClientService.exe {CPU time=0:00, Memory=5 MB, PageFile=1.4 MB, Security=38%}
C:Program FilesCommon FilesYandexYupdateyupdate.exe {CPU time=0:00, Memory=2 MB, PageFile=2 MB, Security= 0%}
D:Program FilesAnVir Task ManagerAnVir.exe {CPU time=0:04, Memory=29 MB, PageFile=30 MB, Security= 0%}
{Microsoft}
C:WindowsSystem32smss.exe {CPU time=0:00, Security=12%}
C:WindowsSystem32csrss.exe {CPU time=0:01, Memory=3 MB, PageFile=1.4 MB, Security=12%}
C:WindowsSystem32wininit.exe {CPU time=0:00, Memory=3 MB, PageFile=1.1 MB, Security=16%}
C:WindowsSystem32csrss.exe {CPU time=0:05, Memory=6 MB, PageFile=1.7 MB, Security=12%}
C:WindowsSystem32winlogon.exe {CPU time=0:00, Memory=5 MB, PageFile=1.8 MB, Security=16%}
C:WindowsSystem32services.exe {CPU time=0:05, Memory=6 MB, PageFile=2 MB, Security=16%}
C:WindowsSystem32lsass.exe {CPU time=0:02, Memory=2 MB, PageFile=3 MB, Security= 0%}
C:WindowsSystem32lsm.exe {CPU time=0:00, Memory=3 MB, PageFile=1.6 MB, Security=12%}
C:WindowsSystem32svchost.exe {CPU time=1:09, Memory=5 MB, PageFile=2 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=6 MB, PageFile=3 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=9 MB, PageFile=10 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:03, Memory=12 MB, PageFile=8 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:03, Memory=31 MB, PageFile=23 MB, Security= 0%}
C:WindowsSystem32audiodg.exe {CPU time=0:00, Memory=17 MB, PageFile=14 MB, Security=12%}
C:WindowsSystem32SLsvc.exe {CPU time=0:01, Memory=9 MB, PageFile=4 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=11 MB, PageFile=5 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:02, Memory=15 MB, PageFile=13 MB, Security= 0%}
C:WindowsSystem32dwm.exe {CPU time=0:44, Memory=50 MB, PageFile=48 MB, Security=16%}
C:Windowsexplorer.exe {CPU time=0:44, Memory=50 MB, PageFile=36 MB, Security= 0%}
C:WindowsSystem32spoolsv.exe {CPU time=0:01, Memory=11 MB, PageFile=5 MB, Security= 0%}
C:WindowsSystem32taskeng.exe {CPU time=0:00, Memory=10 MB, PageFile=9 MB, Security=16%}
C:WindowsSystem32svchost.exe {CPU time=0:01, Memory=9 MB, PageFile=7 MB, Security= 0%}
C:WindowsWindowsMobilewmdc.exe {CPU time=0:00, Memory=5 MB, PageFile=1.6 MB, Security= 0%}
C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe {CPU time=0:00, Memory=7 MB, PageFile=2 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=7 MB, PageFile=4 MB, Security=14%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=3 MB, PageFile=1.0 MB, Security=20%}
C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe {CPU time=0:12, Memory=37 MB, PageFile=47 MB, Security= 0%}
C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe {CPU time=0:00, Memory=12 MB, PageFile=18 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=4 MB, PageFile=1.4 MB, Security= 0%}
C:WindowsSystem32TCPSVCS.EXE {CPU time=0:00, Memory=3 MB, PageFile=1.1 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=6 MB, PageFile=3 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=7 MB, PageFile=3 MB, Security= 0%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=3 MB, PageFile=1.2 MB, Security= 0%}
C:WindowsSystem32mobsync.exe {CPU time=0:00, Memory=6 MB, PageFile=2 MB, Security= 0%}
C:WindowsSystem32iashost.exe {CPU time=0:00, Memory=6 MB, PageFile=3 MB, Security=16%}
C:WindowsSystem32taskeng.exe {CPU time=0:00, Memory=5 MB, PageFile=1.6 MB, Security=16%}
C:WindowsSystem32svchost.exe {CPU time=0:00, Memory=6 MB, PageFile=3 MB, Security=14%}
C:Program FilesWindows Media Playerwmpnscfg.exe {CPU time=0:00, Memory=5 MB, PageFile=1.6 MB, Security=16%}
C:Program FilesWindows Media Playerwmpnetwk.exe {CPU time=0:00, Memory=10 MB, PageFile=5 MB, Security= 0%}
C:WindowsSystem32wuauclt.exe {CPU time=0:00, Memory=45 MB, PageFile=2 MB, Security= 0%}

O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll {Security= 0%}
O2 — BHO: Adobe PDF Link Helper — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll {Security= 0%}
O2 — BHO: Ask Toolbar BHO — {F4D76F01-7896-458a-890F-E1F05C46069F} — C:Program FilesAskPBarbar1.binASKPBAR.DLL {Security=24%}
O3 — Toolbar: Ask Toolbar — {F4D76F09-7896-458a-890F-E1F05C46069F} — C:Program FilesAskPBarbar1.binASKPBAR.DLL {Security=24%}
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll {Security= 0%}
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe {Security=12%}
O4 — HKLM..Run: [SMSERIAL] C:Program FilesMotorolaSMSERIALsm56hlpr.exe {Security=12%}
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe {Security= 0%}
O4 — HKLM..Run: [2gis update client UI] «C:Program Files2gisUpdateClientWin32UpdateClientUI.exe» -minimized {Security=38%}
O4 — HKLM..Run: [Skytel] Skytel.exe {Security=12%}
O4 — HKLM..Run: [Google Desktop Search] «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup {Security= 0%}
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe {Security= 0%}
O4 — HKCU..Run: [ccleaner] «C:Program FilesCcleanerCCleaner.exe» /AUTO {Security= 0%}
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe» {Security= 0%}
O4 — HKCU..Run: [AnVir Task Manager] «D:Program FilesAnVir Task ManagerAnVir.exe» Minimized {Security= 0%}
O4 — File: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe {Security= 0%}
O9 — Extra button or menuitem: @C:WindowsWindowsMobileINetRepl.dll,-222 — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll {Security= 0%}
O9 — Extra button or menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll {Security= 0%}
O9 — Extra button or menuitem: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL {Security= 0%}
O9 — Extra button or menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — D:Program FilesICQ6.5ICQ.exe {Security= 0%}
O23 — Service: 2GIS UpdateClientService (2GIS UpdateClientService) — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe {Security=38%}
O23 — Service: aint (aint) — Unknown owner — C:Windowssystem32maxtho.exe (file missing) {Security=24%}
O23 — Service: ASLDR Service (ASLDRService) — Unknown owner — C:Program FilesATK HotkeyASLDRSrv.exe {Security=44%}
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe {Security= 0%}
O23 — Service: Ati External Event Utility (Ati External Event Utility) — ATI Technologies Inc. — C:WindowsSystem32Ati2evxx.exe {Security=22%}
O23 — Service: avast! Antivirus (avast! Antivirus) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe {Security= 0%}
O23 — Service: avast! Mail Scanner (avast! Mail Scanner) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe {Security= 0%}
O23 — Service: avast! Web Scanner (avast! Web Scanner) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe {Security= 0%}
O23 — Service: Диспетчер Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) — Google — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe {Security= 0%}
O23 — Service: MSSQLSERVER (MSSQLSERVER) — Microsoft Corporation — C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe {Security= 0%}
O23 — Service: MSSQLServerADHelper (MSSQLServerADHelper) — Microsoft Corporation — C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe {Security= 0%}
O23 — Service: notdm (notdm) — Unknown owner — C:Windowssystem32notdm.exe (file missing) {Security=24%}
O23 — Service: noteb (noteb) — Unknown owner — C:Windowssystem32noteb.exe (file missing) {Security=24%}
O23 — Service: notesy (notesy) — Unknown owner — C:Windowssystem32notesy.exe (file missing) {Security=24%}
O23 — Service: notex (notex) — Unknown owner — C:Windowssystem32notex.exe (file missing) {Security=24%}
O23 — Service: notfgo (notfgo) — Unknown owner — C:Windowssystem32notfgo.exe (file missing) {Security=24%}
O23 — Service: notwq (notwq) — Unknown owner — C:Windowssystem32notwq.exe (file missing) {Security=24%}
O23 — Service: Microsoft Office Diagnostics Service (odserv) — Microsoft Corporation — C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE {Security= 0%}
O23 — Service: Office Source Engine (ose) — Microsoft Corporation — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE {Security= 0%}
O23 — Service: RiSing KaKa Driveres (RiSingKaKaea) — Unknown owner — C:Windowssystem32RiSinge.exe (file missing) {Security=24%}
O23 — Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) — CACE Technologies — C:Program FilesWinPcaprpcapd.exe {Security= 0%}
O23 — Service: SeagateSyncServica (SeagateSyncServica) — Unknown owner — C:Windowssystem32im.exe (file missing) {Security= 2%}
O23 — Service: SiSin Driver (SiSin) — Unknown owner — C:Windowssystem32SiSing.exe (file missing) {Security=24%}
O23 — Service: SQLSERVERAGENT (SQLSERVERAGENT) — Microsoft Corporation — C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlagent.EXE {Security= 0%}
O23 — Service: Storm DDOS soft Service (Storm DDOS Service) — Unknown owner — C:Windowssystem32StormSer.exe (file missing) {Security=24%}
O23 — Service: tads (tads) — Unknown owner — C:Windowssystem32tads.exe (file missing) {Security=24%}
O23 — Service: tafl (tafl) — Unknown owner — C:Windowssystem32tafl.exe (file missing) {Security=24%}
O23 — Service: talb (talb) — Unknown owner — C:Windowssystem32talb.exe (file missing) {Security=24%}
O23 — Service: tany (tany) — Unknown owner — C:Windowssystem32tany.exe (file missing) {Security=24%}
O23 — Service: Обнаружение интерактивных служб (UI0Detect) — Microsoft Corporation — C:WindowsSystem32UI0Detect.exe {Security= 0%}
O23 — Service: Window Help System (WinHelp2) — Unknown owner — C:Windowssystem32WinHelp2.exe (file missing) {Security=24%}
O23 — Service: WMI Performan Adapter (wmiApSvc) — Unknown owner — C:WindowsSystem32RemInstsmss.exe (file missing) {Security=24%}

—
End of file — 12570 bytes

==========================================================================================================================

Malwarebytes’ Anti-Malware 1.33
Версия базы данных: 1725
Windows 6.0.6001 Service Pack 1

04.02.2009 14:06:28
mbam-log-2009-02-04 (14-06-15).txt

Тип проверки: Полная (C:|D:|)
Проверено объектов: 239777
Прошло времени: 2 hour(s), 11 minute(s), 26 second(s)

Заражено процессов в памяти: 1
Заражено модулей в памяти: 0
Заражено ключей реестра: 132
Заражено значений реестра: 0
Заражено параметров реестра: 3
Заражено папок: 0
Заражено файлов: 7

Заражено процессов в памяти:
C:WindowsSystem32wbeminternat.exe (Trojan.Agent) -> No action taken.

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWindowsRemote (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsrfwProxy.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32kui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCONSOL.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsEGHOST.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIparmor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVwsc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnavw32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNAVWNT.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFW.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRAVmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRAVmonD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSCAN32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsVSSTAT.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWEBSCANX.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadam.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAppSvc32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAvMonitor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHijackThis.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiparmo.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsisPwdSvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKaScrScn.SCR (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSetup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFWSvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRepair.COM (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKsLoader.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVCenter.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvfwMcl.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP_1.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvReport.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVStub.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvupload.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch9x.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchX.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsloaddll.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsMagicSet.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmcconsol.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmqczj.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmsk.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32krn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQHSET.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRas.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavStub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavTask.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRegClean.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwcfg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRfwMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwsrv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsaupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsruniep.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssafelive.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsshcfg32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSmartUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSREng.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssymlcsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSysSafe.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanwall.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojDie.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUIHost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxFwHlp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxPol.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUpLive.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWoptiClean.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQDoctor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQKav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionssafeboxTray.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsegui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPF.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskissvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVScan.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNPFMntor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwstub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxCfg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsicesword.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsArSwp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrstrui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsupiea.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUSBCleaner.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVGAS.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVGNT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVGUARD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsEKRN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsGUARD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsMCSHIELD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSFCTLCOM.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSHSTAT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTBMon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUFSEAGNT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUpdaterUI.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFYFireWall.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP_1.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVPreScan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUlibCfg.exe (Security.Hijack) -> No action taken.

Заражено значений реестра:
(Вредоносные программы не обнаружены)

Заражено параметров реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: c:windowssystem32wbeminternat.exe -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: system32wbeminternat.exe -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Hijack.UserInit) -> Bad: (C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32wbeminternat.exe) Good: (userinit.exe) -> No action taken.

Заражено папок:
(Вредоносные программы не обнаружены)

Заражено файлов:
C:Program FilesK-Lite Codec PackRealmpclauncher.exe (Adware.SearchIt99) -> No action taken.
C:Program FilesK-Lite Codec PackRealsettings.exe (Adware.SearchIt99) -> No action taken.
C:Program FilesK-Lite Codec PackToolsCodecTweakTool.exe (Adware.SearchIt99) -> No action taken.
C:UsersАдминистраторDocumentsНовая папкафлешка512Nero.8.3.2.1.Micro.Incl.Keymaker-EMBRACEKeygenkeygen.exe (Trojan.Agent) -> No action taken.
C:bot.txt (Trojan.Agent) -> No action taken.
C:WindowsSystem32wbeminternat.exe (Trojan.Agent) -> No action taken.
C:WindowsSystem32CMD.COM (Backdoor.Bot) -> No action taken.
=================================================================================================================

Когда поймал вирус, поотключал вручную кучу служб (помогло на месяц). При этом естесно отключил и несколько необходимых. Лег Брендмауер и не только. Как можно все привести в порядок?
5 февраля, 2009 в 4:31 пп #21724
Admin
Keymaster
- Темы:40
- Сообщений:5676
Здравствуйте, добро пожаловать на Spyware-ru форум.

Судя по MBAM логу ваш компьютер заражён опасным вирусом.
Кроме этого судя по логу, вы не завершили процесс лечения (лог показывает No action taken, то есть не было выбрано никаких действия).
Выполните сканирование вашего компьютера снова. Удалите всё что будет найдено. В конце работы будет показан лог, вставьте его в ваше следующее сообщение.
6 февраля, 2009 в 12:37 пп #21725
Fil@
Participant
- Темы:1
- Сообщений:2
Добрый день! Вот еще один лог MBAM. Предыдущий видимо сохранил до очистки. Но точно помню, что файлы удалял и перезагружался.
Вот сегодняшний:

================================================================================================
Malwarebytes’ Anti-Malware 1.33
Версия базы данных: 1725
Windows 6.0.6001 Service Pack 1

06.02.2009 14:31:38
mbam-log-2009-02-06 (14-31-38).txt

Тип проверки: Полная (C:|D:|)
Проверено объектов: 240754
Прошло времени: 1 hour(s), 6 minute(s), 24 second(s)

Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 0

Заражено процессов в памяти:
(Вредоносные программы не обнаружены)

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
(Вредоносные программы не обнаружены)

Заражено значений реестра:
(Вредоносные программы не обнаружены)

Заражено параметров реестра:
(Вредоносные программы не обнаружены)

Заражено папок:
(Вредоносные программы не обнаружены)

Заражено файлов:
(Вредоносные программы не обнаружены)

===============================================================================================

Судя по поведению компьютера в последние 3 дня, с машиной все в порядке!
Огромное Вам спасибо за помощь!
7 февраля, 2009 в 5:40 пп #21726
Admin
Keymaster
- Темы:40
- Сообщений:5676
Рад вам помочь, но в общем то, вам помогла программа Malwarebytes Anti-malware 🙂
Для дополнительной проверки скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.

Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).

Вставьте оба RSIT лога в ваш ответ. Каждый лог в отдельное сообщение.
Автор

Сообщения

Просмотр 4 сообщений - с 1 по 4 (из 4 всего)

Для ответа в этой теме необходимо авторизоваться.

не уверен, что машина выздоровела окончательно

Добро пожаловать

Поиск

Последние темы

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки