Что за вирус отключает подключение к интернету каждые 1-5 минут

zagvozdka · Отправлено: **18:55, 27-05-2008** | #8

Проверил свежими CureIT, AVPTool, AVZ, HiJackThis.
Ничего подозрительного не нашел

Код:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:17, on 27.05.2008
Platform: Windows 2003  (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\srvany.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\System32\cmd.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Punto Switcher\ps.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Администратор\Desktop\avz4\avz4\avz.exe
C:\Documents and Settings\Администратор\Desktop\HiJackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ping.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ya.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_28.11.2007_07-19.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\ps.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://www.bgoperator.ru
O15 - ESC Trusted Zone: http://mobila.bigua.info
O15 - ESC Trusted Zone: http://ref.bigua.info
O15 - ESC Trusted Zone: http://*.bigua.info
O15 - ESC Trusted Zone: http://www.corel.com
O15 - ESC Trusted Zone: http://*.eventid.net
O15 - ESC Trusted Zone: http://*.gofs.ru
O15 - ESC Trusted Zone: http://www.google.ru
O15 - ESC Trusted Zone: http://pagead2.googlesyndication.com
O15 - ESC Trusted Zone: http://*.ineste.net
O15 - ESC Trusted Zone: http://www.infoart.ru
O15 - ESC Trusted Zone: http://updates02.installshield.com
O15 - ESC Trusted Zone: http://banner.kiev.ua
O15 - ESC Trusted Zone: http://www.kremlin.ru
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://pbnimg.mytop-in.net
O15 - ESC Trusted Zone: http://wse.net.ru
O15 - ESC Trusted Zone: http://forum.oszone.net
O15 - ESC Trusted Zone: http://www.oszone.net
O15 - ESC Trusted Zone: http://www.promo.ru
O15 - ESC Trusted Zone: http://forum.ru-board.com
O15 - ESC Trusted Zone: http://www.trendsecure.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.ya.ru
O15 - ESC Trusted Zone: http://*.yandex.ru
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.2.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Azaria
O17 - HKLM\Software\..\Telephony: DomainName = Azaria
O17 - HKLM\System\CCS\Services\Tcpip\..\{095D506D-BAEA-415E-A4DF-B6F86C58344F}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{40ED8DAB-9F3D-401E-A61C-39E1674C6D27}: NameServer = 195.137.201.3 195.137.201.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Azaria
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Azaria
O23 - Service: Internet - Unknown owner - c:\WINDOWS\system32\srvany.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: setup_7.0.0.180_28.11.2007_07-19 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_28.11.2007_07-19.exe (file missing)