Жывут вирусы и здравствуют у моего соседа, помогите ему пожалуйста. Как можна такое подцепить ума не приложу.
Жывут вирусы и здравствуют у моего соседа, помогите ему пожалуйста. Как можна такое подцепить ума не приложу.
Уважаемый(ая) Olik, спасибо за обращение на наш форум!
Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
- Выполните скрипт в AVZ
После перезагрузки:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Documents and Settings\Администратор\cbzvl.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7753276.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7736365.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7461165.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7222419.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\6105213.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5931273.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5923381.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5812585.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5112761.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3130553.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3071916.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\2784619.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1625590.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1614746.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1320670.exe',''); DeleteService('wxpdrivers'); DeleteService('srvsysdriver32'); DeleteService('srviecheck'); DeleteService('srvbtcclient'); QuarantineFile('c:\windows\systemup.exe',''); TerminateProcessByName('c:\windows\systemup.exe'); TerminateProcessByName('c:\windows\sysdriver32.exe'); QuarantineFile('c:\windows\update.1\svchost.exe',''); TerminateProcessByName('c:\windows\update.1\svchost.exe'); QuarantineFile('c:\windows\update.5.0\svchost.exe',''); TerminateProcessByName('c:\windows\update.5.0\svchost.exe'); QuarantineFile('c:\windows\l1rezerv.exe',''); TerminateProcessByName('c:\windows\l1rezerv.exe'); TerminateProcessByName('c:\windows\update.2\2344.exe'); QuarantineFile('c:\windows\update.2\2344.exe',''); DeleteFile('c:\windows\update.2\2344.exe'); DeleteFile('c:\windows\l1rezerv.exe'); DeleteFile('c:\windows\update.5.0\svchost.exe'); DeleteFile('c:\windows\update.1\svchost.exe'); DeleteFile('c:\windows\sysdriver32.exe'); DeleteFile('c:\windows\systemup.exe'); DeleteFile('C:\WINDOWS\update.5.0\svchost.exe'); DeleteFile('C:\WINDOWS\update.2\2344.exe'); DeleteFile('C:\WINDOWS\sysdriver32.exe'); DeleteFile('C:\WINDOWS\update.1\svchost.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1320670.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1614746.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1625590.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\2784619.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3071916.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3130553.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5112761.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5812585.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5923381.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5931273.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\6105213.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7222419.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1320670.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1614746.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1625590.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2784619.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3071916.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3130553.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5112761.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5812585.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5923381.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5931273.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6105213.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7222419.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7461165.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7736365.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7753276.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\8982609.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\9107262.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\947557.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\9681976.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\976655.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\9859742.exe'); DeleteFile('C:\Documents and Settings\Администратор\cbzvl.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9859742.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','976655.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9681976.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','947557.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9107262.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8982609.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7753276.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7736365.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7461165.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman '); QuarantineFile('C:\WINDOWS\update.2\2344.exe',''); DelBHO('{61861D95-85BF-3ECF-42CA-A672EB2925BE}'); DelBHO('{88888888-8888-8888-8888-888888888888}'); QuarantineFile('C:\WINDOWS\systemup.exe',''); QuarantineFile('C:\WINDOWS\sysdriver32_.exe',''); QuarantineFile('C:\WINDOWS\sysdriver32.exe',''); QuarantineFile('C:\WINDOWS\l1rezerv.exe',''); QuarantineFile('C:\WINDOWS\TEMP\9903121.exe',''); QuarantineFile('C:\WINDOWS\TEMP\9741829.exe',''); QuarantineFile('C:\WINDOWS\TEMP\9694205.exe',''); QuarantineFile('C:\WINDOWS\TEMP\9632755.exe',''); QuarantineFile('C:\WINDOWS\TEMP\9579733.exe',''); QuarantineFile('C:\WINDOWS\TEMP\933679.exe',''); QuarantineFile('C:\WINDOWS\TEMP\9115256.exe',''); QuarantineFile('C:\WINDOWS\TEMP\8506831.exe',''); QuarantineFile('C:\WINDOWS\TEMP\847877.exe',''); QuarantineFile('C:\WINDOWS\TEMP\8349732.exe',''); QuarantineFile('C:\WINDOWS\TEMP\8216034.exe',''); QuarantineFile('C:\WINDOWS\TEMP\7929750.exe',''); QuarantineFile('C:\WINDOWS\TEMP\7488821.exe',''); QuarantineFile('C:\WINDOWS\TEMP\7444395.exe',''); QuarantineFile('C:\WINDOWS\TEMP\7099639.exe',''); QuarantineFile('C:\WINDOWS\TEMP\7036807.exe',''); QuarantineFile('C:\WINDOWS\TEMP\6887943.exe',''); QuarantineFile('C:\WINDOWS\TEMP\6841797.exe',''); QuarantineFile('C:\WINDOWS\TEMP\6792808.exe',''); QuarantineFile('C:\WINDOWS\TEMP\6532795.exe',''); QuarantineFile('C:\WINDOWS\TEMP\653063.exe',''); QuarantineFile('C:\WINDOWS\TEMP\6377195.exe',''); QuarantineFile('C:\WINDOWS\TEMP\5724903.exe',''); QuarantineFile('C:\WINDOWS\TEMP\5779191.exe',''); QuarantineFile('C:\WINDOWS\TEMP\5864028.exe',''); QuarantineFile('C:\WINDOWS\TEMP\4814924.exe',''); QuarantineFile('C:\WINDOWS\TEMP\4290350.exe',''); QuarantineFile('C:\WINDOWS\TEMP\3808173.exe',''); QuarantineFile('C:\WINDOWS\TEMP\342257.exe',''); QuarantineFile('C:\WINDOWS\TEMP\3366117.exe',''); QuarantineFile('C:\WINDOWS\TEMP\3344345.exe',''); QuarantineFile('C:\WINDOWS\TEMP\2986171.exe',''); QuarantineFile('C:\WINDOWS\TEMP\2904485.exe',''); QuarantineFile('C:\WINDOWS\TEMP\255262.exe',''); QuarantineFile('C:\WINDOWS\TEMP\2450184.exe',''); QuarantineFile('C:\WINDOWS\TEMP\2383828.exe',''); QuarantineFile('C:\WINDOWS\TEMP\2358454.exe',''); QuarantineFile('C:\WINDOWS\TEMP\2210714.exe',''); QuarantineFile('C:\WINDOWS\TEMP\1767635.exe',''); QuarantineFile('C:\WINDOWS\TEMP\1735159.exe',''); QuarantineFile('C:\WINDOWS\TEMP\1656902.exe',''); QuarantineFile('C:\WINDOWS\TEMP\133428.exe',''); QuarantineFile('C:\WINDOWS\TEMP\1287354.exe',''); QuarantineFile('C:\WINDOWS\TEMP\1220969.exe',''); QuarantineFile('C:\Documents and Settings\Администратор\cbzvl.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7753276.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7736365.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7461165.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7222419.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\6105213.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5931273.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5923381.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5812585.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5112761.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3130553.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3071916.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\2784619.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1625590.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1614746.exe',''); QuarantineFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1320670.exe',''); DeleteService('wxpdrivers'); DeleteService('srvsysdriver32'); DeleteService('srviecheck'); DeleteService('srvbtcclient'); QuarantineFile('c:\windows\systemup.exe',''); TerminateProcessByName('c:\windows\systemup.exe'); TerminateProcessByName('c:\windows\sysdriver32.exe'); QuarantineFile('c:\windows\update.1\svchost.exe',''); TerminateProcessByName('c:\windows\update.1\svchost.exe'); QuarantineFile('c:\windows\update.5.0\svchost.exe',''); TerminateProcessByName('c:\windows\update.5.0\svchost.exe'); QuarantineFile('c:\windows\l1rezerv.exe',''); TerminateProcessByName('c:\windows\l1rezerv.exe'); TerminateProcessByName('c:\windows\update.2\2344.exe'); QuarantineFile('c:\windows\update.2\2344.exe',''); DeleteFile('c:\windows\update.2\2344.exe'); DeleteFile('c:\windows\l1rezerv.exe'); DeleteFile('c:\windows\update.5.0\svchost.exe'); DeleteFile('c:\windows\update.1\svchost.exe'); DeleteFile('c:\windows\sysdriver32.exe'); DeleteFile('c:\windows\systemup.exe'); DeleteFile('C:\WINDOWS\update.5.0\svchost.exe'); DeleteFile('C:\WINDOWS\update.2\2344.exe'); DeleteFile('C:\WINDOWS\sysdriver32.exe'); DeleteFile('C:\WINDOWS\update.1\svchost.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1320670.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1614746.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\1625590.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\2784619.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3071916.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\3130553.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5112761.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5812585.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5923381.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\5931273.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\6105213.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7222419.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1320670.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1614746.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1625590.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2784619.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3071916.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3130553.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5112761.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5812585.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5923381.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5931273.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6105213.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7222419.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7461165.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7736365.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\7753276.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\8982609.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\9107262.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\947557.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\9681976.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\976655.exe'); DeleteFile('C:\DOCUME~1\АДМИНИ~1\LOCALS~1\Temp\9859742.exe'); DeleteFile('C:\Documents and Settings\Администратор\cbzvl.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9859742.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','976655.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9681976.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','947557.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9107262.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8982609.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7753276.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7736365.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7461165.exe'); DeleteFile('C:\WINDOWS\TEMP\1220969.exe'); DeleteFile('C:\WINDOWS\TEMP\1287354.exe'); DeleteFile('C:\WINDOWS\TEMP\133428.exe'); DeleteFile('C:\WINDOWS\TEMP\1656902.exe'); DeleteFile('C:\WINDOWS\TEMP\1735159.exe'); DeleteFile('C:\WINDOWS\TEMP\1767635.exe'); DeleteFile('C:\WINDOWS\TEMP\2210714.exe'); DeleteFile('C:\WINDOWS\TEMP\2358454.exe'); DeleteFile('C:\WINDOWS\TEMP\2383828.exe'); DeleteFile('C:\WINDOWS\TEMP\2450184.exe'); DeleteFile('C:\WINDOWS\TEMP\255262.exe'); DeleteFile('C:\WINDOWS\TEMP\2904485.exe'); DeleteFile('C:\WINDOWS\TEMP\2986171.exe'); DeleteFile('C:\WINDOWS\TEMP\3344345.exe'); DeleteFile('C:\WINDOWS\TEMP\3366117.exe'); DeleteFile('C:\WINDOWS\TEMP\342257.exe'); DeleteFile('C:\WINDOWS\TEMP\3808173.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3808173.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','342257.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3366117.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3344345.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2986171.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2904485.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','255262.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2450184.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2358454.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2383828.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2210714.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1767635.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1735159.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1656902.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','133428.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1287354.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1220969.exe'); DeleteFile('C:\WINDOWS\TEMP\4290350.exe'); DeleteFile('C:\WINDOWS\TEMP\4814924.exe'); DeleteFile('C:\WINDOWS\TEMP\4849724.exe'); DeleteFile('C:\WINDOWS\TEMP\5001998.exe'); DeleteFile('C:\WINDOWS\TEMP\5163889.exe'); DeleteFile('C:\WINDOWS\TEMP\5656322.exe'); DeleteFile('C:\WINDOWS\TEMP\5724903.exe'); DeleteFile('C:\WINDOWS\TEMP\5779191.exe'); DeleteFile('C:\WINDOWS\TEMP\5864028.exe'); DeleteFile('C:\WINDOWS\TEMP\5895059.exe'); DeleteFile('C:\WINDOWS\TEMP\5903590.exe'); DeleteFile('C:\WINDOWS\TEMP\6377195.exe'); DeleteFile('C:\WINDOWS\TEMP\653063.exe'); DeleteFile('C:\WINDOWS\TEMP\6532795.exe'); DeleteFile('C:\WINDOWS\TEMP\6792808.exe'); DeleteFile('C:\WINDOWS\TEMP\6841797.exe'); DeleteFile('C:\WINDOWS\TEMP\6887943.exe'); DeleteFile('C:\WINDOWS\TEMP\7036807.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7036807.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6887943.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6841797.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6792808.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6532795.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','653063.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6377195.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5903590.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5895059.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5864028.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5779191.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5724903.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5656322.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5163889.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5001998.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','4849724.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','4814924.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','4290350.exe'); DeleteFile('C:\WINDOWS\TEMP\7099639.exe'); DeleteFile('C:\WINDOWS\TEMP\7444395.exe'); DeleteFile('C:\WINDOWS\TEMP\7488821.exe'); DeleteFile('C:\WINDOWS\TEMP\7783735.exe'); DeleteFile('C:\WINDOWS\TEMP\8216034.exe'); DeleteFile('C:\WINDOWS\TEMP\8349732.exe'); DeleteFile('C:\WINDOWS\TEMP\8401428.exe'); DeleteFile('C:\WINDOWS\TEMP\8469433.exe'); DeleteFile('C:\WINDOWS\TEMP\847877.exe'); DeleteFile('C:\WINDOWS\TEMP\8506831.exe'); DeleteFile('C:\WINDOWS\TEMP\9115256.exe'); DeleteFile('C:\WINDOWS\TEMP\926949.exe'); DeleteFile('C:\WINDOWS\TEMP\933679.exe'); DeleteFile('C:\WINDOWS\TEMP\9579733.exe'); DeleteFile('C:\WINDOWS\TEMP\9632755.exe'); DeleteFile('C:\WINDOWS\TEMP\9694205.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9694205.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9632755.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9579733.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','933679.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','926949.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9115256.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8506831.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','847877.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8469433.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8401428.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8349732.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8216034.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7929750.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7783735.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7714179.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7573478.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7488821.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7444395.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7099639.exe'); DeleteFile('C:\WINDOWS\TEMP\9741829.exe'); DeleteFile('C:\WINDOWS\TEMP\9903121.exe'); DeleteFile('C:\WINDOWS\TEMP\9922586.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9922586.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9903121.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9741829.exe'); DeleteFile('C:\WINDOWS\l1rezerv.exe'); DeleteFile('C:\WINDOWS\sysdriver32_.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32_.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','l1rezerv.exe'); DeleteFile('C:\WINDOWS\systemup.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','scr'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tray_ico0'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','wxpdrv'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','systemup'); DeleteFile('services32.exe'); DeleteFile('C:\Documents and Settings\Администратор\Application Data\aIGAkB3Znf_p.dll'); DeleteFile('C:\WINDOWS\services32.exe'); DeleteFile('C:\WINDOWS\update.2\svchost.exe'); BC_ImportAll; ExecuteSysClean; ExecuteRepair(11); ExecuteWizard('TSW', 2, 2, true); ExecuteWizard('SCU', 2, 2, true); BC_Activate; RebootWindows(true); end.
- выполните такой скрипт
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темыКод:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
Обновите систему
- SP2 обновите до Service Pack 3(может потребоваться активация)
* Перед установкой Сервис Пака необходимо выгрузить антивирус, файрвол, а так же резидентные приложения типа TeaTimer (Spybot Search and Destroy) и др.)
* Microsoft остановил поддержку и выпуск обновлений безопасности для ОС Windows XP без установленного SP3, см.тут
- Установите Internet-Explorer 8.(даже если Вы его не используете)
- Поставте все последние обновления системы Windows - тут
После обновления:
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log)
- Сделайте лог MBAM
Совсем другое дело. Комп ушел. Все что смог сделал.
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 14
- В ходе лечения обнаружены вредоносные программы:
- c:\\documents and settings\\администратор\\cbzvl.exe - Trojan.Win32.Sasfis.bpzx ( DrWEB: Trojan.Packed.21635, BitDefender: Gen:Variant.Kazy.64674, AVAST4: Win32:Morphex [Cryp] )
- c:\\windows\\l1rezerv.exe - HEUR:Trojan.Win32.Generic ( DrWEB: Trojan.DownLoad2.30127, BitDefender: Trojan.Agent.ASAJ, NOD32: Win32/TrojanDownloader.Delf.QQI trojan, AVAST4: Win32:Delf-QBF [Trj] )
- c:\\windows\\services32.exe - Trojan-PSW.Win32.VKont.bjc ( DrWEB: BackDoor.VkBase.47, BitDefender: Generic.Malware.SFPYVdPkTkWkg.64E22ACF, AVAST4: Win32:Delf-QBF [Trj] )
- c:\\windows\\systemup.exe - HEUR:Trojan.Win32.Generic ( DrWEB: Trojan.VkBase.38, BitDefender: Trojan.Agent.ASAJ, AVAST4: Win32:Delf-QBF [Trj] )
- c:\\windows\\update.2\\svchost.exe - Trojan.Win32.VkHost.dvj ( DrWEB: Trojan.DownLoader3.30182, BitDefender: Generic.Malware.SFHYVdhidWkg.628A73CB, AVAST4: Win32:Delf-QBF [Trj] )
- c:\\windows\\update.2\\2344.exe - Trojan.Win32.VkHost.dvs ( DrWEB: Trojan.DownLoader3.35016, BitDefender: Generic.Malware.SFHYVdhidWkg.0F757958, AVAST4: Win32:Delf-QBF [Trj] )
Рекомендации:
- Обнаружены троянские программы класса Trojan-PSW/Trojan-Spy - настоятельно рекомендуется поменять все пароли !
Уважаемый(ая) Olik, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.