Антивирусы ничего не находят.Спасибо за помощь.
Антивирусы ничего не находят.Спасибо за помощь.
выполните скрипт ....
пришлите карантин согласно приложения 3 правил ....Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\System32\expsdsqu.dll',''); QuarantineFile('C:\WINDOWS\system32\samlkbdn.dll',''); QuarantineFile('C:\WINDOWS\system32\expsdsqu.dll',''); QuarantineFile('C:\WINDOWS\system32\mqcat32.dll',''); QuarantineFile('C:\WINDOWS\system32\snsvcs.dll',''); QuarantineFile('C:\WINDOWS\system32\lOngserv.dll',''); QuarantineFile('C:\WINDOWS\system32\nytui2.dll',''); QuarantineFile('C:\WINDOWS\system32\CtdbLangTH.dll',''); QuarantineFile('C:\WINDOWS\system32\hvcoin.dll',''); QuarantineFile('C:\WINDOWS\system32\mdoeacct.dll',''); QuarantineFile('C:\WINDOWS\system32\egsadu.dll',''); QuarantineFile('C:\WINDOWS\system32\sxgina.dll',''); QuarantineFile('C:\WINDOWS\system32\dmprov.dll',''); QuarantineFile('C:\WINDOWS\system32\wnhtcpip.dll',''); QuarantineFile('C:\WINDOWS\system32\dtcprop2.dll',''); QuarantineFile('C:\WINDOWS\system32\ijakeng.dll',''); QuarantineFile('C:\WINDOWS\system32\dfprop.dll',''); QuarantineFile('C:\WINDOWS\wmrg110.exe',''); QuarantineFile('C:\WINDOWS\System32\wha1.116.exe',''); QuarantineFile('C:\WINDOWS\System32\execvsut.exe',''); QuarantineFile('C:\WINDOWS\system32\execvsut.dll',''); QuarantineFile('c:\windows\wmrg110.exe',''); QuarantineFile('c:\windows\system32\wha1.116.exe',''); QuarantineFile('c:\windows\system32\wgatray.exe',''); QuarantineFile('c:\windows\system32\read32.exe',''); QuarantineFile('c:\windows\system32\execvsut.exe',''); DeleteFile('c:\windows\system32\execvsut.exe'); DeleteFile('c:\windows\system32\read32.exe'); DeleteFile('c:\windows\system32\wgatray.exe'); DeleteFile('c:\windows\system32\wha1.116.exe'); DeleteFile('c:\windows\wmrg110.exe'); DeleteFile('C:\WINDOWS\system32\execvsut.dll'); DeleteFile('C:\WINDOWS\System32\execvsut.exe'); DeleteFile('C:\WINDOWS\System32\expsdsqu.dll'); DeleteFile('C:\WINDOWS\System32\wha1.116.exe'); DeleteFile('C:\WINDOWS\wmrg110.exe'); DeleteFile('C:\WINDOWS\system32\dfprop.dll'); DeleteFile('C:\WINDOWS\system32\ijakeng.dll'); DeleteFile('C:\WINDOWS\system32\dtcprop2.dll'); DeleteFile('C:\WINDOWS\system32\wnhtcpip.dll'); DeleteFile('C:\WINDOWS\system32\dmprov.dll'); DeleteFile('C:\WINDOWS\system32\sxgina.dll'); DeleteFile('C:\WINDOWS\system32\egsadu.dll'); DeleteFile('C:\WINDOWS\system32\mdoeacct.dll'); DeleteFile('C:\WINDOWS\system32\CtdbLangTH.dll'); DeleteFile('C:\WINDOWS\system32\nytui2.dll'); DeleteFile('C:\WINDOWS\system32\lOngserv.dll'); DeleteFile('C:\WINDOWS\system32\snsvcs.dll'); DeleteFile('C:\WINDOWS\system32\mqcat32.dll'); DeleteFile('C:\WINDOWS\system32\expsdsqu.dll'); DeleteFile('C:\WINDOWS\system32\samlkbdn.dll'); DeleteFile('C:\WINDOWS\System32\expsdsqu.dll'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; end.
повторите логи ....
Вот логи:
MyWebSearch - деинсталировать ...
пофиксите ..
выполните скрипт ...Код:O20 - AppInit_DLLs: mslbscha.dll rnr2msft.dll olearasr.dll e1.dll ipxrir32.dll jitmtxo.dll samlkbdn.dll O20 - Winlogon Notify: admewinr - C:\WINDOWS\system32\admewinr.dll (file missing) O20 - Winlogon Notify: ctl3pack - C:\WINDOWS\system32\ctl3pack.dll (file missing) O20 - Winlogon Notify: execvsut - C:\WINDOWS\ O20 - Winlogon Notify: icm3wmps - C:\WINDOWS\system32\icm3wmps.dll (file missing) O20 - Winlogon Notify: rasppowr - C:\WINDOWS\system32\rasppowr.dll (file missing) O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\jtjs0717e.dll (file missing)
пришлите карантин согласно приложения 3 правил....Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); ClearQuarantine; QuarantineFile('C:\WINDOWS\wmrg109.exe',''); QuarantineFile('C:\WINDOWS\wha1.113.exe',''); QuarantineFile('C:\WINDOWS\system32\rasppowr.dll',''); QuarantineFile('C:\WINDOWS\system32\jtjs0717e.dll',''); QuarantineFile('C:\WINDOWS\system32\icm3wmps.dll',''); QuarantineFile('C:\WINDOWS\system32\ctl3pack.dll',''); QuarantineFile('C:\WINDOWS\system32\admewinr.dll',''); QuarantineFile('C:\WINDOWS\System32\sscrtf.exe',''); QuarantineFile('C:\WINDOWS\gonz.exe',''); QuarantineFile('C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\lnf561a6.default\extensions\firebit@firebit\components\firebit.dll.dat',''); QuarantineFile('C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\lnf561a6.default\extensions\firebit@firebit\components\firebit.dll',''); DeleteFile('C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\lnf561a6.default\extensions\firebit@firebit\components\firebit.dll'); DeleteFile('C:\WINDOWS\gonz.exe'); DeleteFile('C:\WINDOWS\System32\sscrtf.exe'); DeleteFile('C:\WINDOWS\system32\admewinr.dll'); DeleteFile('C:\WINDOWS\system32\ctl3pack.dll'); DeleteFile('C:\WINDOWS\system32\icm3wmps.dll'); DeleteFile('C:\WINDOWS\system32\jtjs0717e.dll'); DeleteFile('C:\WINDOWS\system32\rasppowr.dll'); DeleteFile('C:\WINDOWS\wha1.113.exe'); DeleteFile('C:\WINDOWS\wmrg109.exe'); DeleteFile('C:\WINDOWS\system32\mevcrt.dll'); DeleteFile('C:\WINDOWS\system32\lDngwrbk.dll'); DeleteFile('C:\WINDOWS\system32\ilclass.dll'); DeleteFile('C:\WINDOWS\system32\slnike.dll'); DeleteFile('C:\WINDOWS\system32\guard.tmp'); DeleteFile('C:\WINDOWS\system32\gzkcsp.dll'); DeleteFile('C:\WINDOWS\system32\dpghelp.dll'); DeleteFile('C:\WINDOWS\system32\imsecsvc.dll'); DeleteFile('C:\WINDOWS\system32\cbgbkend.dll'); DeleteFile('C:\WINDOWS\system32\tFpiperf.dll'); DeleteFile('C:\WINDOWS\system32\gdmf32.dll'); DeleteFile('C:\WINDOWS\system32\mols31.dll'); DeleteFile('C:\WINDOWS\system32\pKutoenr.dll'); DeleteFile('C:\WINDOWS\system32\lytif13n.dll'); DeleteFile('C:\WINDOWS\system32\mjvcp71.dll'); DeleteFile('C:\WINDOWS\system32\scell.dll'); DeleteFile('C:\WINDOWS\system32\rcchost.dll'); DeleteFile('C:\WINDOWS\system32\kpdlv1.dll'); DeleteFile('C:\WINDOWS\system32\aovapi32.dll'); DeleteFile('C:\WINDOWS\system32\kjdhela3.dll'); DeleteFile('C:\WINDOWS\system32\ualmon.dll'); DeleteFile('C:\WINDOWS\system32\hutplug.dll'); DeleteFile('C:\WINDOWS\system32\kvdusr.dll'); DeleteFile('C:\WINDOWS\system32\meutil.dll'); DeleteFile('C:\WINDOWS\system32\siclogon.dll'); DeleteFile('C:\WINDOWS\system32\skrialui.dll'); DeleteFile('C:\WINDOWS\system32\hS23msp.dll'); DeleteFile('C:\WINDOWS\system32\iov6mon.dll'); DeleteFile('C:\WINDOWS\system32\rOcpldlg.dll'); DeleteFile('C:\WINDOWS\system32\pPpgraph.dll'); DeleteFile('C:\WINDOWS\system32\wxbhits.dll'); DeleteFile('C:\WINDOWS\system32\cDmocx.dll'); DeleteFile('C:\WINDOWS\system32\ikssuba.dll'); DeleteFile('C:\WINDOWS\system32\dcsetup.dll'); DeleteFile('C:\WINDOWS\system32\mg43dmod.dll'); DeleteFile('C:\WINDOWS\system32\wasdmod.dll'); DeleteFile('C:\WINDOWS\system32\ccseqchk.dll'); DeleteFile('C:\WINDOWS\system32\oztext32.dll'); DeleteFile('C:\WINDOWS\system32\xclprovi.dll'); DeleteFile('C:\WINDOWS\system32\tdntsvrp.dll'); DeleteFile('C:\WINDOWS\system32\dadlgs.dll'); DeleteFile('C:\WINDOWS\system32\MTC71KOR.DLL'); DeleteFile('C:\WINDOWS\system32\mpprivs.dll'); DeleteFile('C:\WINDOWS\system32\ofecli.dll'); DeleteFile('C:\WINDOWS\system32\rB6u0ij9e8o.dll'); DeleteFile('C:\WINDOWS\system32\kjdaze.dll'); DeleteFile('C:\WINDOWS\system32\izakeng.dll'); DeleteFile('C:\WINDOWS\system32\oxjsel.dll'); DeleteFile('C:\WINDOWS\system32\mwaudite.dll'); DeleteFile('C:\WINDOWS\system32\calbact.dll'); DeleteFile('C:\WINDOWS\system32\mivbvm50.dll'); DeleteFile('C:\WINDOWS\system32\pNpgraph.dll'); DeleteFile('C:\WINDOWS\system32\sbarddlg.dll'); DeleteFile('C:\WINDOWS\system32\purfnw.dll'); DeleteFile('C:\WINDOWS\system32\iheshare.dll'); DeleteFile('C:\WINDOWS\system32\vhscript.dll'); DeleteFile('C:\WINDOWS\system32\momefilt.dll'); DeleteFile('C:\WINDOWS\system32\wsbcheck.dll'); DeleteFile('C:\WINDOWS\system32\rlgsvc.dll'); DeleteFile('C:\WINDOWS\system32\mbdemui.dll'); DeleteFile('C:\WINDOWS\system32\rwmotepg.dll'); DeleteFile('C:\WINDOWS\system32\ddnput8.dll'); DeleteFile('C:\WINDOWS\system32\erent97.dll'); DeleteFile('C:\WINDOWS\system32\pHutoenr.dll'); DeleteFile('C:\WINDOWS\system32\jabexec.dll'); DeleteFile('C:\WINDOWS\system32\lmfil13n.DLL'); DeleteFile('C:\WINDOWS\system32\zepfldr.dll'); DeleteFile('C:\WINDOWS\system32\abtapi.dll'); DeleteFile('C:\WINDOWS\system32\smlwoa.dll'); DeleteFile('C:\WINDOWS\system32\cyl3d32.dll'); DeleteFile('C:\WINDOWS\system32\myprivs.dll'); DeleteFile('C:\WINDOWS\system32\krdfi1.dll'); DeleteFile('C:\WINDOWS\system32\fndrclnr.dll'); DeleteFile('C:\WINDOWS\system32\avvpack.dll'); DeleteFile('C:\WINDOWS\system32\nulanman.dll'); DeleteFile('C:\WINDOWS\system32\pHpsvc.dll'); DeleteFile('C:\WINDOWS\system32\ejtmgr.dll'); DeleteFile('C:\WINDOWS\system32\drusic.dll'); DeleteFile('C:\WINDOWS\system32\mapatcha.dll'); DeleteFile('C:\WINDOWS\system32\mxports.dll'); DeleteFile('C:\WINDOWS\system32\MYC71DEU.DLL'); DeleteFile('C:\WINDOWS\system32\dzmasf.dll'); DeleteFile('C:\WINDOWS\system32\cjmsnap.dll'); DeleteFile('C:\WINDOWS\system32\kqdukx.dll'); DeleteFile('C:\WINDOWS\system32\dd32gt.dll'); DeleteFile('C:\WINDOWS\system32\sdndcmsg.dll'); DeleteFile('C:\WINDOWS\system32\wQsdmod.dll'); DeleteFile('C:\WINDOWS\system32\ivclass.dll'); DeleteFile('C:\WINDOWS\system32\shcpack.dll'); DeleteFile('C:\WINDOWS\system32\kfdsmsfi.dll'); DeleteFile('C:\WINDOWS\system32\wjv8dmod.dll'); DeleteFile('C:\WINDOWS\system32\cTmocx.dll'); DeleteFile('C:\WINDOWS\system32\chgbkend.dll'); DeleteFile('C:\WINDOWS\system32\jqsd400.dll'); DeleteFile('C:\WINDOWS\system32\IH50_QC.DLL'); DeleteFile('C:\WINDOWS\system32\uwrsdpia.dll'); DeleteFile('C:\WINDOWS\system32\nitui2.dll'); DeleteFile('C:\WINDOWS\system32\insutil.dll'); DeleteFile('C:\WINDOWS\system32\mujint40.dll'); DeleteFile('C:\WINDOWS\system32\dWtime.dll'); DeleteFile('C:\WINDOWS\system32\tebyuv.dll'); DeleteFile('C:\WINDOWS\system32\mscoree.dll'); DeleteFile('C:\WINDOWS\system32\jipl400.dll'); DeleteFile('C:\WINDOWS\system32\rNsrad.dll'); DeleteFile('C:\WINDOWS\system32\movidctl.dll'); DeleteFile('C:\WINDOWS\system32\buowseui.dll'); DeleteFile('C:\WINDOWS\system32\wtigest.dll'); DeleteFile('C:\WINDOWS\system32\dzvenum.dll'); DeleteFile('C:\WINDOWS\system32\sfcsccp.dll'); DeleteFile('C:\WINDOWS\system32\dprgui.dll'); DeleteFile('C:\WINDOWS\system32\wxadmod.dll'); DeleteFile('C:\WINDOWS\system32\ma4sdmod.dll'); DeleteFile('C:\WINDOWS\system32\gaedit.dll'); DeleteFile('C:\WINDOWS\system32\ptdgen.dll'); DeleteFile('C:\WINDOWS\system32\kqdsmsfi.dll'); DeleteFile('C:\WINDOWS\system32\srrrun.dll'); DeleteFile('C:\WINDOWS\system32\mevci70.dll'); DeleteFile('C:\WINDOWS\system32\smoolss.dll'); DeleteFile('C:\WINDOWS\system32\nvtui2.dll'); DeleteFile('C:\WINDOWS\system32\citdll.dll'); DeleteFile('C:\WINDOWS\system32\sybrccsp.dll'); DeleteFile('C:\WINDOWS\system32\myc71u.dll'); DeleteFile('C:\WINDOWS\system32\cwrsrv.dll'); DeleteFile('C:\WINDOWS\system32\kddsmsfi.dll'); DeleteFile('C:\WINDOWS\system32\tKpiui.dll'); DeleteFile('C:\WINDOWS\system32\dwutil.dll'); DeleteFile('C:\WINDOWS\system32\mgsign32.dll'); DeleteFile('C:\WINDOWS\system32\arsldpc.dll'); DeleteFile('C:\WINDOWS\system32\dolayx.dll'); DeleteFile('C:\WINDOWS\system32\wbpsrcwp.dll'); DeleteFile('C:\WINDOWS\system32\snsvcs.dll'); DeleteFile('C:\WINDOWS\system32\lOngserv.dll'); DeleteFile('C:\WINDOWS\system32\nytui2.dll'); DeleteFile('C:\WINDOWS\system32\CtdbLangTH.dll'); DeleteFile('C:\WINDOWS\system32\hvcoin.dll'); DeleteFile('C:\WINDOWS\system32\egsadu.dll'); DeleteFile('C:\WINDOWS\system32\mdoeacct.dll'); DeleteFile('C:\WINDOWS\system32\sxgina.dll'); DeleteFile('C:\WINDOWS\system32\dmprov.dll'); DeleteFile('C:\WINDOWS\system32\wnhtcpip.dll'); DeleteFile('C:\WINDOWS\system32\dtcprop2.dll'); DeleteFile('C:\WINDOWS\system32\dfprop.dll'); DeleteFile('C:\WINDOWS\system32\kjrberos.dll'); DeleteFile('C:\WINDOWS\system32\mmxml4.dll'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
повторите логи ...
Карантин отправил. Вот логи:
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
После выполнения скрипта компьютер перезагрузится.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(true); SetServiceStart('cmdService', 4); StopService('cmdService'); QuarantineFile('C:\WINDOWS\RWxlbmE\command.exe',''); SetServiceStart('Network Monitor', 4); StopService('Network Monitor'); QuarantineFile('C:\Program Files\Network Monitor\netmon.exe',''); DeleteFile('C:\WINDOWS\RWxlbmE\command.exe'); DeleteFile('C:\Program Files\Network Monitor\netmon.exe'); DeleteFile('C:\WINDOWS\system32\mevcrt.dll'); DeleteFile('C:\WINDOWS\system32\lDngwrbk.dll'); DeleteFile('C:\WINDOWS\system32\ilclass.dll'); DeleteFile('C:\WINDOWS\system32\slnike.dll'); DeleteFile('C:\WINDOWS\system32\guard.tmp'); DeleteFile('C:\WINDOWS\system32\gzkcsp.dll'); DeleteFile('C:\WINDOWS\system32\dpghelp.dll'); DeleteFile('C:\WINDOWS\system32\imsecsvc.dll'); DeleteFile('C:\WINDOWS\system32\cbgbkend.dll'); DeleteFile('C:\WINDOWS\system32\tFpiperf.dll'); DeleteFile('C:\WINDOWS\system32\gdmf32.dll'); DeleteFile('C:\WINDOWS\system32\mols31.dll'); DeleteFile('C:\WINDOWS\system32\pKutoenr.dll'); DeleteFile('C:\WINDOWS\system32\lytif13n.dll'); DeleteFile('C:\WINDOWS\system32\mjvcp71.dll'); DeleteFile('C:\WINDOWS\system32\scell.dll'); DeleteFile('C:\WINDOWS\system32\rcchost.dll'); DeleteFile('C:\WINDOWS\system32\kpdlv1.dll'); DeleteFile('C:\WINDOWS\system32\aovapi32.dll'); DeleteFile('C:\WINDOWS\system32\kjdhela3.dll'); DeleteFile('C:\WINDOWS\system32\ualmon.dll'); DeleteFile('C:\WINDOWS\system32\hutplug.dll'); DeleteFile('C:\WINDOWS\system32\kvdusr.dll'); DeleteFile('C:\WINDOWS\system32\ieircl.dll'); DeleteFile('C:\WINDOWS\system32\meutil.dll'); DeleteFile('C:\WINDOWS\system32\siclogon.dll'); DeleteFile('C:\WINDOWS\system32\skrialui.dll'); DeleteFile('C:\WINDOWS\system32\hS23msp.dll'); DeleteFile('C:\WINDOWS\system32\llc32vc0.dll'); DeleteFile('C:\WINDOWS\system32\iov6mon.dll'); DeleteFile('C:\WINDOWS\system32\rOcpldlg.dll'); DeleteFile('C:\WINDOWS\system32\pPpgraph.dll'); DeleteFile('C:\WINDOWS\system32\wxbhits.dll'); DeleteFile('C:\WINDOWS\system32\cDmocx.dll'); DeleteFile('C:\WINDOWS\system32\ikssuba.dll'); DeleteFile('C:\WINDOWS\system32\dcsetup.dll'); DeleteFile('C:\WINDOWS\system32\mg43dmod.dll'); DeleteFile('C:\WINDOWS\system32\ccseqchk.dll'); DeleteFile('C:\WINDOWS\system32\wasdmod.dll'); DeleteFile('C:\WINDOWS\system32\oztext32.dll'); DeleteFile('C:\WINDOWS\system32\xclprovi.dll'); DeleteFile('C:\WINDOWS\system32\tdntsvrp.dll'); DeleteFile('C:\WINDOWS\system32\dadlgs.dll'); DeleteFile('C:\WINDOWS\system32\MTC71KOR.DLL'); DeleteFile('C:\WINDOWS\system32\mpprivs.dll'); DeleteFile('C:\WINDOWS\system32\ofecli.dll'); DeleteFile('C:\WINDOWS\system32\rB6u0ij9e8o.dll'); DeleteFile('C:\WINDOWS\system32\kjdaze.dll'); DeleteFile('C:\WINDOWS\system32\izakeng.dll'); DeleteFile('C:\WINDOWS\system32\oxjsel.dll'); DeleteFile('C:\WINDOWS\system32\mwaudite.dll'); DeleteFile('C:\WINDOWS\system32\calbact.dll'); DeleteFile('C:\WINDOWS\system32\mivbvm50.dll'); DeleteFile('C:\WINDOWS\system32\pNpgraph.dll'); DeleteFile('C:\WINDOWS\system32\sbarddlg.dll'); DeleteFile('C:\WINDOWS\system32\purfnw.dll'); DeleteFile('C:\WINDOWS\system32\iheshare.dll'); DeleteFile('C:\WINDOWS\system32\vhscript.dll'); DeleteFile('C:\WINDOWS\system32\momefilt.dll'); DeleteFile('C:\WINDOWS\system32\wsbcheck.dll'); DeleteFile('C:\WINDOWS\system32\rlgsvc.dll'); DeleteFile('C:\WINDOWS\system32\mbdemui.dll'); DeleteFile('C:\WINDOWS\system32\rwmotepg.dll'); DeleteFile('C:\WINDOWS\system32\ddnput8.dll'); DeleteFile('C:\WINDOWS\system32\erent97.dll'); DeleteFile('C:\WINDOWS\system32\pHutoenr.dll'); DeleteFile('C:\WINDOWS\system32\gyedit.dll'); DeleteFile('C:\WINDOWS\system32\jabexec.dll'); DeleteFile('C:\WINDOWS\system32\lmfil13n.DLL'); DeleteFile('C:\WINDOWS\system32\zepfldr.dll'); DeleteFile('C:\WINDOWS\system32\abtapi.dll'); DeleteFile('C:\WINDOWS\system32\smlwoa.dll'); DeleteFile('C:\WINDOWS\system32\cyl3d32.dll'); DeleteFile('C:\WINDOWS\system32\myprivs.dll'); DeleteFile('C:\WINDOWS\system32\krdfi1.dll'); DeleteFile('C:\WINDOWS\system32\fndrclnr.dll'); DeleteFile('C:\WINDOWS\system32\avvpack.dll'); DeleteFile('C:\WINDOWS\system32\nulanman.dll'); DeleteFile('C:\WINDOWS\system32\pHpsvc.dll'); DeleteFile('C:\WINDOWS\system32\ejtmgr.dll'); DeleteFile('C:\WINDOWS\system32\drusic.dll'); DeleteFile('C:\WINDOWS\system32\mapatcha.dll'); DeleteFile('C:\WINDOWS\system32\mxports.dll'); DeleteFile('C:\WINDOWS\system32\MYC71DEU.DLL'); DeleteFile('C:\WINDOWS\system32\dzmasf.dll'); DeleteFile('C:\WINDOWS\system32\cjmsnap.dll'); DeleteFile('C:\WINDOWS\system32\kqdukx.dll'); DeleteFile('C:\WINDOWS\system32\dd32gt.dll'); DeleteFile('C:\WINDOWS\system32\sdndcmsg.dll'); DeleteFile('C:\WINDOWS\system32\wQsdmod.dll'); DeleteFile('C:\WINDOWS\system32\ivclass.dll'); DeleteFile('C:\WINDOWS\system32\shcpack.dll'); DeleteFile('C:\WINDOWS\system32\kfdsmsfi.dll'); DeleteFile('C:\WINDOWS\system32\wjv8dmod.dll'); DeleteFile('C:\WINDOWS\system32\cTmocx.dll'); DeleteFile('C:\WINDOWS\system32\chgbkend.dll'); DeleteFile('C:\WINDOWS\system32\jqsd400.dll'); DeleteFile('C:\WINDOWS\system32\IH50_QC.DLL'); DeleteFile('C:\WINDOWS\system32\uwrsdpia.dll'); DeleteFile('C:\WINDOWS\system32\nitui2.dll'); DeleteFile('C:\WINDOWS\system32\insutil.dll'); DeleteFile('C:\WINDOWS\system32\mujint40.dll'); DeleteFile('C:\WINDOWS\system32\dWtime.dll'); DeleteFile('C:\WINDOWS\system32\tebyuv.dll'); DeleteFile('C:\WINDOWS\system32\jipl400.dll'); DeleteFile('C:\WINDOWS\system32\rNsrad.dll'); DeleteFile('C:\WINDOWS\system32\movidctl.dll'); DeleteFile('C:\WINDOWS\system32\buowseui.dll'); DeleteFile('C:\WINDOWS\system32\wtigest.dll'); DeleteFile('C:\WINDOWS\system32\dzvenum.dll'); DeleteFile('C:\WINDOWS\system32\sfcsccp.dll'); DeleteFile('C:\WINDOWS\system32\dprgui.dll'); DeleteFile('C:\WINDOWS\system32\wxadmod.dll'); DeleteFile('C:\WINDOWS\system32\ma4sdmod.dll'); DeleteFile('C:\WINDOWS\system32\gaedit.dll'); DeleteFile('C:\WINDOWS\system32\ptdgen.dll'); DeleteFile('C:\WINDOWS\system32\kqdsmsfi.dll'); DeleteFile('C:\WINDOWS\system32\mevci70.dll'); DeleteFile('C:\WINDOWS\system32\smoolss.dll'); DeleteFile('C:\WINDOWS\system32\nvtui2.dll'); DeleteFile('C:\WINDOWS\system32\citdll.dll'); DeleteFile('C:\WINDOWS\system32\sybrccsp.dll'); DeleteFile('C:\WINDOWS\system32\myc71u.dll'); DeleteFile('C:\WINDOWS\system32\cwrsrv.dll'); DeleteFile('C:\WINDOWS\system32\kddsmsfi.dll'); DeleteFile('C:\WINDOWS\system32\tKpiui.dll'); DeleteFile('C:\WINDOWS\system32\dwutil.dll'); DeleteFile('C:\WINDOWS\system32\mgsign32.dll'); DeleteFile('C:\WINDOWS\system32\arsldpc.dll'); DeleteFile('C:\WINDOWS\system32\dolayx.dll'); DeleteFile('C:\WINDOWS\system32\wbpsrcwp.dll'); DeleteFile('C:\WINDOWS\system32\mqcat32.dll'); DeleteFile('C:\WINDOWS\system32\snsvcs.dll'); DeleteFile('C:\WINDOWS\system32\lOngserv.dll'); DeleteFile('C:\WINDOWS\system32\nytui2.dll'); DeleteFile('C:\WINDOWS\system32\CtdbLangTH.dll'); DeleteFile('C:\WINDOWS\system32\hvcoin.dll'); DeleteFile('C:\WINDOWS\system32\mdoeacct.dll'); DeleteFile('C:\WINDOWS\system32\egsadu.dll'); DeleteFile('C:\WINDOWS\system32\sxgina.dll'); DeleteFile('C:\WINDOWS\system32\dmprov.dll'); DeleteFile('C:\WINDOWS\system32\wnhtcpip.dll'); DeleteFile('C:\WINDOWS\system32\dtcprop2.dll'); DeleteFile('C:\WINDOWS\system32\ijakeng.dll'); DeleteFile('C:\WINDOWS\system32\dfprop.dll'); DeleteFile('C:\WINDOWS\system32\kjrberos.dll'); DeleteFile('C:\WINDOWS\system32\mmxml4.dll'); DeleteService('Network Monitor'); DeleteService('cmdService'); BC_ImportALL; BC_Activate; ExecuteSysClean; RebootWindows(true); end.
Прислать карантин согласно приложения 3 правил .
Загружать по ссылке: http://virusinfo.info/upload_virus.php?tid=19626
Добавлено через 6 минут
Пофиксить в HijackThis следующие строчки ( http://virusinfo.info/showthread.php?t=4491 )
Код:O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
Повторите логи
Последний раз редактировалось akoK; 12.03.2008 в 15:13. Причина: Добавлено
Microsoft Most Valuable Professional in Consumer Security
Карантин отправил. Логи:
- выполнить пункт 2 правил ...
- авз - мастер поиска и устанения проблем насройки и твики браузера все проблемы - устранить ..
- повторить логи начиная с пункта 10 правил ...
Статистика проведенного лечения:
- Получено карантинов: 3
- Обработано файлов: 3
- В ходе лечения вредоносные программы в карантинах не обнаружены
Уважаемый(ая) revg, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.