классный зоопарк вот что значит под админом погулять
Пофиксить в hijackthis
Код:
F2 - REG:system.ini: Shell=C:\WINDOWS\Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Help - {CADB5E0F-0223-A58F-D6EF-326223BC90CA} - C:\WINDOWS\system\hnqtse32.dll (file missing)
O2 - BHO: WRL Advisor - {D08B4B63-1A30-4D54-AAAA-F1DF3A8CFF42} - C:\WINDOWS\qnmargolwlp.dll
O2 - BHO: 382077 helper - {F0A035EC-C865-4E47-BF73-B17741DD5232} - (no file)
AVZ Файл - Выполнить скрипт --Скопировать ниже написанный скрипт-- Запустить.
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\Temp\iframestat.exe','');
QuarantineFile('C:\WINDOWS\system32\vbsys2.dll','');
DelBHO('{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}');
DelBHO('{F0A035EC-C865-4E47-BF73-B17741DD5232}');
DelBHO('{D08B4B63-1A30-4D54-AAAA-F1DF3A8CFF42}');
DelBHO('{CADB5E0F-0223-A58F-D6EF-326223BC90CA}');
QuarantineFile('C:\WINDOWS\system\hnqtse32.dll','');
QuarantineFile('C:\WINDOWS\system32\WLXqyp.dll','');
QuarantineFile('C:\WINDOWS\system32\WLCtrl32.dll','');
QuarantineFile('C:\WINDOWS\wdpoefan.dll','');
QuarantineFile('C:\WINDOWS\taskmon.exe','');
QuarantineFile('C:\WINDOWS\system32\vydwpgvo.exe','');
QuarantineFile('C:\WINDOWS\system32\vedxg6ame4.exe','');
QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\spools.exe','');
QuarantineFile('C:\WINDOWS\system32\cssrss.exe','');
QuarantineFile('C:\WINDOWS\mrofinu27.exe','');
QuarantineFile('C:\WINDOWS\kavir.exe','');
QuarantineFile('C:\WINDOWS\Resources\KernelCD.dll','');
QuarantineFile('C:\Program Files\antiviirus.exe','');
QuarantineFile('C:\Documents and Settings\lvmz\cftmon.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\cftmon.exe','');
QuarantineFile('C:\Documents and Settings\All Users\Документы\Settings\partnership.dll','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ldg18.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\kbd.sys','');
QuarantineFile('C:\WINDOWS\TEMP\cmds.exe','');
QuarantineFile('c:\windows\system32\msupd32.sys','');
QuarantineFile('C:\WINDOWS\system32\mnmsrvc.exe','');
QuarantineFile('C:\Documents and Settings\Пользователь\ie_updates3r.exe','');
QuarantineFile('C:\WINDOWS\TEMP\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\qandr.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\lemsgt.sys','');
QuarantineFile('C:\WINDOWS\system32\ckldrv.sys','');
QuarantineFile('C:\WINDOWS\vadokmxt.dll','');
QuarantineFile('C:\WINDOWS\system32\WLXqyp.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\hmbgdezc\bytmvqlg.exe','');
QuarantineFile('c:\autoex.dll','');
TerminateProcessByName('c:\windows\system32\drivers\spools.exe');
QuarantineFile('c:\windows\system32\drivers\spools.exe','');
DeleteFile('c:\windows\system32\drivers\spools.exe');
DeleteFile('c:\autoex.dll');
DeleteFile('C:\Documents and Settings\All Users\Application Data\hmbgdezc\bytmvqlg.exe');
DeleteFile('C:\WINDOWS\system32\WLXqyp.dll');
DeleteFile('C:\WINDOWS\vadokmxt.dll');
DeleteFile('C:\WINDOWS\system32\drivers\qandr.sys');
DeleteFile('C:\WINDOWS\TEMP\svchost.exe');
DeleteFile('C:\Documents and Settings\Пользователь\ie_updates3r.exe');
DeleteFile('C:\WINDOWS\system32\mnmsrvc.exe');
DeleteFile('c:\windows\system32\msupd32.sys');
DeleteFile('C:\WINDOWS\TEMP\cmds.exe');
DeleteFile('C:\WINDOWS\system32\drivers\kbd.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ldg18.sys');
DeleteFile('C:\Documents and Settings\All Users\Документы\Settings\partnership.dll');
DeleteFile('C:\Documents and Settings\LocalService\cftmon.exe');
DeleteFile('C:\Documents and Settings\lvmz\cftmon.exe');
DeleteFile('C:\Program Files\antiviirus.exe');
DeleteFile('C:\WINDOWS\kavir.exe');
DeleteFile('C:\WINDOWS\mrofinu27.exe');
DeleteFile('C:\WINDOWS\system32\cssrss.exe');
DeleteFile('C:\WINDOWS\system32\drivers\spools.exe');
DeleteFile('C:\WINDOWS\system32\ntos.exe');
DeleteFile('C:\WINDOWS\system32\vedxg6ame4.exe');
DeleteFile('C:\WINDOWS\system32\vydwpgvo.exe');
DeleteFile('C:\WINDOWS\taskmon.exe');
DeleteFile('C:\WINDOWS\wdpoefan.dll');
DeleteFile('C:\WINDOWS\system32\WLCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\WLXqyp.dll');
DeleteFile('C:\WINDOWS\system\hnqtse32.dll');
DeleteFile('C:\WINDOWS\system32\vbsys2.dll');
DeleteFile('C:\WINDOWS\Temp\iframestat.exe');
BC_DeleteSvc('Ldg18');
BC_DeleteSvc('kbd');
BC_DeleteSvc('RasMan');
BC_DeleteSvc('msupdate');
BC_DeleteSvc('mnmsrvc');
BC_DeleteSvc('Google Online Services');
BC_DeleteSvc('dmserverRSVP');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(1);
ExecuteRepair(2);
ExecuteRepair(4);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(10);
ExecuteRepair(11);
BC_Activate;
RebootWindows(true);
end.
Прислать карантин согласно приложения 3 правил .
Загружать по ссылке: http://virusinfo.info/upload_virus.php?tid=22130
новые логи сделать.