-
Junior Member
- Вес репутации
- 52
sms на номер 5121
Прошу помочь убрать баннер: " sms на номер 5121"
логи прилагаются, кроме HiJackThis: при запуске он выходит под баннером, ничего сделать невозможно.
Очистка производилась рекомендованными программами, как в безопасном режиме, так и с LiveCD. Баннер остался, компьютер выключается только через питание
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
Ну и жуть
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\documents and settings\all users\systems.exe');
QuarantineFile('c:\documents and settings\all users\systems.exe','');
QuarantineFile('karina.dat','');
QuarantineFile('\\?\globalroot\systemroot\system32\LXSNR6r.exe','');
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\blphcpqbj0ea7v.scr','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxg31.sys','');
QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe','');
DeleteFile('c:\documents and settings\all users\systems.exe');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxg31.sys');
DeleteFile('C:\WINDOWS\system32\blphcpqbj0ea7v.scr');
DeleteFile('karina.dat');
DeleteFile('WinCtrl32.dll');
DeleteFile('\\?\globalroot\systemroot\system32\LXSNR6r.exe');
DelBHO('{07B18EA9-A523-4961-B6BB-170DE4475CCA}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Shell');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Control Panel\Desktop','scrnsave.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Control Panel\Desktop','scrnsave.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Control Panel\Desktop','scrnsave.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32','DLLName');
DeleteFileMask('C:\PROGRA~1\MYWEBS~1', '*.*', true);
DeleteDirectory('C:\PROGRA~1\MYWEBS~1');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('Winxg31');
BC_DeleteSvc('xmlprovTrkWks');
BC_DeleteSvc('xmlprovCOMSysAppwuauservIrmonTrkWksThemesCiSvc');
BC_DeleteSvc('xmlprovCOMSysAppwuauservIrmon');
BC_DeleteSvc('WZCSVCccISPwdSvcDnscache');
BC_DeleteSvc('wuauservBITSNtmsSvcProtectedStorageWZCSVC');
BC_DeleteSvc('WmiApSrvusnjsvcSysmonLogWebClientProtectedStorageAtiIrmon');
BC_DeleteSvc('WmiApSrvusnjsvcNlaIrmonW32Time');
BC_DeleteSvc('WmiApSrvusnjsvc');
BC_DeleteSvc('WmiApSrvseclogon');
BC_DeleteSvc('WLSetupSvcSAVScanmnmsrvcVSS');
BC_DeleteSvc('WLSetupSvcSAVScangusvcstisvcRasMan');
BC_DeleteSvc('WLSetupSvcSAVScangusvc');
BC_DeleteSvc('WLSetupSvcSAVScan');
BC_DeleteSvc('WLSetupSvcPolicyAgentNetDDEccISPwdSvcDnscache');
BC_DeleteSvc('WebClientlanmanworkstation');
BC_DeleteSvc('VSSDnscacheSysmonLog');
BC_DeleteSvc('UPSWmdmPmSN');
BC_DeleteSvc('upnphostdmserverTrkWksdmserverTrkWks');
BC_DeleteSvc('TrkWksThemesCiSvc');
BC_DeleteSvc('TrkWksThemes');
BC_DeleteSvc('TrkWkssrservicelanmanworkstationWLSetupSvc');
BC_DeleteSvc('SysmonLogWebClientProtectedStorageRasManBITSNtmsSvc');
BC_DeleteSvc('SysmonLogWebClientProtectedStorageDcomLaunchRemoteAccessRpcSs');
BC_DeleteSvc('SysmonLogWebClientProtectedStorageCOMSysAppALGWmdmPmSNdmadminSPBBCSvc');
BC_DeleteSvc('SysmonLogWebClientProtectedStorage Core LC');
BC_DeleteSvc('SysmonLogWebClientProtectedStorageAtiIrmon');
BC_DeleteSvc('SysmonLogWebClientProtectedStorage');
BC_DeleteSvc('SysmonLogWebClientdmserverTrkWks');
BC_DeleteSvc('SysmonLogWebClient');
BC_DeleteSvc('SysmonLogVSS');
BC_DeleteSvc('SysmonLogDhcpTapiSrvdmserverdmserverTrkWksdmserverTrkWksCOMSysAppwuauservIrmonMessengerUMWdf');
BC_DeleteSvc('SysmonLogDhcpTapiSrv');
BC_DeleteSvc('SwPrvSENSsrservicelanmanworkstationmnmsrvcVSSSAVScanRSVPImapiService');
BC_DeleteSvc('SwPrvdmadmin');
BC_DeleteSvc('SwPrvALG');
BC_DeleteSvc('stisvcstisvcnavapsvcSharedAccess');
BC_DeleteSvc('stisvcstisvcnavapsvcFastUserSwitchingCompatibility');
BC_DeleteSvc('stisvcstisvcnavapsvc');
BC_DeleteSvc('stisvcRasMan');
BC_DeleteSvc('stisvcnavapsvc');
BC_DeleteSvc('stisvcMyWebSearchServiceShellHWDetection');
BC_DeleteSvc('stisvcMyWebSearchService');
BC_DeleteSvc('stisvclanmanserverBrowser');
BC_DeleteSvc('SSDPSRVMyWebSearchService');
BC_DeleteSvc('SSDPSRVmnmsrvc');
BC_DeleteSvc('srservicelanmanworkstationWLSetupSvc');
BC_DeleteSvc('srservicelanmanworkstationsrservicelanmanworkstationmnmsrvcVSSSAVScanRSVPImapiService');
BC_DeleteSvc('srservicelanmanworkstationNSCServicestisvcstisvcnavapsvc');
BC_DeleteSvc('srservicelanmanworkstationNSCServiceSCardSvr');
BC_DeleteSvc('srservicelanmanworkstationNSCService');
BC_DeleteSvc('srservicelanmanworkstationmnmsrvcVSSSAVScanRSVPImapiServicesrservice');
BC_DeleteSvc('srservicelanmanworkstationmnmsrvcVSSSAVScanRSVPImapiService');
BC_DeleteSvc('srservicelanmanworkstation HotKey Poller');
BC_DeleteSvc('srservicelanmanworkstation');
BC_DeleteSvc('SPBBCSvcLightScribeServiceSwPrv');
BC_DeleteSvc('SPBBCSvcImapiService');
BC_DeleteSvc('SPBBCSvcAtiIrmonRemoteAccessALGWmdmPmSN');
BC_DeleteSvc('SNDSrvcRSVPImapiService');
BC_DeleteSvc('ShellHWDetectionW32Time');
BC_DeleteSvc('SharedAccessShellHWDetectionW32Time');
BC_DeleteSvc('SENSsrservicelanmanworkstationmnmsrvcVSSSAVScanRSVPImapiService');
BC_DeleteSvc('SENSSchedulemnmsrvcVSS');
BC_DeleteSvc('SchedulemnmsrvcVSS');
BC_DeleteSvc('ScheduleFastUserSwitchingCompatibilityMDMCOMSysAppwuauservwuauservDnscache');
BC_DeleteSvc('ScheduleFastUserSwitchingCompatibilityMDMCOMSysAppwuauservwuauserv');
BC_DeleteSvc('ScheduleFastUserSwitchingCompatibility');
BC_DeleteSvc('SAVScanRDSessMgr');
BC_DeleteSvc('RSVPImapiService');
BC_DeleteSvc('RpcSsRpcSsCryptSvc');
BC_DeleteSvc('RpcSsCryptSvc');
BC_DeleteSvc('RpcLocatordmserver');
BC_DeleteSvc('RemoteAccessRpcSsmnmsrvcVSSSAVScanALG');
BC_DeleteSvc('RemoteAccessRpcSs');
BC_DeleteSvc('RemoteAccessALGWmdmPmSNWmiApSrv');
BC_DeleteSvc('RemoteAccessALGWmdmPmSN');
BC_DeleteSvc('RDSessMgrWebClientlanmanworkstation');
BC_DeleteSvc('RDSessMgrSNDSrvc Core LC');
BC_DeleteSvc('RDSessMgrSNDSrvc');
BC_DeleteSvc('RDSessMgrRasManBITSNtmsSvcSwPrv');
BC_DeleteSvc('RDSessMgrRasManBITSNtmsSvcLightScribeServiceSwPrvLightScribeServiceNtmsSvc');
BC_DeleteSvc('RDSessMgrRasManBITSNtmsSvc');
BC_DeleteSvc('RasManSSDPSRVMyWebSearchService');
BC_DeleteSvc('RasManBITSNtmsSvcoseMDM');
BC_DeleteSvc('RasManBITSNtmsSvcdmadminERSvcLmHosts');
BC_DeleteSvc('RasManBITSNtmsSvc');
BC_DeleteSvc('ProtectedStorageWZCSVC');
BC_DeleteSvc('PolicyAgentNetDDEccISPwdSvcDnscacheoseMDMHTTPFilter');
BC_DeleteSvc('PolicyAgentNetDDEccISPwdSvcDnscache');
BC_DeleteSvc('PlugPlayWLSetupSvcSAVScanDhcpSysmonLogVSSdmserverTrkWks');
BC_DeleteSvc('PlugPlayWLSetupSvcSAVScan');
BC_DeleteSvc('oseSpoolerccISPwdSvcDcomLaunch');
BC_DeleteSvc('oseSpooler');
BC_DeleteSvc('oseMDMHTTPFilter');
BC_DeleteSvc('oseMDM');
BC_DeleteSvc('NtmsSvc Core LC');
BC_DeleteSvc('NtLmSspNSCService');
BC_DeleteSvc('NSCServiceUMWdfWmdmPmSNTrkWks');
BC_DeleteSvc('NSCServiceUMWdfWmdmPmSN');
BC_DeleteSvc('NSCServiceUMWdfCiSvcdmadminERSvcLmHostsBITS');
BC_DeleteSvc('NSCServiceUMWdf');
BC_DeleteSvc('NSCServiceSysmonLogWebClientProtectedStorageRasManBITSNtmsSvcSENS');
BC_DeleteSvc('NSCServiceSysmonLogWebClientProtectedStorageRasManBITSNtmsSvc');
BC_DeleteSvc('NSCServiceNetmanShellHWDetectionW32Time');
BC_DeleteSvc('NSCServiceHidServmnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchService');
BC_DeleteSvc('NSCServiceHidServ');
BC_DeleteSvc('NlaSPBBCSvc');
BC_DeleteSvc('NlaIrmonW32Time');
BC_DeleteSvc('NlaIrmon');
BC_DeleteSvc('NetmanShellHWDetectionW32TimeRSVPHidServ');
BC_DeleteSvc('NetmanShellHWDetectionW32TimeRSVP');
BC_DeleteSvc('NetmanShellHWDetectionW32Time');
BC_DeleteSvc('NetlogondmserverHTTPFilterNSCServiceHidServ');
BC_DeleteSvc('NetlogondmadminERSvcsrservicelanmanworkstation');
BC_DeleteSvc('NetDDELightScribeServiceWmiApSrv');
BC_DeleteSvc('NetDDElanmanworkstationSAVScanNlaIrmonNetDDELightScribeServiceWmiApSrv');
BC_DeleteSvc('NetDDElanmanworkstationSAVScanNlaIrmon');
BC_DeleteSvc('NetDDElanmanworkstationSAVScan Core LC');
BC_DeleteSvc('NetDDElanmanworkstationSAVScan');
BC_DeleteSvc('NetDDEdsdmVSSDnscacheSysmonLog');
BC_DeleteSvc('NetDDEcomHostSysmonLogVSS');
BC_DeleteSvc('NetDDEcomHost');
BC_DeleteSvc('NetDDEccISPwdSvcDnscacheSpooler');
BC_DeleteSvc('NetDDEccISPwdSvcDnscache');
BC_DeleteSvc('navapsvcCOMSysAppwuauservIrmon');
BC_DeleteSvc('MyWebSearchServiceSSDPSRVMessengerNla');
BC_DeleteSvc('MyWebSearchServiceSSDPSRVMessenger');
BC_DeleteSvc('MyWebSearchServiceSSDPSRV');
BC_DeleteSvc('MyWebSearchServiceSharedAccessShellHWDetectionW32Time');
BC_DeleteSvc('MyWebSearchServiceRpcSs Core LC');
BC_DeleteSvc('MyWebSearchServiceRpcSs');
BC_DeleteSvc('MyWebSearchServiceclr_optimization_v2.0.50727_32dmadminERSvcsrservicelanmanworkstation');
BC_DeleteSvc('MyWebSearchService');
BC_DeleteSvc('MSIServer HotKey Poller');
BC_DeleteSvc('mnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceWmiApSrv');
BC_DeleteSvc('mnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceThemes');
BC_DeleteSvc('mnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceSSDPSRV');
BC_DeleteSvc('mnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchService');
BC_DeleteSvc('mnmsrvcVSSSAVScanRSVPImapiServiceMessengerSPBBCSvcImapiService');
BC_DeleteSvc('mnmsrvcVSSSAVScanRSVPImapiService');
BC_DeleteSvc('mnmsrvcVSSSAVScanBrowserstisvcstisvcnavapsvcdmadminERSvcLmHosts');
BC_DeleteSvc('mnmsrvcVSSSAVScanBrowserstisvcstisvcnavapsvcdmadmin');
BC_DeleteSvc('mnmsrvcVSSSAVScanBrowserstisvcstisvcnavapsvc');
BC_DeleteSvc('mnmsrvcVSSSAVScanALGWLSetupSvcSAVScan');
BC_DeleteSvc('mnmsrvcVSSSAVScanALGMDMCOMSysAppwuauservWmiApSrvseclogon');
BC_DeleteSvc('mnmsrvcVSSSAVScanALGdmadmin');
BC_DeleteSvc('mnmsrvcVSSSAVScanALG');
BC_DeleteSvc('mnmsrvcVSSSAVScan');
BC_DeleteSvc('mnmsrvcVSS');
BC_DeleteSvc('MessengerUMWdf');
BC_DeleteSvc('MessengerSPBBCSvcImapiServiceSysmonLogVSS');
BC_DeleteSvc('MessengerSPBBCSvcImapiServiceSAVScanRDSessMgr');
BC_DeleteSvc('MessengerSPBBCSvcImapiServicelanmanserverBrowser');
BC_DeleteSvc('MessengerSPBBCSvcImapiService');
BC_DeleteSvc('MDMwscsvcRasMan');
BC_DeleteSvc('MDMwscsvc');
BC_DeleteSvc('MDMCOMSysAppwuauservwuauservSwPrvdmadmin');
BC_DeleteSvc('MDMCOMSysAppwuauservwuauserv');
BC_DeleteSvc('MDMCOMSysAppwuauservWmiApSrvseclogonNetmanShellHWDetectionW32TimeRSVPHidServ');
BC_DeleteSvc('MDMCOMSysAppwuauservWmiApSrvseclogonHTTPFilterNSCServiceHidServVSSDnscacheSysmonLog');
BC_DeleteSvc('MDMCOMSysAppwuauservWmiApSrvseclogonHTTPFilterNSCServiceHidServ');
BC_DeleteSvc('MDMCOMSysAppwuauservWmiApSrvseclogon');
BC_DeleteSvc('MDMCOMSysAppwuauserv');
BC_DeleteSvc('LightScribeServiceWmiApSrv');
BC_DeleteSvc('LightScribeServiceSwPrvSharedAccessccProxyMyWebSearchService');
BC_DeleteSvc('LightScribeServiceSwPrvSharedAccessccProxy');
BC_DeleteSvc('LightScribeServiceSwPrvSharedAccess');
BC_DeleteSvc('LightScribeServiceSwPrvLightScribeServiceNtmsSvc');
BC_DeleteSvc('LightScribeServiceSwPrv');
BC_DeleteSvc('LightScribeServiceNtmsSvcccISPwdSvcDcomLaunchNSCServiceHidServ');
BC_DeleteSvc('LightScribeServiceNtmsSvcccISPwdSvcDcomLaunch');
BC_DeleteSvc('LightScribeServiceNtmsSvcBITSNtmsSvcSysmonLogWebClientdmserverTrkWks');
BC_DeleteSvc('LightScribeServiceNtmsSvcBITSNtmsSvc');
BC_DeleteSvc('LightScribeServiceNtmsSvc');
BC_DeleteSvc('LightScribeServiceNetDDE');
BC_DeleteSvc('lanmanworkstationSAVScanccISPwdSvcProtectedStorageWZCSVC');
BC_DeleteSvc('lanmanworkstationSAVScan');
BC_DeleteSvc('lanmanserverCryptSvc');
BC_DeleteSvc('lanmanserverBrowser');
BC_DeleteSvc('HTTPFilterNSCServiceHidServLightScribeServiceNtmsSvcRpcSsCryptSvc');
BC_DeleteSvc('HTTPFilterNSCServiceHidServLightScribeServiceNtmsSvc');
BC_DeleteSvc('HTTPFilterNSCServiceHidServ');
BC_DeleteSvc('HidServAlerter');
BC_DeleteSvc('FastUserSwitchingCompatibilityLightScribeServiceWmiApSrv');
BC_DeleteSvc('EventlogRDSessMgr');
BC_DeleteSvc('EventlogEventlogProtectedStorage');
BC_DeleteSvc('EventlogEventlog');
BC_DeleteSvc('DnscacheSysmonLogupnphostdmserverTrkWksdmserverTrkWks');
BC_DeleteSvc('DnscacheSysmonLog');
BC_DeleteSvc('DnscacheRpcSs');
BC_DeleteSvc('dmserverTrkWksThemes');
BC_DeleteSvc('dmserverTrkWksdmserverTrkWks Core LC');
BC_DeleteSvc('dmserverTrkWksdmserverTrkWks');
BC_DeleteSvc('dmserverTrkWks');
BC_DeleteSvc('dmserverHTTPFilterNSCServiceHidServ');
BC_DeleteSvc('dmserverdmserverTrkWksdmserverTrkWksCOMSysAppwuauservIrmonNetman');
BC_DeleteSvc('dmserverdmserverTrkWksdmserverTrkWksCOMSysAppwuauservIrmonMessengerUMWdf');
BC_DeleteSvc('dmserverdmserverTrkWksdmserverTrkWksCOMSysAppwuauservIrmonAppMgmtmnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceSSDPSRV');
BC_DeleteSvc('dmserverdmserverTrkWksdmserverTrkWksCOMSysAppwuauservIrmon');
BC_DeleteSvc('dmserverdmserverTrkWksdmserverTrkWks');
BC_DeleteSvc('dmadminSPBBCSvc');
BC_DeleteSvc('dmadminERSvcsrservicelanmanworkstationIrmon');
BC_DeleteSvc('dmadminERSvcsrservicelanmanworkstation');
BC_DeleteSvc('dmadminERSvcseclogon');
BC_DeleteSvc('dmadminERSvcLmHostsWebClient');
BC_DeleteSvc('dmadminERSvcLmHostsBITSNlaIrmon');
BC_DeleteSvc('dmadminERSvcLmHostsBITSNla');
BC_DeleteSvc('dmadminERSvcLmHostsBITS');
BC_DeleteSvc('dmadminERSvcLmHosts');
BC_DeleteSvc('dmadminERSvc');
BC_DeleteSvc('DhcpTapiSrvNSCServiceNetmanShellHWDetectionW32TimeSysmonLogWebClientProtectedStorage');
BC_DeleteSvc('DhcpTapiSrvNSCServiceNetmanShellHWDetectionW32Time');
BC_DeleteSvc('DhcpTapiSrvLightScribeServiceSwPrvLightScribeServiceNtmsSvcmnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceWmiApSrv');
BC_DeleteSvc('DhcpTapiSrvLightScribeServiceSwPrvLightScribeServiceNtmsSvc');
BC_DeleteSvc('DhcpTapiSrv');
BC_DeleteSvc('DhcpSysmonLogVSSTapiSrv');
BC_DeleteSvc('DhcpSysmonLogVSSNtLmSspAppMgmtmnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceSSDPSRV');
BC_DeleteSvc('DhcpSysmonLogVSSNtLmSsp');
BC_DeleteSvc('DhcpSysmonLogVSSdmserverTrkWksLightScribeServiceSwPrvSharedAccessccProxyMyWebSearchService');
BC_DeleteSvc('DhcpSysmonLogVSSdmserverTrkWks');
BC_DeleteSvc('DhcpSysmonLogVSS');
BC_DeleteSvc('DhcpdmserverTrkWks');
BC_DeleteSvc('DcomLaunchRemoteAccessRpcSsRasAuto');
BC_DeleteSvc('DcomLaunchRemoteAccessRpcSsAppMgmtmnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceSSDPSRV');
BC_DeleteSvc('DcomLaunchRemoteAccessRpcSs');
BC_DeleteSvc('COMSysAppwuauservTrkWksThemes');
BC_DeleteSvc('COMSysAppwuauservIrmon');
BC_DeleteSvc('COMSysAppwuauserv');
BC_DeleteSvc('COMSysAppAtiIrmon');
BC_DeleteSvc('COMSysAppALGWmdmPmSNdmadminSPBBCSvc');
BC_DeleteSvc('COMSysAppALGWmdmPmSN');
BC_DeleteSvc('comHostWmiApSrvseclogonRemoteAccessALGWmdmPmSNWmiApSrv');
BC_DeleteSvc('comHostWmiApSrvseclogondmserverdmserverTrkWksdmserverTrkWksCOMSysAppwuauservIrmonNetman');
BC_DeleteSvc('comHostWmiApSrvseclogon');
BC_DeleteSvc('comHostALGWmdmPmSN');
BC_DeleteSvc('clr_optimization_v2.0.50727_32dmadminERSvcsrservicelanmanworkstation');
BC_DeleteSvc('CiSvcdmadminERSvcLmHostsBITS');
BC_DeleteSvc('ccSetMgrSSDPSRV');
BC_DeleteSvc('ccISPwdSvcProtectedStorageWZCSVC');
BC_DeleteSvc('ccISPwdSvcDnscacheRemoteAccessRpcSsmnmsrvcVSSSAVScanALG');
BC_DeleteSvc('ccISPwdSvcDnscacheccEvtMgr');
BC_DeleteSvc('ccISPwdSvcDnscacheAlerter');
BC_DeleteSvc('ccISPwdSvcDnscache');
BC_DeleteSvc('ccISPwdSvcDcomLaunchPolicyAgent');
BC_DeleteSvc('ccISPwdSvcDcomLaunchHidServBrowserstisvcstisvcnavapsvc');
BC_DeleteSvc('ccISPwdSvcDcomLaunchHidServ');
BC_DeleteSvc('ccISPwdSvcDcomLaunch');
BC_DeleteSvc('Browserstisvcstisvcnavapsvc');
BC_DeleteSvc('BrowserRasManBITSNtmsSvcdmadminERSvcLmHostsxmlprovCOMSysAppwuauservIrmonTrkWksThemesCiSvc');
BC_DeleteSvc('BrowserRasManBITSNtmsSvcdmadminERSvcLmHosts');
BC_DeleteSvc('BITSNtmsSvcProtectedStorageWZCSVC');
BC_DeleteSvc('BITSNtmsSvcmnmsrvcVSSSAVScanRSVPImapiServiceccProxy');
BC_DeleteSvc('BITSNtmsSvcmnmsrvcVSSSAVScanRSVPImapiService');
BC_DeleteSvc('BITSNtmsSvc');
BC_DeleteSvc('AudioSrvMyWebSearchServiceRpcSsNetDDEdsdmVSSDnscacheSysmonLog');
BC_DeleteSvc('AudioSrvMyWebSearchServiceRpcSs');
BC_DeleteSvc('AudioSrvClipSrv');
BC_DeleteSvc('AtiSSDPSRVMyWebSearchService');
BC_DeleteSvc('AtimnmsrvcSSDPSRVRasManSSDPSRVMyWebSearchService');
BC_DeleteSvc('AtimnmsrvcSSDPSRVLightScribeServiceNtmsSvc');
BC_DeleteSvc('AtimnmsrvcSSDPSRV');
BC_DeleteSvc('AtimnmsrvcLightScribeServiceNtmsSvcBITSNtmsSvc');
BC_DeleteSvc('Atimnmsrvc');
BC_DeleteSvc('AtiIrmonRemoteAccessALGWmdmPmSN');
BC_DeleteSvc('AtiIrmonLightScribeServiceSwPrvSharedAccess');
BC_DeleteSvc('AtiIrmon');
BC_DeleteSvc('AtiClipSrv');
BC_DeleteSvc('aspnet_stateClipSrv');
BC_DeleteSvc('AppMgmtmnmsrvcVSSSAVScanRSVPImapiServiceMyWebSearchServiceSSDPSRV');
BC_DeleteSvc('ALGWmdmPmSN');
BC_DeleteSvc('ALGRasManBITSNtmsSvcdmadminERSvcLmHosts');
BC_DeleteSvc('ALGmnmsrvcNetmanShellHWDetectionW32TimeRSVP');
BC_DeleteSvc('ALGmnmsrvc');
BC_DeleteSvc('ALGEventlogEventlogProtectedStorage');
BC_Activate;
ExecuteRepair(13);
ExecuteRepair(20);
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи + лог http://virusinfo.info/showpost.php?p=493610&postcount=1
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 52
Повторное сканирование (до получения инструкции thyrex) с LiveCD утилитой от Касперского со свежей базой дало след.
Удалено: Packed.Win32.Krap.gx C:\Documents and Settings\All Users\systems.exe
Удалено: Packed.Win32.Krap.gx C:\Documents and Settings\Tamara\Local Settings\Temporary Internet Files\Content.IE5\S927W5UF\n002101807r0019R50bb789 7X9da0fef1Yd64755fdZ01000f98316P000000070[1]
что решило проблему банера
после был успешно выполнен скрипт от thyrex
после перезагрузки повторное AVZ /почему-то в логах нет
virusinfo_syscheck.zip/
-
1. Обновите базы AVZ и переделайте логи
2. Где результат выполнения?
Сообщение от
thyrex
3. Лог HiJack сделайте
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 52
Почему при выполнить Скрипт лечения/карантина и сбора информации для раздела "Помогите!" не сохраняется virusinfo_syscheck.zip?
-
Сообщение от
yoksimaw
Почему при выполнить Скрипт лечения/карантина и сбора информации для раздела "Помогите!" не сохраняется virusinfo_syscheck.zip?
Потому что он сохраняется при выполнении скрипта №2, а не №3. Читать нужно внимательно.
Меньше слов - больше дела
Если Вы отказываетесь выполнять указания хелперов, или делаете все по-своему, не удивляйтесь тому, что Ваша тема может быть закрыта.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Итог лечения
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 15
- В ходе лечения обнаружены вредоносные программы:
- \\?\globalroot\systemroot\system32\lxsnr6r.exe - Trojan.Win32.Inject.aqff ( DrWEB: Trojan.DownLoad.64043 )
-