Несколько дней назад перестали открываться сайты антивирусов. Dr.Web CureIt нашёл зловредов и удалил их, но чтобы полностью удостовериться, что всё в порядке, прошу специалистов проверить логи. Заранее спасибо.
Несколько дней назад перестали открываться сайты антивирусов. Dr.Web CureIt нашёл зловредов и удалил их, но чтобы полностью удостовериться, что всё в порядке, прошу специалистов проверить логи. Заранее спасибо.
Закройте все программы. Запустите AVZ. Выполните скрипт через меню Файл:
Компьютер перезагрузится.Код:begin SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\System32\Drivers\ati2otxx.sys',''); RegKeyStrParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,'); QuarantineFile('\\?\globalroot\systemroot\system32\9n1ve3B.exe',''); DeleteFile('\\?\globalroot\systemroot\system32\9n1ve3B.exe'); QuarantineFile('\\?\globalroot\systemroot\system32\o9oAnId.exe',''); DeleteFile('\\?\globalroot\systemroot\system32\o9oAnId.exe'); QuarantineFile('\\?\globalroot\systemroot\system32\iRDOt2S.exe',''); DeleteFile('\\?\globalroot\systemroot\system32\iRDOt2S.exe'); QuarantineFile('C:\Program Files\Common Files\SysAware Soft\svhost.exe',''); DeleteService('ati0bhxx'); DeleteService('ati0ekxx'); DeleteService('ati0gmxx'); DeleteService('ati0hnxx'); DeleteService('ati0ioxx'); DeleteService('ati0kqxx'); DeleteService('ati0msxx'); DeleteService('ati0ntxx'); DeleteService('ati0ouxx'); DeleteService('ati0qvxx'); DeleteService('ati0qwxx'); DeleteService('ati0rwxx'); DeleteService('ati0rxxx'); DeleteService('ati0syxx'); DeleteService('ati0tyxx'); DeleteService('ati0xexx'); DeleteService('ati0yfxx'); DeleteService('ati1afxx'); DeleteService('ati1bhxx'); DeleteService('ati1cixx'); DeleteService('ati1fkxx'); DeleteService('ati1flxx'); DeleteService('ati1hnxx'); DeleteService('ati1ioxx'); DeleteService('ati1kqxx'); DeleteService('ati1ntxx'); DeleteService('ati1puxx'); DeleteService('ati1taxx'); DeleteService('ati1ubxx'); DeleteService('ati1vcxx'); DeleteService('ati2dixx'); DeleteService('ati2ejxx'); DeleteService('ati2gmxx'); DeleteService('ati2hmxx'); DeleteService('ati2msxx'); DeleteService('ati2otxx'); DeleteService('ati2puxx'); DeleteService('ati2qwxx'); DeleteService('ati2ubxx'); DeleteService('ati2vcxx'); DeleteService('ati2wdxx'); DeleteService('ati2xexx'); DeleteService('ati2yfxx'); DeleteService('ati3dixx'); DeleteService('ati3hmxx'); DeleteService('ati3hnxx'); DeleteService('ati3inxx'); DeleteService('ati3ioxx'); DeleteService('ati3joxx'); DeleteService('ati3kqxx'); DeleteService('ati3nsxx'); DeleteService('ati3ntxx'); DeleteService('ati3otxx'); DeleteService('ati3rwxx'); DeleteService('ati3rxxx'); DeleteService('ati3sxxx'); DeleteService('ati3uaxx'); DeleteService('ati3wdxx'); DeleteService('ati3xexx'); DeleteService('ati3yexx'); DeleteService('ati4agxx'); DeleteService('ati4bgxx'); DeleteService('ati4dixx'); DeleteService('ati4ejxx'); DeleteService('ati4fkxx'); DeleteService('ati4flxx'); DeleteService('ati4glxx'); DeleteService('ati4gmxx'); DeleteService('ati4hnxx'); DeleteService('ati4inxx'); DeleteService('ati4pvxx'); DeleteService('ati4qwxx'); DeleteService('ati4rwxx'); DeleteService('ati4sxxx'); DeleteService('ati4syxx'); DeleteService('ati4tyxx'); DeleteService('ati4ubxx'); DeleteService('ati4wdxx'); DeleteService('ati5afxx'); DeleteService('ati5cixx'); DeleteService('ati5fkxx'); DeleteService('ati5gmxx'); DeleteService('ati5hbxx'); DeleteService('ati5jpxx'); DeleteService('ati5kqxx'); DeleteService('ati5lqxx'); DeleteService('ati5puxx'); DeleteService('ati5qwxx'); DeleteService('ati5vbxx'); DeleteService('ati5vcxx'); DeleteService('ati5wcxx'); DeleteService('ati5wdxx'); DeleteService('ati5xdxx'); DeleteService('ati5xexx'); DeleteService('ati6agxx'); DeleteService('ati6bgxx'); DeleteService('ati6bhxx'); DeleteService('ati6hmxx'); DeleteService('ati6hnxx'); DeleteService('ati6lrxx'); DeleteService('ati6msxx'); DeleteService('ati6nsxx'); DeleteService('ati6ntxx'); DeleteService('ati6syxx'); DeleteService('ati6ubxx'); DeleteService('ati6vbxx'); DeleteService('ati6wdxx'); DeleteService('ati6xexx'); DeleteService('ati7agxx'); DeleteService('ati7djxx'); DeleteService('ati7flxx'); DeleteService('ati7glxx'); DeleteService('ati7hmxx'); DeleteService('ati7inxx'); DeleteService('ati7ioxx'); DeleteService('ati7kqxx'); DeleteService('ati7lqxx'); DeleteService('ati7vcxx'); DeleteService('ati8bgxx'); DeleteService('ati8fkxx'); DeleteService('ati8gmxx'); DeleteService('ati8hdxx'); DeleteService('ati8hmxx'); DeleteService('ati8hnxx'); DeleteService('ati8jpxx'); DeleteService('ati8lrxx'); DeleteService('ati8ntxx'); DeleteService('ati8ouxx'); DeleteService('ati8rxxx'); DeleteService('ati8sxxx'); DeleteService('ati8taxx'); DeleteService('ati8ubxx'); DeleteService('ati8xdxx'); DeleteService('ati8xexx'); QuarantineFile('C:\WINDOWS\System32\Drivers\ati0hnxx.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\ati0gmxx.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\ati0ekxx.sys',''); QuarantineFile('C:\WINDOWS\System32\Drivers\ati0bhxx.sys',''); DeleteFile('C:\WINDOWS\System32\Drivers\ati0bhxx.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\ati0ekxx.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\ati0gmxx.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\ati0hnxx.sys'); DeleteFile('C:\Program Files\Common Files\SysAware Soft\svhost.exe'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run-','Shell'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Пришлите файлы из карантина AVZ (см. приложение 3 Правил), используя ссылку Прислать запрошенный карантин, вверху этой темы.
Сделайте новый лог из пункта 2 Диагностики (virusinfo_syscheck.zip) и приложите к этой теме.
Последний раз редактировалось AndreyKa; 26.06.2010 в 19:35.
Карантин отправил.
Закройте все программы. Запустите AVZ. Выполните скрипт через меню Файл:
Компьютер перезагрузится.Код:begin SetAVZGuardStatus(True); DeleteFile(GetAVZDirectory+'log\virusinfo_cure.zip'); DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true); BC_DeleteSvc('ati0bhxx'); BC_DeleteSvc('ati0ekxx'); BC_DeleteSvc('ati0gmxx'); BC_DeleteSvc('ati0hnxx'); BC_DeleteSvc('ati0ioxx'); BC_DeleteSvc('ati0kqxx'); BC_DeleteSvc('ati0msxx'); BC_DeleteSvc('ati0ntxx'); BC_DeleteSvc('ati0ouxx'); BC_DeleteSvc('ati0qvxx'); BC_DeleteSvc('ati0qwxx'); BC_DeleteSvc('ati0rwxx'); BC_DeleteSvc('ati0rxxx'); BC_DeleteSvc('ati0syxx'); BC_DeleteSvc('ati0tyxx'); BC_DeleteSvc('ati0xexx'); BC_DeleteSvc('ati0yfxx'); BC_DeleteSvc('ati1afxx'); BC_DeleteSvc('ati1bhxx'); BC_DeleteSvc('ati1cixx'); BC_DeleteSvc('ati1fkxx'); BC_DeleteSvc('ati1flxx'); BC_DeleteSvc('ati1hnxx'); BC_DeleteSvc('ati1ioxx'); BC_DeleteSvc('ati1kqxx'); BC_DeleteSvc('ati1ntxx'); BC_DeleteSvc('ati1puxx'); BC_DeleteSvc('ati1taxx'); BC_DeleteSvc('ati1ubxx'); BC_DeleteSvc('ati1vcxx'); BC_DeleteSvc('ati2dixx'); BC_DeleteSvc('ati2ejxx'); BC_DeleteSvc('ati2gmxx'); BC_DeleteSvc('ati2hmxx'); BC_DeleteSvc('ati2msxx'); BC_DeleteSvc('ati2otxx'); BC_DeleteSvc('ati2puxx'); BC_DeleteSvc('ati2qwxx'); BC_DeleteSvc('ati2ubxx'); BC_DeleteSvc('ati2vcxx'); BC_DeleteSvc('ati2wdxx'); BC_DeleteSvc('ati2xexx'); BC_DeleteSvc('ati2yfxx'); BC_DeleteSvc('ati3dixx'); BC_DeleteSvc('ati3hmxx'); BC_DeleteSvc('ati3hnxx'); BC_DeleteSvc('ati3inxx'); BC_DeleteSvc('ati3ioxx'); BC_DeleteSvc('ati3joxx'); BC_DeleteSvc('ati3kqxx'); BC_DeleteSvc('ati3nsxx'); BC_DeleteSvc('ati3ntxx'); BC_DeleteSvc('ati3otxx'); BC_DeleteSvc('ati3rwxx'); BC_DeleteSvc('ati3rxxx'); BC_DeleteSvc('ati3sxxx'); BC_DeleteSvc('ati3uaxx'); BC_DeleteSvc('ati3wdxx'); BC_DeleteSvc('ati3xexx'); BC_DeleteSvc('ati3yexx'); BC_DeleteSvc('ati4agxx'); BC_DeleteSvc('ati4bgxx'); BC_DeleteSvc('ati4dixx'); BC_DeleteSvc('ati4ejxx'); BC_DeleteSvc('ati4fkxx'); BC_DeleteSvc('ati4flxx'); BC_DeleteSvc('ati4glxx'); BC_DeleteSvc('ati4gmxx'); BC_DeleteSvc('ati4hnxx'); BC_DeleteSvc('ati4inxx'); BC_DeleteSvc('ati4pvxx'); BC_DeleteSvc('ati4qwxx'); BC_DeleteSvc('ati4rwxx'); BC_DeleteSvc('ati4sxxx'); BC_DeleteSvc('ati4syxx'); BC_DeleteSvc('ati4tyxx'); BC_DeleteSvc('ati4ubxx'); BC_DeleteSvc('ati4wdxx'); BC_DeleteSvc('ati5afxx'); BC_DeleteSvc('ati5cixx'); BC_DeleteSvc('ati5fkxx'); BC_DeleteSvc('ati5gmxx'); BC_DeleteSvc('ati5hbxx'); BC_DeleteSvc('ati5jpxx'); BC_DeleteSvc('ati5kqxx'); BC_DeleteSvc('ati5lqxx'); BC_DeleteSvc('ati5puxx'); BC_DeleteSvc('ati5qwxx'); BC_DeleteSvc('ati5vbxx'); BC_DeleteSvc('ati5vcxx'); BC_DeleteSvc('ati5wcxx'); BC_DeleteSvc('ati5wdxx'); BC_DeleteSvc('ati5xdxx'); BC_DeleteSvc('ati5xexx'); BC_DeleteSvc('ati6agxx'); BC_DeleteSvc('ati6bgxx'); BC_DeleteSvc('ati6bhxx'); BC_DeleteSvc('ati6hmxx'); BC_DeleteSvc('ati6hnxx'); BC_DeleteSvc('ati6lrxx'); BC_DeleteSvc('ati6msxx'); BC_DeleteSvc('ati6nsxx'); BC_DeleteSvc('ati6ntxx'); BC_DeleteSvc('ati6syxx'); BC_DeleteSvc('ati6ubxx'); BC_DeleteSvc('ati6vbxx'); BC_DeleteSvc('ati6wdxx'); BC_DeleteSvc('ati6xexx'); BC_DeleteSvc('ati7agxx'); BC_DeleteSvc('ati7djxx'); BC_DeleteSvc('ati7flxx'); BC_DeleteSvc('ati7glxx'); BC_DeleteSvc('ati7hmxx'); BC_DeleteSvc('ati7inxx'); BC_DeleteSvc('ati7ioxx'); BC_DeleteSvc('ati7kqxx'); BC_DeleteSvc('ati7lqxx'); BC_DeleteSvc('ati7vcxx'); BC_DeleteSvc('ati8bgxx'); BC_DeleteSvc('ati8fkxx'); BC_DeleteSvc('ati8gmxx'); BC_DeleteSvc('ati8hdxx'); BC_DeleteSvc('ati8hmxx'); BC_DeleteSvc('ati8hnxx'); BC_DeleteSvc('ati8jpxx'); BC_DeleteSvc('ati8lrxx'); BC_DeleteSvc('ati8ntxx'); BC_DeleteSvc('ati8ouxx'); BC_DeleteSvc('ati8rxxx'); BC_DeleteSvc('ati8sxxx'); BC_DeleteSvc('ati8taxx'); BC_DeleteSvc('ati8ubxx'); BC_DeleteSvc('ati8xdxx'); BC_DeleteSvc('ati8xexx'); DeleteFile('C:\WINDOWS\System32\Drivers\ati2otxx.sys'); BC_ImportDeletedList; BC_Activate; RebootWindows(true); end.
Сделайте новый лог из пункта 2 Диагностики (virusinfo_syscheck.zip) и приложите к этой теме.
Вот
Теперь чисто. Проблема решена?
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 2
- В ходе лечения вредоносные программы в карантинах не обнаружены
Уважаемый(ая) AshWilliams, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.