Пожалуйста, проверьте логи

**AshWilliams** · 26.06.2010, 15:34

Несколько дней назад перестали открываться сайты антивирусов. Dr.Web CureIt нашёл зловредов и удалил их, но чтобы полностью удостовериться, что всё в порядке, прошу специалистов проверить логи. Заранее спасибо.

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**AndreyKa** · 26.06.2010, 19:02

Закройте все программы. Запустите AVZ. Выполните скрипт через меню Файл:

Код:

begin
 SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati2otxx.sys','');
 RegKeyStrParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'UserInit',
GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,');
QuarantineFile('\\?\globalroot\systemroot\system32\9n1ve3B.exe','');
DeleteFile('\\?\globalroot\systemroot\system32\9n1ve3B.exe');
QuarantineFile('\\?\globalroot\systemroot\system32\o9oAnId.exe','');
DeleteFile('\\?\globalroot\systemroot\system32\o9oAnId.exe');
QuarantineFile('\\?\globalroot\systemroot\system32\iRDOt2S.exe','');
DeleteFile('\\?\globalroot\systemroot\system32\iRDOt2S.exe');
 QuarantineFile('C:\Program Files\Common Files\SysAware Soft\svhost.exe','');
 DeleteService('ati0bhxx');
 DeleteService('ati0ekxx');
 DeleteService('ati0gmxx');
 DeleteService('ati0hnxx');
 DeleteService('ati0ioxx');
 DeleteService('ati0kqxx');
 DeleteService('ati0msxx');
 DeleteService('ati0ntxx');
 DeleteService('ati0ouxx');
 DeleteService('ati0qvxx');
 DeleteService('ati0qwxx');
 DeleteService('ati0rwxx');
 DeleteService('ati0rxxx');
 DeleteService('ati0syxx');
 DeleteService('ati0tyxx');
 DeleteService('ati0xexx');
 DeleteService('ati0yfxx');
 DeleteService('ati1afxx');
 DeleteService('ati1bhxx');
 DeleteService('ati1cixx');
 DeleteService('ati1fkxx');
 DeleteService('ati1flxx');
 DeleteService('ati1hnxx');
 DeleteService('ati1ioxx');
 DeleteService('ati1kqxx');
 DeleteService('ati1ntxx');
 DeleteService('ati1puxx');
 DeleteService('ati1taxx');
 DeleteService('ati1ubxx');
 DeleteService('ati1vcxx');
 DeleteService('ati2dixx');
 DeleteService('ati2ejxx');
 DeleteService('ati2gmxx');
 DeleteService('ati2hmxx');
 DeleteService('ati2msxx');
 DeleteService('ati2otxx');
 DeleteService('ati2puxx');
 DeleteService('ati2qwxx');
 DeleteService('ati2ubxx');
 DeleteService('ati2vcxx');
 DeleteService('ati2wdxx');
 DeleteService('ati2xexx');
 DeleteService('ati2yfxx');
 DeleteService('ati3dixx');
 DeleteService('ati3hmxx');
 DeleteService('ati3hnxx');
 DeleteService('ati3inxx');
 DeleteService('ati3ioxx');
 DeleteService('ati3joxx');
 DeleteService('ati3kqxx');
 DeleteService('ati3nsxx');
 DeleteService('ati3ntxx');
 DeleteService('ati3otxx');
 DeleteService('ati3rwxx');
 DeleteService('ati3rxxx');
 DeleteService('ati3sxxx');
 DeleteService('ati3uaxx');
 DeleteService('ati3wdxx');
 DeleteService('ati3xexx');
 DeleteService('ati3yexx');
 DeleteService('ati4agxx');
 DeleteService('ati4bgxx');
 DeleteService('ati4dixx');
 DeleteService('ati4ejxx');
 DeleteService('ati4fkxx');
 DeleteService('ati4flxx');
 DeleteService('ati4glxx');
 DeleteService('ati4gmxx');
 DeleteService('ati4hnxx');
 DeleteService('ati4inxx');
 DeleteService('ati4pvxx');
 DeleteService('ati4qwxx');
 DeleteService('ati4rwxx');
 DeleteService('ati4sxxx');
 DeleteService('ati4syxx');
 DeleteService('ati4tyxx');
 DeleteService('ati4ubxx');
 DeleteService('ati4wdxx');
 DeleteService('ati5afxx');
 DeleteService('ati5cixx');
 DeleteService('ati5fkxx');
 DeleteService('ati5gmxx');
 DeleteService('ati5hbxx');
 DeleteService('ati5jpxx');
 DeleteService('ati5kqxx');
 DeleteService('ati5lqxx');
 DeleteService('ati5puxx');
 DeleteService('ati5qwxx');
 DeleteService('ati5vbxx');
 DeleteService('ati5vcxx');
 DeleteService('ati5wcxx');
 DeleteService('ati5wdxx');
 DeleteService('ati5xdxx');
 DeleteService('ati5xexx');
 DeleteService('ati6agxx');
 DeleteService('ati6bgxx');
 DeleteService('ati6bhxx');
 DeleteService('ati6hmxx');
 DeleteService('ati6hnxx');
 DeleteService('ati6lrxx');
 DeleteService('ati6msxx');
 DeleteService('ati6nsxx');
 DeleteService('ati6ntxx');
 DeleteService('ati6syxx');
 DeleteService('ati6ubxx');
 DeleteService('ati6vbxx');
 DeleteService('ati6wdxx');
 DeleteService('ati6xexx');
 DeleteService('ati7agxx');
 DeleteService('ati7djxx');
 DeleteService('ati7flxx');
 DeleteService('ati7glxx');
 DeleteService('ati7hmxx');
 DeleteService('ati7inxx');
 DeleteService('ati7ioxx');
 DeleteService('ati7kqxx');
 DeleteService('ati7lqxx');
 DeleteService('ati7vcxx');
 DeleteService('ati8bgxx');
 DeleteService('ati8fkxx');
 DeleteService('ati8gmxx');
 DeleteService('ati8hdxx');
 DeleteService('ati8hmxx');
 DeleteService('ati8hnxx');
 DeleteService('ati8jpxx');
 DeleteService('ati8lrxx');
 DeleteService('ati8ntxx');
 DeleteService('ati8ouxx');
 DeleteService('ati8rxxx');
 DeleteService('ati8sxxx');
 DeleteService('ati8taxx');
 DeleteService('ati8ubxx');
 DeleteService('ati8xdxx');
 DeleteService('ati8xexx');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati0hnxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati0gmxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati0ekxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati0bhxx.sys','');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati0bhxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati0ekxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati0gmxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati0hnxx.sys');
 DeleteFile('C:\Program Files\Common Files\SysAware Soft\svhost.exe');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run-','Shell');
 BC_ImportDeletedList;
 ExecuteSysClean;
 BC_Activate; 
RebootWindows(true);
end.

Компьютер перезагрузится.
Пришлите файлы из карантина AVZ (см. приложение 3 Правил), используя ссылку Прислать запрошенный карантин, вверху этой темы.

Сделайте новый лог из пункта 2 Диагностики (virusinfo_syscheck.zip) и приложите к этой теме.

**AshWilliams** · 26.06.2010, 21:53

Карантин отправил.

**AndreyKa** · 26.06.2010, 22:27

Закройте все программы. Запустите AVZ. Выполните скрипт через меню Файл:

Код:

begin
 SetAVZGuardStatus(True);
 DeleteFile(GetAVZDirectory+'log\virusinfo_cure.zip');
 DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
 BC_DeleteSvc('ati0bhxx');
 BC_DeleteSvc('ati0ekxx');
 BC_DeleteSvc('ati0gmxx');
 BC_DeleteSvc('ati0hnxx');
 BC_DeleteSvc('ati0ioxx');
 BC_DeleteSvc('ati0kqxx');
 BC_DeleteSvc('ati0msxx');
 BC_DeleteSvc('ati0ntxx');
 BC_DeleteSvc('ati0ouxx');
 BC_DeleteSvc('ati0qvxx');
 BC_DeleteSvc('ati0qwxx');
 BC_DeleteSvc('ati0rwxx');
 BC_DeleteSvc('ati0rxxx');
 BC_DeleteSvc('ati0syxx');
 BC_DeleteSvc('ati0tyxx');
 BC_DeleteSvc('ati0xexx');
 BC_DeleteSvc('ati0yfxx');
 BC_DeleteSvc('ati1afxx');
 BC_DeleteSvc('ati1bhxx');
 BC_DeleteSvc('ati1cixx');
 BC_DeleteSvc('ati1fkxx');
 BC_DeleteSvc('ati1flxx');
 BC_DeleteSvc('ati1hnxx');
 BC_DeleteSvc('ati1ioxx');
 BC_DeleteSvc('ati1kqxx');
 BC_DeleteSvc('ati1ntxx');
 BC_DeleteSvc('ati1puxx');
 BC_DeleteSvc('ati1taxx');
 BC_DeleteSvc('ati1ubxx');
 BC_DeleteSvc('ati1vcxx');
 BC_DeleteSvc('ati2dixx');
 BC_DeleteSvc('ati2ejxx');
 BC_DeleteSvc('ati2gmxx');
 BC_DeleteSvc('ati2hmxx');
 BC_DeleteSvc('ati2msxx');
 BC_DeleteSvc('ati2otxx');
 BC_DeleteSvc('ati2puxx');
 BC_DeleteSvc('ati2qwxx');
 BC_DeleteSvc('ati2ubxx');
 BC_DeleteSvc('ati2vcxx');
 BC_DeleteSvc('ati2wdxx');
 BC_DeleteSvc('ati2xexx');
 BC_DeleteSvc('ati2yfxx');
 BC_DeleteSvc('ati3dixx');
 BC_DeleteSvc('ati3hmxx');
 BC_DeleteSvc('ati3hnxx');
 BC_DeleteSvc('ati3inxx');
 BC_DeleteSvc('ati3ioxx');
 BC_DeleteSvc('ati3joxx');
 BC_DeleteSvc('ati3kqxx');
 BC_DeleteSvc('ati3nsxx');
 BC_DeleteSvc('ati3ntxx');
 BC_DeleteSvc('ati3otxx');
 BC_DeleteSvc('ati3rwxx');
 BC_DeleteSvc('ati3rxxx');
 BC_DeleteSvc('ati3sxxx');
 BC_DeleteSvc('ati3uaxx');
 BC_DeleteSvc('ati3wdxx');
 BC_DeleteSvc('ati3xexx');
 BC_DeleteSvc('ati3yexx');
 BC_DeleteSvc('ati4agxx');
 BC_DeleteSvc('ati4bgxx');
 BC_DeleteSvc('ati4dixx');
 BC_DeleteSvc('ati4ejxx');
 BC_DeleteSvc('ati4fkxx');
 BC_DeleteSvc('ati4flxx');
 BC_DeleteSvc('ati4glxx');
 BC_DeleteSvc('ati4gmxx');
 BC_DeleteSvc('ati4hnxx');
 BC_DeleteSvc('ati4inxx');
 BC_DeleteSvc('ati4pvxx');
 BC_DeleteSvc('ati4qwxx');
 BC_DeleteSvc('ati4rwxx');
 BC_DeleteSvc('ati4sxxx');
 BC_DeleteSvc('ati4syxx');
 BC_DeleteSvc('ati4tyxx');
 BC_DeleteSvc('ati4ubxx');
 BC_DeleteSvc('ati4wdxx');
 BC_DeleteSvc('ati5afxx');
 BC_DeleteSvc('ati5cixx');
 BC_DeleteSvc('ati5fkxx');
 BC_DeleteSvc('ati5gmxx');
 BC_DeleteSvc('ati5hbxx');
 BC_DeleteSvc('ati5jpxx');
 BC_DeleteSvc('ati5kqxx');
 BC_DeleteSvc('ati5lqxx');
 BC_DeleteSvc('ati5puxx');
 BC_DeleteSvc('ati5qwxx');
 BC_DeleteSvc('ati5vbxx');
 BC_DeleteSvc('ati5vcxx');
 BC_DeleteSvc('ati5wcxx');
 BC_DeleteSvc('ati5wdxx');
 BC_DeleteSvc('ati5xdxx');
 BC_DeleteSvc('ati5xexx');
 BC_DeleteSvc('ati6agxx');
 BC_DeleteSvc('ati6bgxx');
 BC_DeleteSvc('ati6bhxx');
 BC_DeleteSvc('ati6hmxx');
 BC_DeleteSvc('ati6hnxx');
 BC_DeleteSvc('ati6lrxx');
 BC_DeleteSvc('ati6msxx');
 BC_DeleteSvc('ati6nsxx');
 BC_DeleteSvc('ati6ntxx');
 BC_DeleteSvc('ati6syxx');
 BC_DeleteSvc('ati6ubxx');
 BC_DeleteSvc('ati6vbxx');
 BC_DeleteSvc('ati6wdxx');
 BC_DeleteSvc('ati6xexx');
 BC_DeleteSvc('ati7agxx');
 BC_DeleteSvc('ati7djxx');
 BC_DeleteSvc('ati7flxx');
 BC_DeleteSvc('ati7glxx');
 BC_DeleteSvc('ati7hmxx');
 BC_DeleteSvc('ati7inxx');
 BC_DeleteSvc('ati7ioxx');
 BC_DeleteSvc('ati7kqxx');
 BC_DeleteSvc('ati7lqxx');
 BC_DeleteSvc('ati7vcxx');
 BC_DeleteSvc('ati8bgxx');
 BC_DeleteSvc('ati8fkxx');
 BC_DeleteSvc('ati8gmxx');
 BC_DeleteSvc('ati8hdxx');
 BC_DeleteSvc('ati8hmxx');
 BC_DeleteSvc('ati8hnxx');
 BC_DeleteSvc('ati8jpxx');
 BC_DeleteSvc('ati8lrxx');
 BC_DeleteSvc('ati8ntxx');
 BC_DeleteSvc('ati8ouxx');
 BC_DeleteSvc('ati8rxxx');
 BC_DeleteSvc('ati8sxxx');
 BC_DeleteSvc('ati8taxx');
 BC_DeleteSvc('ati8ubxx');
 BC_DeleteSvc('ati8xdxx');
 BC_DeleteSvc('ati8xexx');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati2otxx.sys');
 BC_ImportDeletedList;
 BC_Activate; 
RebootWindows(true);
end.

Компьютер перезагрузится.

Сделайте новый лог из пункта 2 Диагностики (virusinfo_syscheck.zip) и приложите к этой теме.