День добрый. Просьба помочь вылечить ПК.
Nod32 нашел Win32/Kryptik.QW троян, JS/TrojanDonloader.HackLoad.AA.
Логи AVZ, hijackthis прилагаются.
Заранее огромное спасибо!
День добрый. Просьба помочь вылечить ПК.
Nod32 нашел Win32/Kryptik.QW троян, JS/TrojanDonloader.HackLoad.AA.
Логи AVZ, hijackthis прилагаются.
Заранее огромное спасибо!
Последний раз редактировалось forever; 24.11.2010 в 17:03.
Закройте все открытые приложения, кроме АVZ и Internet Explorer.
Отключите
- ПК от интернета/локалки
- Обязательно!!! Системное восстановление!!! как- посмотреть можно тут
- Выгрузите антивирус и/или Файрвол
- Закройте все программы
- Выполните скрипт в AVZ
После перезагрузки:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\sysrest.sys',''); DeleteService('sysrest.sys'); QuarantineFile('C:\WINDOWS\system32\adsnwd.exe',''); DeleteService('WZCSVCTapiSrvlanmanserverdmserver'); DeleteService('WZCSVCLmHostsSwPrvSysmonLogdmserveroseMessengermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler'); DeleteService('WZCSVCLmHostsSwPrvSysmonLog'); DeleteService('wuauservSamSs'); DeleteService('wuauservImapiServiceWebaltaControllerTrkWksTrkWks'); DeleteService('wuauservImapiService'); DeleteService('WmiVSSUPSNetman'); DeleteService('WmiVSSUPS'); DeleteService('WmiProtectedStorageHTTPFilterSwPrvSysmonLog'); DeleteService('WmiProtectedStorageHTTPFilter'); DeleteService('WmiProtectedStorage'); DeleteService('WmiApSrvSCardSvrHidServWmdmPmSNNetDDEdsdmWmdmPmSN'); DeleteService('WmiApSrvosedmserverhelpsvcMDM'); DeleteService('WmiApSrvAVPoseWmiProtectedStorage'); DeleteService('WmiApSrvAVPose'); DeleteService('WmdmPmSNImapiServiceMessengermnmsrvcwuauservstisvc'); DeleteService('WmdmPmSNImapiServiceMessengermnmsrvcwuauservoseAlerter'); DeleteService('winmgmtSSDPSRVSCardSvrHidServstisvc'); DeleteService('winmgmtSSDPSRV'); DeleteService('WebClientwinmgmtSysmonLog'); DeleteService('WebClientwinmgmtSamSsTapiSrvlanmanserver'); DeleteService('WebClientwinmgmtAlerterTlntSvrNlaEventSystemBrowser'); DeleteService('WebaltaControllerTrkWks'); DeleteService('WebaltaController'); DeleteService('W32TimeHidServwinmgmt'); DeleteService('W32TimeAudioSrvwscsvc'); DeleteService('W32TimeAudioSrvFastUserSwitchingCompatibilitySCardSvrHidServWmdmPmSNTapiSrvSharedAccess'); DeleteService('W32TimeAudioSrv'); DeleteService('VSSUPSVSSsrserviceosemnmsrvcwuauserv'); DeleteService('VSSUPS'); DeleteService('upnphostAudioSrvEventlogHTTPFilterwuauservTlntSvrNlaEventSystemBrowser'); DeleteService('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserverhelpsvcSharedAccessHTTPFilterBrowserMessenger'); DeleteService('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserver'); DeleteService('TlntSvrSCardSvrHidServThemes'); DeleteService('TlntSvrSCardSvrHidServRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc'); DeleteService('TlntSvrSCardSvrHidServLmHosts'); DeleteService('TlntSvrSCardSvrHidServ Web Scanner'); DeleteService('TlntSvrSCardSvrHidServ'); DeleteService('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSspMessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP'); DeleteService('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSsp'); DeleteService('TlntSvrRpcSsSharedAccessdmserverBITS'); DeleteService('TlntSvrRpcSsSharedAccess'); DeleteService('TlntSvrFastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ'); DeleteService('TapiSrvSharedAccess'); DeleteService('TapiSrvRpcSs'); DeleteService('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauservAtiRpcSsSharedAccess'); DeleteService('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv'); DeleteService('TapiSrvlanmanserverNetDDEdsdmWmdmPmSN'); DeleteService('TapiSrvlanmanserver'); DeleteService('TapiSrvDcomLaunchTlntSvrSCardSvrHidServLmHosts'); DeleteService('TapiSrvDcomLaunch'); DeleteService('SysmonLogSharedAccessWmiApSrvWmdmPmSN'); DeleteService('SysmonLogSharedAccessWmiApSrv'); DeleteService('SysmonLogSharedAccessWebClientwinmgmtAlerter'); DeleteService('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservTapiSrvlanmanserverdmserver'); DeleteService('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservAlerterProtectedStorageRemoteAccess'); DeleteService('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauserv'); DeleteService('SysmonLogSharedAccess'); DeleteService('SysmonLogmnmsrvcProtectedStorageRemoteAccess'); DeleteService('SysmonLogmnmsrvc'); DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPSoseAlerter'); DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPSAudioSrvEventlogVSSVSSUPSVSS'); DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPSAudioSrvEventlogVSS'); DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPS'); DeleteService('SwPrvSysmonLog'); DeleteService('SwPrvhelpsvcWmdmPmSN'); DeleteService('SwPrvhelpsvc'); DeleteService('StarWindServiceAE'); DeleteService('SSDPSRVWmiVSSUPS'); DeleteService('srserviceRasManHTTPFilterShellHWDetectionAVP'); DeleteService('SpoolerShellHWDetectionLmHostsosehelpsvc'); DeleteService('SpoolermnmsrvcwuauservwuauservSamSs'); DeleteService('SpoolermnmsrvcwuauservSwPrvAVPoseDhcpAVPSCardSvrHidServstisvc'); DeleteService('SpoolermnmsrvcwuauservSpoolerEventSystemNlaEventSystemFastUserSwitchingCompatibility'); DeleteService('Spoolermnmsrvcwuauserv'); DeleteService('SpoolerHTTPFilterShellHWDetectionAVPmnmsrvc'); DeleteService('SpoolerHTTPFilterShellHWDetectionAVPAdobemnmsrvc'); DeleteService('SpoolerHTTPFilterShellHWDetectionAVP'); DeleteService('SpoolerEventSystemNlaEventSystem'); DeleteService('Spooler Web Scanner'); DeleteService('ShellHWDetectionLmHostsoseWmiApSrv'); DeleteService('ShellHWDetectionLmHostsoseSwPrvSysmonLogSSDPSRVWmiVSSUPS'); DeleteService('ShellHWDetectionLmHostsose'); DeleteService('ShellHWDetectionHTTPFilterBrowserRasMan'); DeleteService('ShellHWDetectionHTTPFilterBrowser'); DeleteService('ShellHWDetectionAVP'); DeleteService('seclogonRemoteRegistrySharedAccess'); DeleteService('seclogonRemoteRegistry'); DeleteService('ScheduleUMWdfNetDDE'); DeleteService('ScheduleUMWdf'); DeleteService('ScheduleHidServSpooler'); DeleteService('SCardSvrHidServWmdmPmSNTapiSrvSharedAccess'); DeleteService('SCardSvrHidServWmdmPmSNNetDDEdsdmWmdmPmSN'); DeleteService('SCardSvrHidServstisvc'); DeleteService('SCardSvrHidServHidServ'); DeleteService('SCardSvrHidServ'); DeleteService('SCardSvrdmadmin'); DeleteService('SamSsWmiVSSUPS'); DeleteService('SamSsTapiSrvlanmanserver'); DeleteService('SamSsRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); DeleteService('SamSslanmanserver'); DeleteService('RpcSsSharedAccessThemes'); DeleteService('RpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS'); DeleteService('RpcSsSharedAccesslanmanworkstation'); DeleteService('RpcSsSharedAccessAudioSrvPolicyAgentupnphost'); DeleteService('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccessRpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS'); DeleteService('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccess'); DeleteService('RpcSsSharedAccess'); DeleteService('RpcLocatorHidServSpoolerMessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN'); DeleteService('RpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv'); DeleteService('RpcLocatorHidServSpooler'); DeleteService('RemoteRegistryosemnmsrvcwuauserv'); DeleteService('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc'); DeleteService('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); DeleteService('RemoteRegistryCOMSysApp'); DeleteService('RemoteAccessTapiSrvlanmanserverNetDDEdsdmWmdmPmSN'); DeleteService('RemoteAccessBITSW32TimeCryptSvcAppMgmt'); DeleteService('RDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); DeleteService('RDSessMgrmnmsrvcwuauservEventSystemNlaEventSystem'); DeleteService('RDSessMgrmnmsrvcwuauserv'); DeleteService('RasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler'); DeleteService('RasManHTTPFilterShellHWDetectionAVP'); DeleteService('RasMandmserverBITS'); DeleteService('RasManCryptSvcSCardSvrVSSUPS'); DeleteService('RasManCryptSvcSCardSvr'); DeleteService('RasManCryptSvcmnmsrvcwuauservNetlogon'); DeleteService('RasManCryptSvc'); DeleteService('RasMan HotKey Poller'); DeleteService('ProtectedStorageRemoteAccessNetlogonNtmsSvc LM Service'); DeleteService('ProtectedStorageRemoteAccessNetlogonNtmsSvc'); DeleteService('ProtectedStorageRemoteAccess'); DeleteService('ProtectedStorageERSvc'); DeleteService('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVP'); DeleteService('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); DeleteService('PolicyAgentHidServSpoolerAudioSrvEventlogHTTPFilterwuauserv'); DeleteService('PolicyAgentHidServSpooler'); DeleteService('PlugPlayHidServSpooler'); DeleteService('oseosedmserver'); DeleteService('osedmserverhelpsvcMDMDhcpAVPSCardSvrHidServstisvc'); DeleteService('osedmserverhelpsvcMDM'); DeleteService('osedmserverhelpsvc'); DeleteService('osedmserver'); DeleteService('NtmsSvcose'); DeleteService('NtLmSspShellHWDetectionAVPTapiSrvlanmanserverNetDDEdsdmWmdmPmSN'); DeleteService('NtLmSspShellHWDetectionAVP'); DeleteService('NtLmSsposemnmsrvcwuauservNlaEventSystemBITSWebClientwinmgmtSamSsTapiSrvlanmanserver'); DeleteService('NtLmSsposemnmsrvcwuauservNlaEventSystemBITS'); DeleteService('NtLmSsposemnmsrvcwuauserv'); DeleteService('NtLmSsp HotKey Poller'); DeleteService('NlaEventSystemBrowserPolicyAgent'); DeleteService('NlaEventSystemBrowser'); DeleteService('NlaEventSystemBITS'); DeleteService('NlaEventSystem'); DeleteService('NetlogonNtmsSvcSharedAccessHTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauserv'); DeleteService('NetlogonNtmsSvcSharedAccess'); DeleteService('NetlogonNtmsSvcRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler'); DeleteService('NetlogonNtmsSvc'); DeleteService('NetDDEdsdmWmdmPmSN'); DeleteService('NetDDEdsdmSpoolermnmsrvcwuauserv'); DeleteService('MSIServerSCardSvrdmadmin'); DeleteService('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSNetDDEdsdm'); DeleteService('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS'); DeleteService('MSDTCSSDPSRVWmiVSSUPS'); DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpRasMandmserverBITS'); DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpmnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter'); DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcp'); DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS'); DeleteService('mnmsrvcwuauservNetlogon'); DeleteService('mnmsrvcwuauservCryptSvcRasMandmserverBITS'); DeleteService('mnmsrvcwuauservCryptSvc'); DeleteService('mnmsrvcwuauserv'); DeleteService('mnmsrvcFastUserSwitchingCompatibilityUMWdfwuauservImapiService'); DeleteService('mnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter'); DeleteService('mnmsrvcFastUserSwitchingCompatibilityUMWdf'); DeleteService('mnmsrvcFastUserSwitchingCompatibilitySpoolermnmsrvcwuauservwuauservSamSs'); DeleteService('mnmsrvcFastUserSwitchingCompatibility'); DeleteService('MessengerRasMan'); DeleteService('MessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN'); DeleteService('MessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP'); DeleteService('MessengermnmsrvcwuauservMSIServer'); DeleteService('Messengermnmsrvcwuauserv'); DeleteService('MDMRasAutoSCardSvrHidServWmdmPmSNTapiSrvSharedAccess'); DeleteService('MDMRasAutoNetlogon'); DeleteService('MDMRasAuto'); DeleteService('LmHostsSwPrvSysmonLog'); DeleteService('LmHostsose'); DeleteService('lanmanworkstationRasManCryptSvcSCardSvr'); DeleteService('ImapiServiceMessengerRasManwinmgmtSSDPSRV'); DeleteService('ImapiServiceMessengerRasMan'); DeleteService('ImapiServiceMessengermnmsrvcwuauservTermService'); DeleteService('ImapiServiceMessengermnmsrvcwuauserv'); DeleteService('ImapiService LM Service'); DeleteService('HTTPFilterwuauservSamSs'); DeleteService('HTTPFilterWmiProtectedStorageHTTPFilter'); DeleteService('HTTPFilterVSSUPSVSSsrserviceosemnmsrvcwuauserv'); DeleteService('HTTPFilterShellHWDetectionAVPWmiVSSUPS'); DeleteService('HTTPFilterShellHWDetectionAVP'); DeleteService('HTTPFilterBrowserWebClientSchedule'); DeleteService('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauservsrservice'); DeleteService('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauserv'); DeleteService('HTTPFilterBrowserMessengerDnscacheWebaltaControllerTrkWksNetlogonNtmsSvcSharedAccess'); DeleteService('HTTPFilterBrowserMessengerDnscacheSENS'); DeleteService('HTTPFilterBrowserMessengerDnscacheFastUserSwitchingCompatibilityseclogon'); DeleteService('HTTPFilterBrowserMessengerDnscache'); DeleteService('HTTPFilterBrowser'); DeleteService('HidServSpoolerVSSUPSwuauservwuauservThemes'); DeleteService('HidServSpoolerVSSUPSwuauservThemesCryptSvc'); DeleteService('HidServSpoolerVSSUPSwuauservThemes'); DeleteService('HidServSpoolerVSSUPSwuauserv'); DeleteService('HidServSpoolerVSSUPS'); DeleteService('HidServSpoolerseclogon'); DeleteService('HidServSpoolerScheduleUMWdfdmserveroseMessengermnmsrvcwuauservwinmgmt'); DeleteService('HidServSpoolerScheduleUMWdf'); DeleteService('HidServSpoolerSchedule'); DeleteService('HidServSpoolermnmsrvcwuauservAVPoseTapiSrvlanmanserverdmserverdmadmin'); DeleteService('HidServSpoolermnmsrvcwuauserv'); DeleteService('HidServSpoolerCryptSvcTlntSvr'); DeleteService('HidServSpooler'); DeleteService('HidServ Web Scanner'); DeleteService('helpsvcSharedAccessProtectedStorageRemoteAccessEventlog'); DeleteService('helpsvcSharedAccessProtectedStorageRemoteAccess'); DeleteService('helpsvcSharedAccessHTTPFilterBrowserMessenger'); DeleteService('helpsvcSharedAccess'); DeleteService('FastUserSwitchingCompatibilitySpoolerHTTPFilterShellHWDetectionAVPhelpsvcSharedAccessProtectedStorageRemoteAccessEventlog'); DeleteService('FastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ'); DeleteService('FastUserSwitchingCompatibilityseclogon'); DeleteService('FastUserSwitchingCompatibilitySCardSvrHidServWmdmPmSNTapiSrvSharedAccess'); DeleteService('EventSystemNtLmSsp'); DeleteService('EventSystemNlaEventSystemSpoolerEventSystemNlaEventSystem'); DeleteService('EventSystemNlaEventSystemRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc'); DeleteService('EventSystemNlaEventSystemBITS'); DeleteService('EventSystemNlaEventSystem'); DeleteService('dmserveroseMessengermnmsrvcwuauservwinmgmt'); DeleteService('dmserveroseMessengermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler'); DeleteService('dmserveroseMessengermnmsrvcwuauservClipSrvNetlogon'); DeleteService('dmserveroseMessengermnmsrvcwuauserv'); DeleteService('dmserverBITSwuauservSamSswinmgmt'); DeleteService('dmserverBITSwuauservSamSs'); DeleteService('dmserverBITS'); DeleteService('dmadminmnmsrvc'); DeleteService('DhcpWebaltaControllerCiSvc'); DeleteService('DhcpWebaltaController'); DeleteService('DhcpAVPSCardSvrHidServstisvc'); DeleteService('DcomLaunchThemesAdobemnmsrvcwuauservSamSs'); DeleteService('DcomLaunchThemes'); DeleteService('DcomLaunchHidServSpoolerScheduleMSDTC'); DeleteService('DcomLaunchHidServSpoolerScheduleAudioSrv'); DeleteService('DcomLaunchHidServSpoolerSchedule'); DeleteService('CryptSvcW32TimeAudioSrvwscsvc'); DeleteService('CryptSvcTlntSvr'); DeleteService('CryptSvcFastUserSwitchingCompatibility'); DeleteService('CryptSvcAppMgmtNlaEventSystemwinmgmt'); DeleteService('CryptSvcAppMgmtNlaEventSystem'); DeleteService('CryptSvcAppMgmtHidServSpoolerVSSUPSwuauserv'); DeleteService('CryptSvcAppMgmtHidServ'); DeleteService('CryptSvcAppMgmt'); DeleteService('COMSysAppRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); DeleteService('ClipSrvNetlogon'); DeleteService('ClipSrv HotKey Poller'); DeleteService('BrowserRpcSsSharedAccessMessengermnmsrvcwuauservMSIServer'); DeleteService('BrowserRpcSsSharedAccess'); DeleteService('BITSW32TimeCryptSvcAppMgmt'); DeleteService('BITSW32Time HotKey Poller'); DeleteService('BITSW32Time'); DeleteService('BITSPolicyAgentDhcpWebaltaControllerShellHWDetectionLmHostsose'); DeleteService('BITSPolicyAgentDhcpWebaltaController'); DeleteService('BITSPolicyAgent'); DeleteService('AVPScheduleHidServSpooler'); DeleteService('AVPSCardSvrHidServstisvc'); DeleteService('AVPoseWmiApSrvAVPose'); DeleteService('AVPoseTapiSrvlanmanserverdmserverdmadmin'); DeleteService('AVPoseTapiSrvlanmanserverdmserverClipSrvNetlogon'); DeleteService('AVPoseTapiSrvlanmanserverdmserver'); DeleteService('AVPoseDhcpAVPSCardSvrHidServstisvcImapiServiceNlaEventSystemBrowsermnmsrvcwuauserv'); DeleteService('AVPoseDhcpAVPSCardSvrHidServstisvcImapiService'); DeleteService('AVPoseDhcpAVPSCardSvrHidServstisvc'); DeleteService('AVPose'); DeleteService('AudioSrvSCardSvr'); DeleteService('AudioSrvlanmanserver'); DeleteService('AudioSrvEventlogVSSW32Time'); DeleteService('AudioSrvEventlogVSSSSDPSRVWmiVSSUPS'); DeleteService('AudioSrvEventlogVSSHTTPFilterShellHWDetectionAVP'); DeleteService('AudioSrvEventlogVSS'); DeleteService('AudioSrvEventlogHTTPFilterwuauserv'); DeleteService('AudioSrvEventlog'); DeleteService('AtiRpcSsSharedAccess'); DeleteService('Atidmserver'); DeleteService('AtiDcomLaunchlanmanworkstationRasManCryptSvcSCardSvr'); DeleteService('AtiDcomLaunch'); DeleteService('ALGTlntSvrSCardSvrHidServ'); DeleteService('ALG Web Scanner'); DeleteService('Alerterwuauserv'); DeleteService('AlerterProtectedStorageRemoteAccess'); DeleteService('AlerterNtLmSsposemnmsrvcwuauservNlaEventSystemBITSHidServSpoolerseclogon'); DeleteService('AlerterAdobemnmsrvc'); DeleteService('AdobeRDSessMgrmnmsrvcwuauserv'); DeleteService('AdobemnmsrvcwuauservSamSs'); DeleteService('AdobemnmsrvcHidServSpoolermnmsrvcwuauserv'); DeleteService('AdobemnmsrvcAppMgmtAudioSrvEventlog'); DeleteService('Adobemnmsrvc'); DeleteFile('C:\WINDOWS\system32\adsnwd.exe'); DeleteFile('C:\WINDOWS\system32\sysrest.sys'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Win32Update'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','Win32Update'); BC_ImportAll; ExecuteSysClean; ExecuteWizard('TSW', 2, 2, true); ExecuteWizard('SCU', 2, 2, true); BC_DeleteSvc('Adobemnmsrvc'); BC_DeleteSvc('sysrest.sys'); BC_DeleteSvc('AdobemnmsrvcAppMgmt'); BC_DeleteSvc('AdobemnmsrvcAppMgmtAudioSrvEventlog'); BC_DeleteSvc('AdobemnmsrvcHidServSpoolermnmsrvcwuauserv'); BC_DeleteSvc('AdobemnmsrvcwuauservSamSs'); BC_DeleteSvc('AdobeRDSessMgrmnmsrvcwuauserv'); BC_DeleteSvc('AlerterNtLmSsposemnmsrvcwuauservNlaEventSystemBITSHidServSpoolerseclogon'); BC_DeleteSvc('AlerterProtectedStorageRemoteAccess'); BC_DeleteSvc('Alerterwuauserv'); BC_DeleteSvc('ALG Web Scanner'); BC_DeleteSvc('ALGTlntSvrSCardSvrHidServ'); BC_DeleteSvc('AtiDcomLaunch'); BC_DeleteSvc('AtiDcomLaunchlanmanworkstationRasManCryptSvcSCardSvr'); BC_DeleteSvc('Atidmserver'); BC_DeleteSvc('AtiRpcSsSharedAccess'); BC_DeleteSvc('AudioSrvEventlog'); BC_DeleteSvc('AudioSrvEventlogHTTPFilterwuauserv'); BC_DeleteSvc('AudioSrvEventlogVSS'); BC_DeleteSvc('AudioSrvEventlogVSSHTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('AudioSrvEventlogVSSSSDPSRVWmiVSSUPS'); BC_DeleteSvc('AudioSrvlanmanserver'); BC_DeleteSvc('AudioSrvSCardSvr'); BC_DeleteSvc('AVPose'); BC_DeleteSvc('AVPoseDhcpAVPSCardSvrHidServstisvc'); BC_DeleteSvc('AVPoseDhcpAVPSCardSvrHidServstisvcImapiService'); BC_DeleteSvc('AVPoseTapiSrvlanmanserverdmserver'); BC_DeleteSvc('AVPoseTapiSrvlanmanserverdmserverClipSrvNetlogon'); BC_DeleteSvc('AVPoseTapiSrvlanmanserverdmserverdmadmin'); BC_DeleteSvc('AVPoseWmiApSrvAVPose'); BC_DeleteSvc('AVPSCardSvrHidServstisvc'); BC_DeleteSvc('AVPScheduleHidServSpooler'); BC_DeleteSvc('BITSPolicyAgent'); BC_DeleteSvc('BITSPolicyAgentDhcpWebaltaController'); BC_DeleteSvc('BITSPolicyAgentDhcpWebaltaControllerShellHWDetectionLmHostsose'); BC_DeleteSvc('BITSW32Time'); BC_DeleteSvc('BITSW32Time HotKey Poller'); BC_DeleteSvc('BITSW32TimeCryptSvcAppMgmt'); BC_DeleteSvc('BrowserRpcSsSharedAccess'); BC_DeleteSvc('BrowserRpcSsSharedAccessMessengermnmsrvcwuauservMSIServer'); BC_DeleteSvc('ClipSrv HotKey Poller'); BC_DeleteSvc('ClipSrvNetlogon'); BC_DeleteSvc('COMSysAppRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); BC_DeleteSvc('CryptSvcAppMgmt'); BC_DeleteSvc('CryptSvcAppMgmtHidServ'); BC_DeleteSvc('CryptSvcAppMgmtHidServSpoolerVSSUPSwuauserv'); BC_DeleteSvc('CryptSvcAppMgmtNlaEventSystem'); BC_DeleteSvc('CryptSvcAppMgmtNlaEventSystemwinmgmt'); BC_DeleteSvc('CryptSvcFastUserSwitchingCompatibility'); BC_DeleteSvc('CryptSvcTlntSvr'); BC_DeleteSvc('CryptSvcW32TimeAudioSrvwscsvc'); BC_DeleteSvc('DcomLaunchHidServSpoolerSchedule'); BC_DeleteSvc('DcomLaunchHidServSpoolerScheduleAudioSrv'); BC_DeleteSvc('DcomLaunchHidServSpoolerScheduleMSDTC'); BC_DeleteSvc('DcomLaunchThemes'); BC_DeleteSvc('DcomLaunchThemesAdobemnmsrvcwuauservSamSs'); BC_DeleteSvc('DhcpAVPSCardSvrHidServstisvc'); BC_DeleteSvc('DhcpWebaltaController'); BC_DeleteSvc('DhcpWebaltaControllerCiSvc'); BC_DeleteSvc('dmadminmnmsrvc'); BC_DeleteSvc('dmserverBITS'); BC_DeleteSvc('dmserverBITSwuauservSamSs'); BC_DeleteSvc('dmserverBITSwuauservSamSswinmgmt'); BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauserv'); BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauservClipSrvNetlogon'); BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler'); BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauservwinmgmt'); BC_DeleteSvc('EventSystemNlaEventSystem'); BC_DeleteSvc('EventSystemNlaEventSystemRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); BC_DeleteSvc('EventSystemNlaEventSystemRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc'); BC_DeleteSvc('EventSystemNlaEventSystemSpoolerEventSystemNlaEventSystem'); BC_DeleteSvc('EventSystemNtLmSsp'); BC_DeleteSvc('FastUserSwitchingCompatibilityseclogon'); BC_DeleteSvc('FastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ'); BC_DeleteSvc('helpsvcSharedAccess'); BC_DeleteSvc('helpsvcSharedAccessProtectedStorageRemoteAccess'); BC_DeleteSvc('helpsvcSharedAccessProtectedStorageRemoteAccessEventlog'); BC_DeleteSvc('HidServ Web Scanner'); BC_DeleteSvc('HidServSpooler'); BC_DeleteSvc('HidServSpoolerCryptSvcTlntSvr'); BC_DeleteSvc('HidServSpoolermnmsrvcwuauserv'); BC_DeleteSvc('HidServSpoolermnmsrvcwuauservAVPoseTapiSrvlanmanserverdmserverdmadmin'); BC_DeleteSvc('HidServSpoolerSchedule'); BC_DeleteSvc('HidServSpoolerScheduleUMWdf'); BC_DeleteSvc('HidServSpoolerScheduleUMWdfdmserveroseMessengermnmsrvcwuauservwinmgmt'); BC_DeleteSvc('HidServSpoolerseclogon'); BC_DeleteSvc('HidServSpoolerVSSUPS'); BC_DeleteSvc('HidServSpoolerVSSUPSwuauserv'); BC_DeleteSvc('HidServSpoolerVSSUPSwuauservThemes'); BC_DeleteSvc('HidServSpoolerVSSUPSwuauservThemesCryptSvc'); BC_DeleteSvc('HidServSpoolerVSSUPSwuauservwuauserv'); BC_DeleteSvc('HidServSpoolerVSSUPSwuauservwuauservThemes'); BC_DeleteSvc('HTTPFilterBrowser'); BC_DeleteSvc('HTTPFilterBrowserMessenger'); BC_DeleteSvc('HTTPFilterBrowserMessengerDnscacheFastUserSwitchingCompatibilityseclogon'); BC_DeleteSvc('HTTPFilterBrowserMessengerDnscacheSENS'); BC_DeleteSvc('HTTPFilterBrowserMessengerDnscacheWebaltaControllerTrkWks'); BC_DeleteSvc('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauserv'); BC_DeleteSvc('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauservsrservice'); BC_DeleteSvc('HTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('HTTPFilterShellHWDetectionAVPWmiVSSUPS'); BC_DeleteSvc('HTTPFilterwuauserv'); BC_DeleteSvc('HTTPFilterwuauservSamSs'); BC_DeleteSvc('ImapiService LM Service'); BC_DeleteSvc('ImapiServiceMessengermnmsrvcwuauservTermService'); BC_DeleteSvc('ImapiServiceMessengerRasMan'); BC_DeleteSvc('ImapiServiceMessengerRasManwinmgmtSSDPSRV'); BC_DeleteSvc('lanmanworkstationRasManCryptSvcSCardSvr'); BC_DeleteSvc('MDMRasAuto'); BC_DeleteSvc('MDMRasAutoNetlogon'); BC_DeleteSvc('MDMRasAutoSCardSvrHidServWmdmPmSNTapiSrvSharedAccess'); BC_DeleteSvc('Messengermnmsrvcwuauserv'); BC_DeleteSvc('MessengermnmsrvcwuauservMSIServer'); BC_DeleteSvc('MessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('MessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN'); BC_DeleteSvc('MessengerRasMan'); BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilitySpoolermnmsrvcwuauservwuauservSamSs'); BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilityUMWdf'); BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter'); BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilityUMWdfwuauservImapiService'); BC_DeleteSvc('mnmsrvcwuauserv'); BC_DeleteSvc('mnmsrvcwuauservCryptSvc'); BC_DeleteSvc('mnmsrvcwuauservCryptSvcRasMandmserverBITS'); BC_DeleteSvc('mnmsrvcwuauservNetlogon'); BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS'); BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcp'); BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpmnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter'); BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpRasMandmserverBITS'); BC_DeleteSvc('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS'); BC_DeleteSvc('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSNetDDEdsdm'); BC_DeleteSvc('MSIServerSCardSvrdmadmin'); BC_DeleteSvc('NetDDEdsdmSpoolermnmsrvcwuauserv'); BC_DeleteSvc('NetDDEdsdmWmdmPmSN'); BC_DeleteSvc('NetlogonNtmsSvc'); BC_DeleteSvc('NetlogonNtmsSvcRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler'); BC_DeleteSvc('NetlogonNtmsSvcSharedAccess'); BC_DeleteSvc('NlaEventSystem'); BC_DeleteSvc('NlaEventSystemBITS'); BC_DeleteSvc('NlaEventSystemBrowser'); BC_DeleteSvc('NlaEventSystemBrowsermnmsrvcwuauserv'); BC_DeleteSvc('NlaEventSystemBrowserPolicyAgent'); BC_DeleteSvc('NtLmSsp HotKey Poller'); BC_DeleteSvc('NtLmSsposemnmsrvcwuauserv'); BC_DeleteSvc('NtLmSsposemnmsrvcwuauservBITSW32TimeCryptSvcAppMgmt'); BC_DeleteSvc('NtLmSsposemnmsrvcwuauservNlaEventSystemBITS'); BC_DeleteSvc('NtLmSsposemnmsrvcwuauservNlaEventSystemBITSHidServSpoolerseclogon'); BC_DeleteSvc('NtLmSsposemnmsrvcwuauservNlaEventSystemBITSWebClientwinmgmtSamSsTapiSrvlanmanserver'); BC_DeleteSvc('NtLmSspShellHWDetectionAVP'); BC_DeleteSvc('NtLmSspShellHWDetectionAVPTapiSrvlanmanserverNetDDEdsdmWmdmPmSN'); BC_DeleteSvc('NtmsSvcose'); BC_DeleteSvc('oseAlerter'); BC_DeleteSvc('osedmserver'); BC_DeleteSvc('osedmserverhelpsvc'); BC_DeleteSvc('osedmserverhelpsvcMDM'); BC_DeleteSvc('osedmserverhelpsvcMDMDhcpAVPSCardSvrHidServstisvc'); BC_DeleteSvc('osedmserverWebaltaController'); BC_DeleteSvc('osemnmsrvcwuauserv'); BC_DeleteSvc('oseosedmserver'); BC_DeleteSvc('PlugPlayHidServSpooler'); BC_DeleteSvc('PolicyAgentHidServSpooler'); BC_DeleteSvc('PolicyAgentHidServSpoolerAudioSrvEventlogHTTPFilterwuauserv'); BC_DeleteSvc('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); BC_DeleteSvc('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('ProtectedStorageERSvc'); BC_DeleteSvc('ProtectedStorageRemoteAccess'); BC_DeleteSvc('ProtectedStorageRemoteAccessNetlogonNtmsSvc'); BC_DeleteSvc('ProtectedStorageRemoteAccessNetlogonNtmsSvc LM Service'); BC_DeleteSvc('RasMan HotKey Poller'); BC_DeleteSvc('RasManCryptSvc'); BC_DeleteSvc('RasManCryptSvcmnmsrvcwuauservNetlogon'); BC_DeleteSvc('RasManCryptSvcSCardSvr'); BC_DeleteSvc('RasManCryptSvcSCardSvrVSSUPS'); BC_DeleteSvc('RasMandmserverBITS'); BC_DeleteSvc('RasManHTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('RasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler'); BC_DeleteSvc('RDSessMgrmnmsrvcwuauserv'); BC_DeleteSvc('RDSessMgrmnmsrvcwuauservEventSystemNlaEventSystem'); BC_DeleteSvc('RDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); BC_DeleteSvc('RemoteAccessBITSW32TimeCryptSvcAppMgmt'); BC_DeleteSvc('RemoteAccessCOMSysApp'); BC_DeleteSvc('RemoteAccessTapiSrvlanmanserverNetDDEdsdmWmdmPmSN'); BC_DeleteSvc('RemoteRegistryCOMSysApp'); BC_DeleteSvc('RemoteRegistryCOMSysAppSCardSvr'); BC_DeleteSvc('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); BC_DeleteSvc('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc'); BC_DeleteSvc('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvcSCardSvrHidServWmdmPmSN'); BC_DeleteSvc('RemoteRegistryosemnmsrvcwuauserv'); BC_DeleteSvc('RpcLocatorHidServSpooler'); BC_DeleteSvc('RpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv'); BC_DeleteSvc('RpcLocatorHidServSpoolerMessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN'); BC_DeleteSvc('RpcSsSharedAccess'); BC_DeleteSvc('RpcSsSharedAccessAudioSrv'); BC_DeleteSvc('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccess'); BC_DeleteSvc('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccessRpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS'); BC_DeleteSvc('RpcSsSharedAccessAudioSrvPolicyAgent'); BC_DeleteSvc('RpcSsSharedAccessAudioSrvPolicyAgentupnphost'); BC_DeleteSvc('RpcSsSharedAccesslanmanworkstation'); BC_DeleteSvc('RpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS'); BC_DeleteSvc('RpcSsSharedAccessThemes'); BC_DeleteSvc('SamSslanmanserver'); BC_DeleteSvc('SamSsRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv'); BC_DeleteSvc('SamSsTapiSrvlanmanserver'); BC_DeleteSvc('SamSsWmiVSSUPS'); BC_DeleteSvc('SCardSvrHidServ'); BC_DeleteSvc('SCardSvrHidServstisvc'); BC_DeleteSvc('SCardSvrHidServWmdmPmSN'); BC_DeleteSvc('SCardSvrHidServWmdmPmSNTapiSrvSharedAccess'); BC_DeleteSvc('ScheduleHidServSpooler'); BC_DeleteSvc('ScheduleUMWdfNetDDE'); BC_DeleteSvc('seclogonNlaEventSystemBrowser'); BC_DeleteSvc('seclogonRemoteRegistry'); BC_DeleteSvc('seclogonRemoteRegistrySharedAccess'); BC_DeleteSvc('ShellHWDetectionAVP'); BC_DeleteSvc('ShellHWDetectionHTTPFilterBrowser'); BC_DeleteSvc('ShellHWDetectionHTTPFilterBrowserSSDPSRV'); BC_DeleteSvc('ShellHWDetectionLmHostsose'); BC_DeleteSvc('ShellHWDetectionLmHostsoseSwPrvSysmonLogSSDPSRVWmiVSSUPS'); BC_DeleteSvc('ShellHWDetectionLmHostsoseWmiApSrv'); BC_DeleteSvc('Spooler Web Scanner'); BC_DeleteSvc('SpoolerEventSystemNlaEventSystemFastUserSwitchingCompatibility'); BC_DeleteSvc('SpoolerHTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('SpoolerHTTPFilterShellHWDetectionAVPAdobemnmsrvc'); BC_DeleteSvc('SpoolerHTTPFilterShellHWDetectionAVPmnmsrvc'); BC_DeleteSvc('Spoolermnmsrvcwuauserv'); BC_DeleteSvc('SpoolermnmsrvcwuauservSpoolerEventSystemNlaEventSystemFastUserSwitchingCompatibility'); BC_DeleteSvc('SpoolermnmsrvcwuauservSwPrv'); BC_DeleteSvc('SpoolermnmsrvcwuauservSwPrvAVPoseDhcpAVPSCardSvrHidServstisvc'); BC_DeleteSvc('SpoolermnmsrvcwuauservwuauservSamSs'); BC_DeleteSvc('SpoolerShellHWDetectionLmHostsose'); BC_DeleteSvc('SpoolerShellHWDetectionLmHostsosehelpsvc'); BC_DeleteSvc('SpoolerShellHWDetectionLmHostsoseRpcSsSharedAccess'); BC_DeleteSvc('SpoolerShellHWDetectionLmHostsosewinmgmtSSDPSRV'); BC_DeleteSvc('srserviceosemnmsrvcwuauserv'); BC_DeleteSvc('srserviceosemnmsrvcwuauservsrserviceRasManHTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('SSDPSRVWmiVSSUPS'); BC_DeleteSvc('StarWindServiceAE'); BC_DeleteSvc('SwPrvhelpsvc'); BC_DeleteSvc('SwPrvhelpsvcWmdmPmSN'); BC_DeleteSvc('SwPrvSysmonLog'); BC_DeleteSvc('SwPrvSysmonLogSSDPSRVWmiVSSUPS'); BC_DeleteSvc('SwPrvSysmonLogSSDPSRVWmiVSSUPS HotKey Poller'); BC_DeleteSvc('SwPrvSysmonLogSSDPSRVWmiVSSUPSoseAlerter'); BC_DeleteSvc('SysmonLogmnmsrvc'); BC_DeleteSvc('SysmonLogmnmsrvcProtectedStorageRemoteAccess'); BC_DeleteSvc('SysmonLogSharedAccess'); BC_DeleteSvc('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauserv'); BC_DeleteSvc('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservAlerterProtectedStorageRemoteAccess'); BC_DeleteSvc('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservTapiSrvlanmanserverdmserver'); BC_DeleteSvc('SysmonLogSharedAccessseclogonNlaEventSystemBrowser'); BC_DeleteSvc('SysmonLogSharedAccessWebClientwinmgmtAlerter'); BC_DeleteSvc('SysmonLogSharedAccessWmiApSrv'); BC_DeleteSvc('SysmonLogSharedAccessWmiApSrvWmdmPmSN'); BC_DeleteSvc('TapiSrvDcomLaunch'); BC_DeleteSvc('TapiSrvDcomLaunchTlntSvrSCardSvrHidServLmHosts'); BC_DeleteSvc('TapiSrvlanmanserver'); BC_DeleteSvc('TapiSrvlanmanserverdmserver'); BC_DeleteSvc('TapiSrvlanmanserverNetDDEdsdmWmdmPmSN'); BC_DeleteSvc('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv'); BC_DeleteSvc('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauservAtiRpcSsSharedAccess'); BC_DeleteSvc('TapiSrvSharedAccess'); BC_DeleteSvc('TlntSvrFastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ'); BC_DeleteSvc('TlntSvrNlaEventSystemBrowser'); BC_DeleteSvc('TlntSvrRpcSsSharedAccess'); BC_DeleteSvc('TlntSvrRpcSsSharedAccessdmserverBITS'); BC_DeleteSvc('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSsp'); BC_DeleteSvc('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSspMessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP'); BC_DeleteSvc('TlntSvrSCardSvrHidServ'); BC_DeleteSvc('TlntSvrSCardSvrHidServ Web Scanner'); BC_DeleteSvc('TlntSvrSCardSvrHidServLmHosts'); BC_DeleteSvc('TlntSvrSCardSvrHidServRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc'); BC_DeleteSvc('TlntSvrSCardSvrHidServThemes'); BC_DeleteSvc('TrkWksRpcSsSharedAccess'); BC_DeleteSvc('UMWdfMessengermnmsrvcwuauservMSIServer'); BC_DeleteSvc('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserver'); BC_DeleteSvc('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserverhelpsvcSharedAccessHTTPFilterBrowserMessenger'); BC_DeleteSvc('upnphostAudioSrvEventlogHTTPFilterwuauserv'); BC_DeleteSvc('upnphostAudioSrvEventlogHTTPFilterwuauservTlntSvrNlaEventSystemBrowser'); BC_DeleteSvc('VSSUPSVSS'); BC_DeleteSvc('VSSUPSVSSsrserviceosemnmsrvcwuauserv'); BC_DeleteSvc('VSSUPSVSSsrserviceosemnmsrvcwuauservAppMgmt'); BC_DeleteSvc('W32TimeAudioSrv'); BC_DeleteSvc('W32TimeAudioSrvwscsvc'); BC_DeleteSvc('W32TimeHidServwinmgmt'); BC_DeleteSvc('WebaltaController'); BC_DeleteSvc('WebaltaControllerTrkWks'); BC_DeleteSvc('WebaltaControllerTrkWksTrkWks'); BC_DeleteSvc('WebClientAVPoseTapiSrvlanmanserverdmserver'); BC_DeleteSvc('WebClientSchedule'); BC_DeleteSvc('WebClientwinmgmt'); BC_DeleteSvc('WebClientwinmgmtAlerter'); BC_DeleteSvc('WebClientwinmgmtAlerterTlntSvrNlaEventSystemBrowser'); BC_DeleteSvc('WebClientwinmgmtAlerterTlntSvrNlaEventSystemBrowserWebaltaControllerTrkWks'); BC_DeleteSvc('WebClientwinmgmtSamSsTapiSrvlanmanserver'); BC_DeleteSvc('WebClientwinmgmtSamSsTapiSrvlanmanserverNla'); BC_DeleteSvc('WebClientwinmgmtSysmonLog'); BC_DeleteSvc('winmgmtSSDPSRV'); BC_DeleteSvc('winmgmtSSDPSRVImapiServiceMessengermnmsrvcwuauserv'); BC_DeleteSvc('winmgmtSSDPSRVSCardSvrHidServstisvc'); BC_DeleteSvc('WmdmPmSNImapiServiceMessengermnmsrvcwuauserv'); BC_DeleteSvc('WmdmPmSNImapiServiceMessengermnmsrvcwuauservoseAlerter'); BC_DeleteSvc('WmdmPmSNImapiServiceMessengermnmsrvcwuauservstisvc'); BC_DeleteSvc('WmiApSrvAVPose'); BC_DeleteSvc('WmiApSrvAVPoseWmiProtectedStorage'); BC_DeleteSvc('WmiApSrvosedmserverhelpsvcMDM'); BC_DeleteSvc('WmiApSrvSCardSvrHidServWmdmPmSNNetDDEdsdmWmdmPmSN'); BC_DeleteSvc('WmiProtectedStorage'); BC_DeleteSvc('WmiProtectedStorageHTTPFilterSwPrvSysmonLog'); BC_DeleteSvc('WmiVSSUPS'); BC_DeleteSvc('WmiVSSUPSNetman'); BC_DeleteSvc('wuauservImapiService'); BC_DeleteSvc('wuauservImapiServicedmserverBITSwuauservSamSs'); BC_DeleteSvc('wuauservImapiServiceWebaltaControllerTrkWksTrkWks'); BC_DeleteSvc('wuauservSamSs'); BC_DeleteSvc('WZCSVCLmHostsSwPrvSysmonLog'); BC_DeleteSvc('WZCSVCTapiSrvlanmanserverdmserver'); BC_DeleteSvc('WZCSVCTapiSrvlanmanserverdmservermnmsrvc'); BC_Activate; RebootWindows(true); end.
- выполните такой скрипт
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темыКод:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip; hijackthis.log)
- Сделайте лог MBAM
polword - извиняюсь за задержку.
По делу:
quarantine.zip:
Результат загрузки
Файл сохранён как 100830_205410_quarantine_4c7be232b8f8e.zip
Размер файла 71072
MD5 9536a6e577ba33e6f1434ecd5b3b042c
Логи прилогают.
Жду дальнейшей инструкции
Спасибо!!!
Последний раз редактировалось forever; 24.11.2010 в 17:03.
1.Профиксите в HijackThis
2.Выполните скрипт в AVZКод:O2 - BHO: WebaltaBHO Object - {6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5} - C:\PROGRA~1\WebAlta\WEBALT~2.DLL (file missing) O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - (no file) O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file) O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темыКод:begin DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true); QuarantineFile('C:\WINDOWS\system32\rtutdmin.dll',''); CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
1,2 - Сделал.
Единственное quarantine.zip который получился - пустой.. к тому же я уже его загружал.. и поэтому 2-й раз не получается.
polword подскажи пожалуйста.
В итоге можно сказать что комп без вирусов?
Может быть стоит поставить фаервол?
Спасибо за помощь!!!
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 4
- В ходе лечения обнаружены вредоносные программы:
- c:\\windows\\system32\\adsnwd.exe - Backdoor.Win32.IRCNite.ao ( DrWEB: Trojan.Siggen2.20603, BitDefender: Backdoor.Bot.27759, AVAST4: Win32:Trojan-gen )
Уважаемый(ая) forever, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.