хватанул вирусов

Вложений: 1

хватанул вирусов

Установил якобы флеш плеер.с ним пришли и вирусы.
такие как програмы mystartsearch unistall. savepass 1.1. YTDownloder и многие другие.чистка нод 32 и утилитами авз и дрвеб не помогают.

Уважаемый(ая) [B]samosad[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\YTDownloader\Updater.exe','');
QuarantineFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\SFSHTSVK.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\KZKYTKB.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-7.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-5.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-3.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-7.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-11.exe','');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
QuarantineFile('C:\Program Files\Application Assistance\ap.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_re_194\upgmsd_re_194.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Kometa\kometaup.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.emorhc.bat','');
SetServiceStart('sbmntr', 4);
DeleteService('sbmntr');
QuarantineFile('C:\Program Files\globalUpdate\Update\GoogleUpdate.exe','');
DeleteService('globalUpdatem');
DeleteService('globalUpdate');
SetServiceStart('WindowsMangerProtect', 4);
SetServiceStart('pylywusy', 4);
DeleteService('WindowsMangerProtect');
DeleteService('pylywusy');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\jnse738.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\nsn71F.tmpfs','');
SetServiceStart('nitysyli', 4);
DeleteService('nitysyli');
SetServiceStart('BrsHelper', 4);
DeleteService('BrsHelper');
QuarantineFile('C:\PROGRA~1\YTDOWN~1\sbmntr.sys','');
QuarantineFile('C:\WINDOWS\system32\VCL.dll','');
QuarantineFile('C:\Program Files\XTab\SupTab.dll','');
QuarantineFile('C:\Program Files\SavePass 1.1\af95e478-6b0e-4690-abe8-844c6397ec61.dll','');
TerminateProcessByName('c:\program files\ytdownloader\ytdownloader.exe');
QuarantineFile('c:\program files\ytdownloader\ytdownloader.exe','');
TerminateProcessByName('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\nsn71f.tmpfs');
QuarantineFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\nsn71f.tmpfs','');
TerminateProcessByName('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe');
QuarantineFile('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe','');
TerminateProcessByName('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\jnse738.tmp');
QuarantineFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\jnse738.tmp','');
TerminateProcessByName('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe');
QuarantineFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','');
TerminateProcessByName('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe');
QuarantineFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','');
TerminateProcessByName('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe');
QuarantineFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','');
TerminateProcessByName('c:\progra~1\ytdown~1\browse~2.exe');
QuarantineFile('c:\progra~1\ytdown~1\browse~2.exe','');
TerminateProcessByName('c:\progra~1\ytdown~1\browserhelper.exe');
QuarantineFile('c:\progra~1\ytdown~1\browserhelper.exe','');
TerminateProcessByName('c:\program files\application assistance\ap.exe');
QuarantineFile('c:\program files\application assistance\ap.exe','');
DeleteFile('c:\program files\application assistance\ap.exe','32');
DeleteFile('c:\progra~1\ytdown~1\browserhelper.exe','32');
DeleteFile('c:\progra~1\ytdown~1\browse~2.exe','32');
DeleteFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','32');
DeleteFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','32');
DeleteFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','32');
DeleteFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\jnse738.tmp','32');
DeleteFile('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe','32');
DeleteFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\nsn71f.tmpfs','32');
DeleteFile('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\program files\ytdownloader\ytdownloader.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\af95e478-6b0e-4690-abe8-844c6397ec61.dll','32');
DeleteFile('C:\Program Files\XTab\SupTab.dll','32');
DeleteFile('C:\WINDOWS\system32\VCL.dll','32');
DeleteFile('C:\PROGRA~1\YTDOWN~1\sbmntr.sys','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\nsn71F.tmpfs','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\jnse738.tmp','32');
DeleteFile('C:\Program Files\globalUpdate\Update\GoogleUpdate.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb.bat','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kometaup');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Kometa\kometaup.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_re_194\upgmsd_re_194.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_194.exe');
DeleteFile('C:\Program Files\Application Assistance\ap.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ap');
DeleteFile('C:\Program Files\RCP\systweakasp.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SystweakASP');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','YTDownloader');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','YTDownloader');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-1-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-10_user.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-11.job','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-11.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-7.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-3.exe','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-3.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-5.job','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-5.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-6.job','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-7.exe','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\WINDOWS\Tasks\KZKYTKB.job','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\KZKYTKB.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\SFSHTSVK.exe','32');
DeleteFile('C:\WINDOWS\Tasks\SFSHTSVK.job','32');
DeleteFile('C:\WINDOWS\Tasks\SMupdate1.job','32');
DeleteFile('C:\WINDOWS\Tasks\SMupdate2.job','32');
DeleteFile('C:\WINDOWS\Tasks\SMupdate3.job','32');
DeleteFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','32');
DeleteFile('C:\WINDOWS\Tasks\YTDownloader.job','32');
DeleteFile('C:\WINDOWS\Tasks\YTDownloaderUpd.job','32');
DeleteFile('C:\Program Files\YTDownloader\Updater.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(15);
RebootWindows(false);
end.[/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 2[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] над первым сообщением темы.

[B][COLOR="Blue"]Сделайте новые логи по правилам[/COLOR][/B]

[SPOILER=Сделайте дополнительно]Сделайте лог [url="http://virusinfo.info/showthread.php?t=53070&p=1104657&viewfull=1#post1104657"]полного сканирования МВАМ[/url]
Сделайте лог [url="http://virusinfo.info/soft/tool.php?tool=checkbrowserlnk"]Check Browsers' LNK[/url]
[/SPOILER]