braviax.exe buritos.exe и все все все -)

файлики и карантин....
080911_025543_Quarantine_48c8ceff8c5f0.zip
файл avz.exe переименован в nya.com потому ,что что-то недает его запускать -)
хайджек пока незапускается -(

Отключите антивирус и интернет!

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]

[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\karina.dat','');
QuarantineFile('C:\WINDOWS\system32\braviax.exe','');
DeleteService('Winye62');
DeleteService('Winye51');
DeleteService('Winye05');
DeleteService('Winxd62');
DeleteService('Winwd62');
DeleteService('Winwd27');
DeleteService('Winwc51');
DeleteService('Winvb51');
DeleteService('Winvb27');
DeleteService('Winua73');
DeleteService('Winua40');
DeleteService('Winty73');
DeleteService('Winty05');
DeleteService('Winsy27');
DeleteService('Winrw40');
DeleteService('Winrw27');
DeleteService('Winrw05');
DeleteService('Winqv73');
DeleteService('Winqv16');
DeleteService('Winqv05');
DeleteService('Winpu73');
DeleteService('Winpu27');
DeleteService('Winot40');
DeleteService('Winmr62');
DeleteService('Winmr51');
DeleteService('Winlr62');
DeleteService('Winlr27');
DeleteService('Winlr05');
DeleteService('Winkp27');
DeleteService('Winjo73');
DeleteService('Winjo62');
DeleteService('Winjo40');
DeleteService('Winin38');
DeleteService('Winin05');
DeleteService('Winhn40');
DeleteService('Winhm38');
DeleteService('Wingl51');
DeleteService('Wingl27');
DeleteService('Wingl16');
DeleteService('Winfk05');
DeleteService('Winej84');
DeleteService('Winej73');
DeleteService('Winej62');
DeleteService('Winej27');
DeleteService('Winej05');
DeleteService('Winch38');
DeleteService('Winch05');
DeleteService('Winbg62');
DeleteService('Winag84');
DeleteService('Winaf16');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winye62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winye51.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winye05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxd62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwd62.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwd27.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwc51.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winvb51.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvb27.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winua73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winua40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winty73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winty05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winsy27.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winrw40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrw27.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrw05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqv73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqv16.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqv05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpu73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpu27.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winot40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr51.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlr62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlr27.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlr05.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winkp27.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winjo73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winin38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winin05.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhn40.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhm38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingl51.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wingl27.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingl16.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfk05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winej84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winej73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winej62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winej27.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winej05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winch38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winch05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbg62.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winag84.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winaf16.sys','');
DeleteService('Cin51');
QuarantineFile('C:\WINDOWS\System32\Drivers\Cin51.sys','');
DeleteService('Beep');
DeleteService('wscsvcDhcp');
DeleteService('wscsvcBITS');
DeleteService('WmiEhttpSrv');
DeleteService('winmgmtekrn');
DeleteService('winmgmtclr_optimization_v2.0.50727_32');
DeleteService('WebClientCiSvc');
DeleteService('VSSSharedAccessmnmsrvcRpcLocator');
DeleteService('VSSdmadmin');
DeleteService('UPSNetDDETapiSrvSwPrv');
DeleteService('upnphostSharedAccessNtmsSvcWZCSVC');
DeleteService('upnphostDcomLaunch');
DeleteService('TlntSvrSENSERSvcRasAutoIDriverTEapHostSpoolerImapiServiceNtLmSspMSDTC');
DeleteService('TlntSvrSENSERSvcRasAuto');
DeleteService('TlntSvrSENS');
DeleteService('TapiSrvSwPrvDot3svc');
DeleteService('TapiSrvSwPrv');
DeleteService('TapiSrvaspnet_state');
DeleteService('SysmonLognapagentNetmanRemoteRegistry');
DeleteService('SysmonLognapagentNetman');
DeleteService('SysmonLognapagent');
DeleteService('SpoolerImapiServiceVSSdmadmin');
DeleteService('SpoolerImapiServiceNtLmSsp');
DeleteService('SpoolerImapiService');
DeleteService('ShellHWDetectionImapiService');
DeleteService('SharedAccessNtmsSvcWZCSVCdmserver');
DeleteService('SharedAccessNtmsSvcWZCSVC');
DeleteService('SharedAccessNtmsSvc');
DeleteService('SharedAccessmnmsrvcRpcLocatorRDSessMgrNtLmSsp');
DeleteService('SharedAccessmnmsrvcRpcLocatorRDSessMgr');
DeleteService('SharedAccessmnmsrvcRpcLocator');
DeleteService('SharedAccessmnmsrvc');
DeleteService('ScheduleMSIServer');
DeleteService('SCardSvrTrkWksALGDcomLaunch');
DeleteService('SCardSvrTrkWks');
DeleteService('SamSsNetman');
DeleteService('RemoteAccessmnmsrvc');
DeleteService('PolicyAgenthelpsvchkmsvcALGDcomLaunch');
DeleteService('PolicyAgenthelpsvchkmsvc');
DeleteService('PolicyAgenthelpsvc');
DeleteService('NtmsSvcIDriverTEapHost');
DeleteService('NetlogonHidServShellHWDetectionImapiService');
DeleteService('NetDDETapiSrvSwPrv');
DeleteService('MSDTCMSIServer');
DeleteService('lanmanserverseclogon');
DeleteService('IDriverTEapHostSpoolerImapiServiceNtLmSspMSDTC');
DeleteService('IDriverTEapHostSpoolerImapiServiceNtLmSsp');
DeleteService('IDriverTEapHost');
DeleteService('HTTPFilterNtLmSsp');
DeleteService('hkmsvcwinmgmt');
DeleteService('hkmsvchelpsvcTapiSrv');
DeleteService('HidServShellHWDetectionImapiServiceWebClientCiSvc');
DeleteService('HidServShellHWDetectionImapiService');
DeleteService('helpsvcTapiSrvW32TimeDhcp');
DeleteService('helpsvcTapiSrvW32Time');
DeleteService('helpsvcTapiSrv');
DeleteService('EventlogSwPrv');
DeleteService('EventlogNlaNetlogon');
DeleteService('EventlogNla');
DeleteService('ERSvcSCardSvrTrkWksTapiSrvSwPrv');
DeleteService('ERSvcSCardSvrTrkWks');
DeleteService('ERSvcRasAuto');
DeleteService('ekrnhkmsvchelpsvcTapiSrv');
DeleteService('dmadminScheduleWmiApSrv');
DeleteService('dmadminSchedule');
DeleteService('DcomLaunchhkmsvchelpsvcTapiSrvEventlogSwPrv');
DeleteService('DcomLaunchhkmsvchelpsvcTapiSrv');
DeleteService('ClipSrvTapiSrv');
DeleteService('ClipSrvaspnet_state');
DeleteService('BITSNla');
DeleteService('AudioSrvBITS');
DeleteService('aspnet_stateAlerter');
DeleteService('ALGDcomLaunch');
DeleteService('AlerterRDSessMgr');
QuarantineFile('srv.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Beep.SYS','');
QuarantineFile('C:\WINDOWS\system32\SamFaxPort.dll','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\WINDOWS\System32\Drivers\Beep.SYS');
DeleteFile('srv.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Cin51.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winaf16.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winag84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbg62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winch05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winch38.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winej05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winej27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winej62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winej73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winej84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfk05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingl16.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingl27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingl51.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhm38.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhn40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winin05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winin38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjo40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjo62.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjo73.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winkp27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlr05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlr27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlr62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr51.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winot40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpu27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpu73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqv05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqv16.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqv73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrw05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrw27.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winrw40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winsy27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winty05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winty73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winua40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winua73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvb27.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winvb51.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwc51.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwd27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwd62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxd62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winye05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winye51.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winye62.sys');
DeleteFile('C:\WINDOWS\system32\braviax.exe');
DeleteFile('C:\WINDOWS\system32\karina.dat');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]

Пришлите карантин по правилам,обновите базы AVZ и повторите логи...

повтор... хайджек запустилсо
карантин
080911_034904_Quarantine_48c8db808ac1b.zip

Закройте все открытые приложения, кроме АVZ и Internet Explorer.
Отключите
- ПК от интернета/локалки
- Антивирус и Файрвол.
- Системное восстановление.
-[URL="http://virusinfo.info/showthread.php?t=4491"]Пофиксите[/URL]
[CODE]R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - (no file)
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
[/CODE]
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('wscsvcDhcp');
DeleteService('VSSdmadmin');
DeleteService('TapiSrvSwPrv');
DeleteService('hkmsvcwinmgmt');
DeleteService('ERSvcRasAuto');
DeleteService('dmadminSchedule');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('wscsvcDhcp');
BC_DeleteSvc('VSSdmadmin');
BC_DeleteSvc('TapiSrvSwPrv');
BC_DeleteSvc('hkmsvcwinmgmt');
BC_DeleteSvc('ERSvcRasAuto');
BC_DeleteSvc('dmadminSchedule');
BC_Activate;
RebootWindows(true);
end.
[/CODE]

После перезагрузки:
- [url="http://virusinfo.info/showthread.php?t=10025"] Очистите [/url]темп-папки, кэш проводников и корзину.
- Закройте все программы, включая Антивирус и Файрвол, Оставьте запущенным [B]только Internet Explorer[/B]. Если он не запущен - запустите!!!
- Сделайте повторные логи по правилам.
- Включите Антвирус и Файрволл
- Подключите ПК к интернету/локалке
- Прикрепите логи к новому сообщению.

повтор 2

В логах чисто,жалобы есть?

нет нету -) спасибо