У меня сильное подозрение что на мой компьютер напали вирусы. Посмотрите пожалуйста.
Printable View
У меня сильное подозрение что на мой компьютер напали вирусы. Посмотрите пожалуйста.
[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\_scui.cpl','');
QuarantineFile('autorun.bat','');
DeleteService('Winyn66');
DeleteService('Winxt44');
DeleteService('Winxd22');
DeleteService('Winws00');
DeleteService('Winwn66');
DeleteService('Winty22');
DeleteService('Wintw55');
DeleteService('Winsx00');
DeleteService('Winov55');
DeleteService('Winne66');
DeleteService('Winna55');
DeleteService('Winna11');
DeleteService('Winmm66');
DeleteService('Winmk11');
DeleteService('Winls33');
DeleteService('Winkp66');
DeleteService('Winkg55');
DeleteService('Winjs11');
DeleteService('Winhv00');
DeleteService('Wingn00');
DeleteService('Wingm22');
DeleteService('Wingc22');
DeleteService('Winfi00');
DeleteService('Winch00');
DeleteService('Winca00');
DeleteService('Winbk77');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyn66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxt44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxd22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwn66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winty22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winsx00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqf33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winov55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winof88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winls33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkp66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkg55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkf77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjs11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjj33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhv00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingn00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingm22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingc22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfi00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winao88.sys','');
DeleteService('wuauservTlntSvr');
DeleteService('wscsvcstisvc');
DeleteService('W32TimeWmi');
DeleteService('TrkWksRasMan');
DeleteService('ShellHWDetectionSCardSvr');
DeleteService('ShellHWDetectionLmHosts');
DeleteService('ServiceLayerRpcLocator');
DeleteService('seclogonseclogon');
DeleteService('ScheduleNla');
DeleteService('SamSsxmlprov');
DeleteService('RpcLocatorseclogon');
DeleteService('RasAutoProtectedStorageHidServ');
DeleteService('ProtectedStorageHidServ');
DeleteService('NVSvcupnphost');
DeleteService('NetmanLmHosts');
DeleteService('NetmanAntiVirServiceUPS');
DeleteService('NetmanAntiVirService');
DeleteService('NetDDEdsdmAlerter');
DeleteService('mnmsrvcDhcpServiceLayer');
DeleteService('lanmanworkstationxmlprov');
DeleteService('HidServAudioSrv');
DeleteService('Google Online Services');
QuarantineFile('Google Online Services.sys','');
DeleteService('FastUserSwitchingCompatibilityWmdmPmSN');
DeleteService('EventSystemNetDDEdsdm');
DeleteService('DhcpServiceLayerServiceLayerRpcLocator');
DeleteService('DhcpServiceLayer');
DeleteService('CryptSvcNtmsSvc');
DeleteService('BrowserNetman');
QuarantineFile('srv.exe','');
DeleteFile('srv.exe');
DeleteFile('Google Online Services.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winao88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winat33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbk77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winch00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfi00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winft33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingc22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingm22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingn00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhv00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjj33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjs11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkf77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkg55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkp66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winls33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmk11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmm66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winna11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winna55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winne66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winof88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winov55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqf33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winsx00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wintw55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winty22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winul44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwn66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winws00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxd22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxt44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyn66.sys');
DeleteFile('WinCtrl32.dll');
DeleteFile('autorun.bat');
DeleteFile('C:\WINDOWS\system32\_scui.cpl');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(5 );
ExecuteRepair(6 );
RegKeyStrParamWrite('HKCU','Control Panel\International','sTimeFormat','H:mm:ss');
RegKeyStrParamWrite('HKEY_USERS','.DEFAULT\Control Panel\Desktop','Wallpaper','');
RebootWindows(true);
end.[/CODE]
Пришлите карантин по правилам и повторите логи...
Вроде бы все сделали
[URL="http://virusinfo.info/showthread.php?t=4491"]Пофиксить[/URL]
[CODE]O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\[/CODE]
[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]
[CODE]begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('Winca00');
DeleteFile('C:\WINDOWS\System32\Drivers\Winca00.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DeleteSvc('Winca00');
BC_Activate;
RebootWindows(true);
end.[/CODE]
Повторите пункт 2 диагностики...
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]51[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\windows\\system32\\_scui.cpl - [B]not-a-virus:FraudTool.Win32.XPSecurityCenter.bq[/B] (DrWEB: Trojan.Fakealert.2082)[/LIST][/LIST]