не грузиться Yandex и многие другие файры. Помогите
Printable View
не грузиться Yandex и многие другие файры. Помогите
Закройте все открытые приложения, кроме АVZ и Internet Explorer.
Отключите
- ПК от интернета/локалки
- Антивирус и Файрвол.
- Системное восстановление.
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт[/URL]
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('WZCSVCdmserverEventSystemstisvc');
StopService('wuauservSSDPSRV');
StopService('Wmi Driver HPZ12');
StopService('Winta17');
StopService('Wingn41');
StopService('Winfm28');
StopService('VSSHidServ');
StopService('UMWdfaspnet_state');
StopService('ThemesoseShellHWDetectionSharedAccess');
StopService('Themesose');
StopService('TapiSrvRasAutoWmi');
StopService('SwPrvoseAppMgmtSpooler');
StopService('SwPrvose');
StopService('SwPrvNetmanclr_optimization_v2.0.50727_32WmiApSrv');
StopService('SwPrvNetman');
StopService('stisvcThemesose');
StopService('srserviceNetman');
StopService('ShellHWDetectionSharedAccess');
StopService('ShellHWDetectionclr_optimization_v2.0.50727_32FastUserSwitchingCompatibility');
StopService('SENSClipSrv');
StopService('SCardSvrupnphost');
StopService('SCardSvrCryptSvcSchedule');
StopService('SCardSvrCryptSvc');
StopService('RpcLocatorTapiSrvRasAutoWmi');
StopService('RemoteAccessSwPrv');
StopService('RasAutoWmi');
StopService('RasAutoRasAutoWmi');
StopService('oselanmanserver');
StopService('NtmsSvcUMWdf');
StopService('NMIndexingServiceEventSystem');
StopService('MSDTCstisvc');
StopService('mnmsrvcThemes');
StopService('EventSystemstisvc');
StopService('dmserverRemoteAccess');
StopService('dmserverEventSystemstisvc');
StopService('dmadminImapiService');
StopService('DhcpPlugPlayMSDTC');
StopService('DhcpPlugPlayDhcpPlugPlayMSDTC');
StopService('DhcpPlugPlay');
StopService('DhcpNtmsSvc');
StopService('Dhcplanmanworkstation');
StopService('COMSysAppPolicyAgent');
StopService('clr_optimization_v2.0.50727_32WmiApSrv');
StopService('clr_optimization_v2.0.50727_32FastUserSwitchingCompatibilityShellHWDetectionSharedAccess');
StopService('clr_optimization_v2.0.50727_32FastUserSwitchingCompatibility');
StopService('ClipSrvRpcSs');
StopService('ClipSrvdmserverRemoteAccess');
StopService('BrowserHTTPFilter');
StopService('BITSNetlogon');
StopService('AutodeskWmdmPmSN');
StopService('AudioSrvProtectedStorage');
StopService('AppMgmtSpooler');
StopService('ALGTapiSrv');
StopService('ALGEventlog');
StopService('AlerterSENS');
QuarantineFile('svc32.dll','');
QuarantineFile('karina.dat','');
QuarantineFile('csrss5.dll','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winta17.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingn41.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfm28.sys','');
DeleteService('WZCSVCdmserverEventSystemstisvc');
DeleteService('wuauservSSDPSRV');
DeleteService('Wmi Driver HPZ12');
DeleteService('Winta17');
DeleteService('Wingn41');
DeleteService('Winfm28');
DeleteService('VSSHidServ');
DeleteService('UMWdfaspnet_state');
DeleteService('ThemesoseShellHWDetectionSharedAccess');
DeleteService('Themesose');
DeleteService('TapiSrvRasAutoWmi');
DeleteService('SwPrvoseAppMgmtSpooler');
DeleteService('SwPrvose');
DeleteService('SwPrvNetmanclr_optimization_v2.0.50727_32WmiApSrv');
DeleteService('SwPrvNetman');
DeleteService('stisvcThemesose');
DeleteService('srserviceNetman');
DeleteService('ShellHWDetectionSharedAccess');
DeleteService('ShellHWDetectionclr_optimization_v2.0.50727_32FastUserSwitchingCompatibility');
DeleteService('SENSClipSrv');
DeleteService('SCardSvrupnphost');
DeleteService('SCardSvrCryptSvcSchedule');
DeleteService('SCardSvrCryptSvc');
DeleteService('RpcLocatorTapiSrvRasAutoWmi');
DeleteService('RemoteAccessSwPrv');
DeleteService('RasAutoWmi');
DeleteService('RasAutoRasAutoWmi');
DeleteService('oselanmanserver');
DeleteService('NtmsSvcUMWdf');
DeleteService('NMIndexingServiceEventSystem');
DeleteService('MSDTCstisvc');
DeleteService('mnmsrvcThemes');
DeleteService('EventSystemstisvc');
DeleteService('dmserverRemoteAccess');
DeleteService('dmserverEventSystemstisvc');
DeleteService('dmadminImapiService');
DeleteService('DhcpPlugPlayMSDTC');
DeleteService('DhcpPlugPlayDhcpPlugPlayMSDTC');
DeleteService('DhcpPlugPlay');
DeleteService('DhcpNtmsSvc');
DeleteService('Dhcplanmanworkstation');
DeleteService('COMSysAppPolicyAgent');
DeleteService('clr_optimization_v2.0.50727_32WmiApSrv');
DeleteService('clr_optimization_v2.0.50727_32FastUserSwitchingCompatibilityShellHWDetectionSharedAccess');
DeleteService('clr_optimization_v2.0.50727_32FastUserSwitchingCompatibility');
DeleteService('ClipSrvRpcSs');
DeleteService('ClipSrvdmserverRemoteAccess');
DeleteService('BrowserHTTPFilter');
DeleteService('BITSNetlogon');
DeleteService('AutodeskWmdmPmSN');
DeleteService('AudioSrvProtectedStorage');
DeleteService('AppMgmtSpooler');
DeleteService('ALGTapiSrv');
DeleteService('ALGEventlog');
DeleteService('AlerterSENS');
DeleteFile('svc32.dll');
DeleteFile('karina.dat');
DeleteFile('csrss5.dll');
DeleteFile('C:\WINDOWS\System32\Drivers\Winta17.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingn41.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfm28.sys');
DelBHO('{21D7135F-AEE9-45e7-A0C1-791A4654BFF1}');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('WZCSVCdmserverEventSystemstisvc');
BC_DeleteSvc('wuauservSSDPSRV');
BC_DeleteSvc('Wmi Driver HPZ12');
BC_DeleteSvc('Winta17');
BC_DeleteSvc('Wingn41');
BC_DeleteSvc('Winfm28');
BC_DeleteSvc('VSSHidServ');
BC_DeleteSvc('UMWdfaspnet_state');
BC_DeleteSvc('ThemesoseShellHWDetectionSharedAccess');
BC_DeleteSvc('Themesose');
BC_DeleteSvc('TapiSrvRasAutoWmi');
BC_DeleteSvc('SwPrvoseAppMgmtSpooler');
BC_DeleteSvc('SwPrvose');
BC_DeleteSvc('SwPrvNetmanclr_optimization_v2.0.50727_32WmiApSrv');
BC_DeleteSvc('SwPrvNetman');
BC_DeleteSvc('stisvcThemesose');
BC_DeleteSvc('srserviceNetman');
BC_DeleteSvc('ShellHWDetectionSharedAccess');
BC_DeleteSvc('ShellHWDetectionclr_optimization_v2.0.50727_32FastUserSwitchingCompatibility');
BC_DeleteSvc('SENSClipSrv');
BC_DeleteSvc('SCardSvrupnphost');
BC_DeleteSvc('SCardSvrCryptSvcSchedule');
BC_DeleteSvc('SCardSvrCryptSvc');
BC_DeleteSvc('RpcLocatorTapiSrvRasAutoWmi');
BC_DeleteSvc('RemoteAccessSwPrv');
BC_DeleteSvc('RasAutoWmi');
BC_DeleteSvc('RasAutoRasAutoWmi');
BC_DeleteSvc('oselanmanserver');
BC_DeleteSvc('NtmsSvcUMWdf');
BC_DeleteSvc('NMIndexingServiceEventSystem');
BC_DeleteSvc('MSDTCstisvc');
BC_DeleteSvc('mnmsrvcThemes');
BC_DeleteSvc('EventSystemstisvc');
BC_DeleteSvc('dmserverRemoteAccess');
BC_DeleteSvc('dmserverEventSystemstisvc');
BC_DeleteSvc('dmadminImapiService');
BC_DeleteSvc('DhcpPlugPlayMSDTC');
BC_DeleteSvc('DhcpPlugPlayDhcpPlugPlayMSDTC');
BC_DeleteSvc('DhcpPlugPlay');
BC_DeleteSvc('DhcpNtmsSvc');
BC_DeleteSvc('Dhcplanmanworkstation');
BC_DeleteSvc('COMSysAppPolicyAgent');
BC_DeleteSvc('clr_optimization_v2.0.50727_32WmiApSrv');
BC_DeleteSvc('clr_optimization_v2.0.50727_32FastUserSwitchingCompatibilityShellHWDetectionSharedAccess');
BC_DeleteSvc('clr_optimization_v2.0.50727_32FastUserSwitchingCompatibility');
BC_DeleteSvc('ClipSrvRpcSs');
BC_DeleteSvc('ClipSrvdmserverRemoteAccess');
BC_DeleteSvc('BrowserHTTPFilter');
BC_DeleteSvc('BITSNetlogon');
BC_DeleteSvc('AutodeskWmdmPmSN');
BC_DeleteSvc('AudioSrvProtectedStorage');
BC_DeleteSvc('AppMgmtSpooler');
BC_DeleteSvc('ALGTapiSrv');
BC_DeleteSvc('ALGEventlog');
BC_DeleteSvc('AlerterSENS');
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(13);
RebootWindows(true);
end.
[/CODE]
После перезагрузки:
- [url="http://virusinfo.info/showthread.php?t=10025"] Очистите [/url]темп-папки, кэш проводников и корзину.
- Закройте все программы, включая Антивирус и Файрвол, Оставьте запущенным [B]только Internet Explorer[/B]. Если он не запущен - запустите!!!
- Сделайте повторные логи по правилам.
- Включите Антвирус и Файрволл
- Подключите ПК к интернету/локалке
- Закачайте карантин по ссылке [COLOR="Red"][B]Прислать запрошенный карантин[/B][/COLOR] вверху темы (Приложение 3 правил).
- Прикрепите логи к новому сообщению.
в догонку-> Пофиксить @ hijakthis:
[code]R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
R3 - URLSearchHook: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O1 - Hosts: 1
O2 - BHO: Rmn plugin - {21D7135F-AEE9-45e7-A0C1-791A4654BFF1} - svc32.dll (file missing)
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: Csrss - csrss5.dll (file missing)[/code]
[color=red] не забыть отключить восстановление системы, там полно гадости.[/color]
старалась четко следовать указаниям.
[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]
[CODE]begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('K4hostEL');
QuarantineFile('C:\WINDOWS\system32\K4hostElSvc.exe','');
DeleteFile('C:\WINDOWS\system32\K4hostElSvc.exe');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('K4hostEL');
BC_Activate;
RebootWindows(true);
end.[/CODE]
Пришлите карантин по правилам и повторите логи...
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]12[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]