Куча вирусов проверьте пожалуйста логи

Printable View

19.11.2008, 16:00
nvhost

Куча вирусов проверьте пожалуйста логи

Нашел на компе куча вирусов боюсь еще не все чисто,пожалуйста проверьте логи
19.11.2008, 16:43
Гриша

Я бы сказал у вас далеко не чисто :)

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]

[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\wini10543.exe','');
QuarantineFile('C:\WINDOWS\system32\wini10541.exe','');
QuarantineFile('C:\WINDOWS\system32\scui.cpl','');
QuarantineFile('C:\Program Files\AntiSpywareXP2009\Uninstall.exe','');
QuarantineFile('C:\Documents and Settings\Лорочка.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\IDYQ7K0K\Install[1].exe','');
QuarantineFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\RYQO1H6D\Install[1].exe','');
QuarantineFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temp\loader.exe','');
QuarantineFile('c:\windows\system32\karna.dat','');
QuarantineFile('C:\WINDOWS\System32\brastk.exe','');
DeleteService('Winyo63');
DeleteService('Winyo42');
DeleteService('Winyn84');
DeleteService('Winyn52');
DeleteService('Winym08');
DeleteService('Winyl73');
DeleteService('Winyj08');
DeleteService('Winxl54');
DeleteService('Winwm06');
DeleteService('Winwl85');
DeleteService('Winwl73');
DeleteService('Winwj10');
DeleteService('Winwi87');
DeleteService('Winvj28');
DeleteService('Winvg87');
DeleteService('Winvg76');
DeleteService('Winui32');
DeleteService('Winti84');
DeleteService('Wintf85');
DeleteService('Wintf31');
DeleteService('Winse76');
DeleteService('Winse30');
DeleteService('Winrf74');
DeleteService('Winqe28');
DeleteService('Winpg42');
DeleteService('Winpd63');
DeleteService('Winpd52');
DeleteService('Winpc28');
DeleteService('Winoh30');
DeleteService('Winod74');
DeleteService('Winoc52');
DeleteService('Winny08');
DeleteService('Winnx27');
DeleteService('Winnx06');
DeleteService('Winmy65');
DeleteService('Winmx07');
DeleteService('Winmw43');
DeleteService('Winmb41');
DeleteService('Winkx64');
DeleteService('Winku21');
DeleteService('Winjw30');
DeleteService('Winjv62');
DeleteService('Winjv20');
DeleteService('Winju75');
DeleteService('Winjt12');
DeleteService('Winja75');
DeleteService('Winix10');
DeleteService('Winio63');
DeleteService('Winhx20');
DeleteService('Winhw53');
DeleteService('Winht44');
DeleteService('Winhs64');
DeleteService('Winhs63');
DeleteService('Wingt30');
DeleteService('Wingr76');
DeleteService('Wingr31');
DeleteService('Wingp84');
DeleteService('Winft32');
DeleteService('Wines74');
DeleteService('Wines52');
DeleteService('Wines42');
DeleteService('Winep08');
DeleteService('Windy21');
DeleteService('Windt07');
DeleteService('Winds56');
DeleteService('Windr62');
DeleteService('Windo31');
DeleteService('Wincu10');
DeleteService('Winbq42');
DeleteService('Winbo62');
DeleteService('Winbo30');
DeleteService('Winbo08');
DeleteService('Winas18');
DeleteService('Winao06');
DeleteService('Winan40');
DeleteService('Winam32');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyo63.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyo42.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyn84.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyn52.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winym08.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyl73.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyj08.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winxl54.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwm06.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwl85.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwl73.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwj10.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwi87.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winvj28.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winvg87.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winvg76.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winui32.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winti84.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wintf85.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wintf31.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winsk21.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winsg17.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winse76.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winse30.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winrf74.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winqe28.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winpg42.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winpd63.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winpd52.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winpc28.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winox54.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winoj87.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winoh30.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winoc52.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winny08.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winnx27.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winnx06.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winmy65.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winmx07.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winmw43.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winmb41.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winla74.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winkx64.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winjw30.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winjv62.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winjv20.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winju75.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winjt12.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winja75.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winix10.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winit75.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winio63.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhx20.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhw53.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winht44.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhs64.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhs63.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wingt30.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wingr76.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wingr31.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wingp84.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winft32.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winfr64.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wines74.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wines52.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wines42.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wineq06.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winep08.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Windy21.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Windt07.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winds56.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Windr62.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Windo31.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wincu10.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winbq42.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winbp28.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winbo62.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winbo30.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winbo08.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winas18.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winao06.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winan40.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winam32.sys','');
DeleteService('ethooklj');
QuarantineFile('C:\WINDOWS\system32\drivers\ethooklj.sys','');
DeleteService('WZCSVCBrowser');
DeleteService('Wmilanmanserver');
DeleteService('WmiApSrvNtmsSvcAlerter');
DeleteService('winmgmtSharedAccess');
DeleteService('VSSWmdmPmSpCryptSvcEventlogdmserver');
DeleteService('VSSWmdmPmSp');
DeleteService('uploadmgrClipSrvSysmonLoglanmanserver');
DeleteService('TrkWkslanmanserverlanmanserverDhcp');
DeleteService('TrkWkslanmanserverlanmanserver');
DeleteService('TlntSvrTrkWks');
DeleteService('stisvcResetRpcLocatoruploadmgr');
DeleteService('stisvcResetRpcLocatordmadminShellHWDetection');
DeleteService('stisvcResetRpcLocatordmadminlanmanserverlanmanserver');
DeleteService('stisvcResetRpcLocatorCryptSvcEventlog');
DeleteService('stisvcResetRpcLocator');
DeleteService('stisvcEventSystemCryptSvcEventlogDhcpAppMgmtAudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
DeleteService('stisvcEventSystemCryptSvcEventlogDhcpAppMgmt');
DeleteService('stisvcEventSystem');
DeleteService('SSDPSRVTapiSrvSamSsSCardDrvMessenger');
DeleteService('SSDPSRVTapiSrv');
DeleteService('srserviceDnscacheBrowserRSVPBrowserDhcp');
DeleteService('srserviceDnscacheBrowserRSVPBrowser');
DeleteService('SpoolerSCardSvr');
DeleteService('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmiCryptSvcSamSs');
DeleteService('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
DeleteService('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvcSCardDrvWebClient');
DeleteService('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvc');
DeleteService('SharedAccessAppMgmtNetmanCOMSysApp');
DeleteService('SharedAccessAppMgmt');
DeleteService('SENSNetDDEdsdm');
DeleteService('ScheduleRSVPBrowserMDMRemoteRegistryResetRpcLocator');
DeleteService('ScheduleRSVPBrowser');
DeleteService('SCardDrvWebClient');
DeleteService('SCardDrvSamSsSCardDrvMessenger');
DeleteService('SCardDrvMessenger');
DeleteService('SamSsSCardDrvMessenger');
DeleteService('RSVPose');
DeleteService('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan');
DeleteService('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserver');
DeleteService('RpcSsWebClient');
DeleteService('RpcSsRemoteRegistryuploadmgr');
DeleteService('RpcLocatorSharedAccessAppMgmt');
DeleteService('RpcLocatorRasManNtLmSsp');
DeleteService('RpcLocatorRasMan');
DeleteService('ResetRpcLocator');
DeleteService('RemoteRegistryuploadmgr');
DeleteService('RemoteRegistryResetRpcLocatorRSVPose');
DeleteService('RemoteRegistryResetRpcLocator');
DeleteService('RemoteRegistrylanmanserverlanmanserverTapiSrv');
DeleteService('PolicyAgentlanmanworkstation');
DeleteService('PolicyAgentEventlogAVPSSDPSRV');
DeleteService('PolicyAgentEventlog');
DeleteService('osesrservice');
DeleteService('NtmsSvcAppMgmt');
DeleteService('NtmsSvcAlerter');
DeleteService('NtLmSspRemoteRegistryResetRpcLocator');
DeleteService('NetmanCOMSysApp');
DeleteService('NetlogonMessenger');
DeleteService('MSDTCNtLmSspsrservice');
DeleteService('MSDTCNtLmSsp');
DeleteService('MSDTCCiSvc');
DeleteService('MDMRemoteRegistryResetRpcLocatorAppMgmt');
DeleteService('MDMRemoteRegistryResetRpcLocator');
DeleteService('LmHostswuauserv');
DeleteService('lanmanserverlanmanserverTapiSrv');
DeleteService('lanmanserverlanmanserver');
DeleteService('lanmanserverAVPProtectedStorage');
DeleteService('lanmanserverAVP');
DeleteService('lanmanserver 5');
DeleteService('HidServRpcSs');
DeleteService('HidServMSIServer');
DeleteService('EventlogdmadminBITS');
DeleteService('Eventlogdmadmin');
DeleteService('ERSvcRpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan');
DeleteService('DnscacheBrowserRSVPBrowser');
DeleteService('dmadminuploadmgrseclogon');
DeleteService('dmadminuploadmgrERSvcAudioSrvCiSvc');
DeleteService('dmadminuploadmgrERSvc');
DeleteService('dmadminuploadmgr');
DeleteService('DhcpTermService');
DeleteService('DhcpMSDTCCiSvc');
DeleteService('DhcpAppMgmt');
DeleteService('CryptSvcupnphost');
DeleteService('CryptSvcSamSs');
DeleteService('CryptSvcEventlogImapiServiceNtmsSvcAlerterlanmanserverlanmanserverTapiSrv');
DeleteService('CryptSvcEventlogEventlogdmadminBITS');
DeleteService('CryptSvcEventlogdmserver');
DeleteService('CryptSvcEventlogDhcpAppMgmt');
DeleteService('CryptSvcEventlog');
DeleteService('ClipSrvSysmonLogWebClientWmiSSDPSRVTapiSrv');
DeleteService('ClipSrvSysmonLogWebClientWmiBrowserFastUserSwitchingCompatibility');
DeleteService('ClipSrvSysmonLogWebClientWmi');
DeleteService('ClipSrvSysmonLogWebClient');
DeleteService('ClipSrvSysmonLoglanmanserverAVP');
DeleteService('ClipSrvSysmonLoglanmanserver');
DeleteService('CiSvcClipSrvSysmonLogWebClient');
DeleteService('CiSvcAudioSrv');
DeleteService('BrowserRSVPBrowser');
DeleteService('BrowserFastUserSwitchingCompatibility');
DeleteService('BITSMSDTCNtLmSsp');
DeleteService('AVPSSDPSRV');
DeleteService('AudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
DeleteService('AudioSrvCiSvc');
DeleteService('AppMgmtNetDDEdsdm');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\System32\uthn.exe','');
QuarantineFile('C:\WINDOWS\system32\linkinoo.dll','');
DeleteFile('C:\WINDOWS\system32\linkinoo.dll');
DeleteFile('C:\WINDOWS\System32\uthn.exe');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\drivers\ethooklj.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winam32.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winan40.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winao06.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winas18.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbo08.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbo30.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbo62.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbp28.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbq42.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wincu10.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windo31.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windr62.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winds56.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windt07.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windy21.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winep08.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wineq06.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wines42.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wines52.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wines74.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winfr64.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winft32.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingp84.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingr31.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingr76.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingt30.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhs63.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhs64.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winht44.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhw53.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhx20.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winio63.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winit75.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winix10.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winja75.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjt12.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winju75.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjv20.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjv62.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjw30.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winku21.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winla74.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winmb41.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winmw43.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winmx07.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winmy65.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winnx06.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winnx27.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winny08.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winoc52.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winod74.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winoh30.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winoj87.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winox54.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpc28.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpd52.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpd63.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpg42.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winqe28.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winrf74.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winse30.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winse76.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsg17.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsk21.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wintf31.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wintf85.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winti84.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winui32.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winvg76.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winvg87.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winvj28.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwi87.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwj10.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwl73.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwl85.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwm06.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winxl54.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyj08.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyl73.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winym08.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyn52.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyn84.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyo42.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyo63.sys');
DeleteFile('C:\WINDOWS\System32\blphc11oj0epwo.scr');
DeleteFile('C:\WINDOWS\System32\brastk.exe');
DeleteFile('c:\windows\system32\karna.dat');
DeleteFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temp\loader.exe');
DeleteFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\RYQO1H6D\Install[1].exe');
DeleteFile('C:\Documents and Settings\Лорочка.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\IDYQ7K0K\Install[1].exe');
DeleteFile('C:\Program Files\AntiSpywareXP2009\Uninstall.exe');
DeleteFile('C:\WINDOWS\system32\scui.cpl');
DeleteFile('C:\WINDOWS\system32\wini10541.exe');
DeleteFile('C:\WINDOWS\system32\wini10543.exe');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(5);
ExecuteRepair(6);
ExecuteRepair(13);
RebootWindows(true);
end.[/CODE]

Пришлите карантин по правилам и повторите логи...
20.11.2008, 14:35
nvhost

Логи повтор
20.11.2008, 16:25
Гриша

[URL="http://virusinfo.info/showthread.php?t=4491"]Пофиксить[/URL]

[CODE]O20 - AppInit_DLLs: c:\windows\system32\karna.dat
O20 - Winlogon Notify: reset5 - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O21 - SSODL: UpdateCheck - {0DDD1A25-BE60-4DAC-AACA-4E440EC87AC4} - (no file)[/CODE]

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]

[CODE]begin
SetAVZGuardStatus(True);
BC_DeleteSvc('Winkx64');
BC_DeleteSvc('WZCSVCBrowser');
BC_DeleteSvc('Wmilanmanserver');
BC_DeleteSvc('WmiApSrvNtmsSvcAlerter');
BC_DeleteSvc('winmgmtSharedAccess');
BC_DeleteSvc('VSSWmdmPmSpCryptSvcEventlogdmserver');
BC_DeleteSvc('VSSWmdmPmSp');
BC_DeleteSvc('uploadmgrClipSrvSysmonLoglanmanserver');
BC_DeleteSvc('TrkWkslanmanserverlanmanserverDhcp');
BC_DeleteSvc('TrkWkslanmanserverlanmanserver');
BC_DeleteSvc('TlntSvrTrkWks');
BC_DeleteSvc('stisvcResetRpcLocatoruploadmgr');
BC_DeleteSvc('stisvcResetRpcLocatordmadminShellHWDetection');
BC_DeleteSvc('stisvcResetRpcLocatordmadminlanmanserverlanmanserver');
BC_DeleteSvc('stisvcResetRpcLocator');
BC_DeleteSvc('stisvcEventSystemCryptSvcEventlogDhcpAppMgmt');
BC_DeleteSvc('stisvcEventSystem');
BC_DeleteSvc('SSDPSRVTapiSrvSamSsSCardDrvMessenger');
BC_DeleteSvc('SSDPSRVTapiSrv');
BC_DeleteSvc('srserviceDnscacheBrowserRSVPBrowser');
BC_DeleteSvc('SpoolerSCardSvr');
BC_DeleteSvc('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmiCryptSvcSamSs');
BC_DeleteSvc('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
BC_DeleteSvc('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvcSCardDrvWebClient');
BC_DeleteSvc('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvc');
BC_DeleteSvc('SharedAccessAppMgmtNetmanCOMSysApp');
BC_DeleteSvc('SharedAccessAppMgmt');
BC_DeleteSvc('SENSNetDDEdsdm');
BC_DeleteSvc('ScheduleRSVPBrowserMDMRemoteRegistryResetRpcLocator');
BC_DeleteSvc('ScheduleRSVPBrowser');
BC_DeleteSvc('SCardDrvWebClient');
BC_DeleteSvc('SCardDrvSamSsSCardDrvMessenger');
BC_DeleteSvc('SCardDrvMessenger');
BC_DeleteSvc('SamSsSCardDrvMessenger');
BC_DeleteSvc('RSVPBrowser');
BC_DeleteSvc('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserver');
BC_DeleteSvc('RpcSsWebClient');
BC_DeleteSvc('RpcSsRemoteRegistryuploadmgr');
BC_DeleteSvc('RpcLocatorSharedAccessAppMgmt');
BC_DeleteSvc('RpcLocatorRasManNtLmSsp');
BC_DeleteSvc('ResetRpcLocator');
BC_DeleteSvc('RemoteRegistryResetRpcLocator');
BC_DeleteSvc('RemoteRegistrylanmanserverlanmanserverTapiSrv');
BC_DeleteSvc('PolicyAgentlanmanworkstation');
BC_DeleteSvc('PolicyAgentEventlogAVPSSDPSRV');
BC_DeleteSvc('osesrservice');
BC_DeleteSvc('NtmsSvcAppMgmt');
BC_DeleteSvc('NtmsSvcAlerterlanmanserverlanmanserverTapiSrv');
BC_DeleteSvc('NetmanCOMSysApp');
BC_DeleteSvc('NetlogonMessenger');
BC_DeleteSvc('MSDTCNtLmSspsrservice');
BC_DeleteSvc('MSDTCNtLmSsp');
BC_DeleteSvc('MSDTCCiSvc');
BC_DeleteSvc('MDMRemoteRegistryResetRpcLocatorAppMgmt');
BC_DeleteSvc('MDMRemoteRegistryResetRpcLocator');
BC_DeleteSvc('LmHostswuauserv');
BC_DeleteSvc('lanmanserverlanmanserverTapiSrv');
BC_DeleteSvc('lanmanserverlanmanserver');
BC_DeleteSvc('lanmanserverAVP');
BC_DeleteSvc('ImapiServiceNtmsSvcAlerterlanmanserverlanmanserverTapiSrv');
BC_DeleteSvc('HidServRpcSs');
BC_DeleteSvc('HidServMSIServer');
BC_DeleteSvc('EventlogdmadminBITS');
BC_DeleteSvc('Eventlogdmadmin');
BC_DeleteSvc('ERSvcRpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan');
BC_DeleteSvc('DnscacheBrowserRSVPBrowser');
BC_DeleteSvc('dmadminuploadmgrseclogon');
BC_DeleteSvc('dmadminuploadmgrERSvcAudioSrvCiSvc');
BC_DeleteSvc('dmadminuploadmgrERSvc');
BC_DeleteSvc('dmadminuploadmgr');
BC_DeleteSvc('DhcpTermService');
BC_DeleteSvc('DhcpMSDTCCiSvc');
BC_DeleteSvc('DhcpAppMgmt');
BC_DeleteSvc('CryptSvcupnphost');
BC_DeleteSvc('CryptSvcSamSs');
BC_DeleteSvc('CryptSvcEventlogImapiServiceNtmsSvcAlerterlanmanserverlanmanserverTapiSrv');
BC_DeleteSvc('CryptSvcEventlogEventlogdmadminBITS');
BC_DeleteSvc('CryptSvcEventlogdmserver');
BC_DeleteSvc('CryptSvcEventlogDhcpAppMgmt');
BC_DeleteSvc('CryptSvcEventlog');
BC_DeleteSvc('ClipSrvSysmonLogWebClientWmiSSDPSRVTapiSrv');
BC_DeleteSvc('ClipSrvSysmonLogWebClientWmiClipSrvSysmonLogWebClient');
BC_DeleteSvc('ClipSrvSysmonLogWebClientWmiBrowserFastUserSwitchingCompatibility');
BC_DeleteSvc('ClipSrvSysmonLogWebClientWmi');
BC_DeleteSvc('ClipSrvSysmonLogWebClient');
BC_DeleteSvc('ClipSrvSysmonLoglanmanserverAVP');
BC_DeleteSvc('ClipSrvSysmonLoglanmanserver');
BC_DeleteSvc('ClipSrvSysmonLog');
BC_DeleteSvc('CiSvcClipSrvSysmonLogWebClient');
BC_DeleteSvc('CiSvcAudioSrv');
BC_DeleteSvc('BrowserRSVPBrowser');
BC_DeleteSvc('BrowserFastUserSwitchingCompatibility');
BC_DeleteSvc('BITSMSDTCNtLmSsp');
BC_DeleteSvc('AVPSSDPSRV');
BC_DeleteSvc('AudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
BC_DeleteSvc('AudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
BC_DeleteSvc('AppMgmtNetDDEdsdm');
DeleteFile('C:\WINDOWS\System32\drivers\Winkx64.sys');
DeleteFile('c:\windows\system32\karna.dat');
DeleteFile('WinCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\drivers\Winir40.sys');
DeleteFile('C:\WINDOWS\system32\drivers\Winkx64.sys');
DeleteFile('C:\WINDOWS\system32\drivers\Winnb17.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]

Повторите логи...
21.11.2008, 14:39
nvhost

Вот логи повтор,когда фиксил строку O20 - AppInit_DLLs: c:\windows\system32\karna.dat он написал ошибку,какую к сожалению не помню
21.11.2008, 14:47
Гриша

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]

[CODE]begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('stisvcResetRpcLocatordmadmin');
DeleteService('stisvcResetRpcLocatorCryptSvcEventlog');
DeleteService('stisvcEventSystemCryptSvcEventlogDhcpAppMgmtAudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
DeleteService('srserviceDnscacheBrowserRSVPBrowserDhcp');
DeleteService('RSVPose');
DeleteService('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan');
DeleteService('RpcLocatorRasMan');
DeleteService('RemoteRegistryuploadmgr');
DeleteService('RemoteRegistryResetRpcLocatorRSVPose');
DeleteService('PolicyAgentEventlog');
DeleteService('NtmsSvcAlerter');
DeleteService('NtLmSspRemoteRegistryResetRpcLocator');
DeleteService('lanmanserverAVPProtectedStorage');
DeleteService('lanmanserver 5');
DeleteService('AudioSrvCiSvc');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DeleteSvc('stisvcResetRpcLocatordmadmin');
BC_DeleteSvc('stisvcResetRpcLocatorCryptSvcEventlog');
BC_DeleteSvc('stisvcEventSystemCryptSvcEventlogDhcpAppMgmtAudioSrvCiSvcClipSrvSysmonLogWebClientWmi');
BC_DeleteSvc('srserviceDnscacheBrowserRSVPBrowserDhcp');
BC_DeleteSvc('RSVPose');
BC_DeleteSvc('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan');
BC_DeleteSvc('RpcLocatorRasMan');
BC_DeleteSvc('RemoteRegistryuploadmgr');
BC_DeleteSvc('RemoteRegistryResetRpcLocatorRSVPose');
BC_DeleteSvc('PolicyAgentEventlog');
BC_DeleteSvc('NtmsSvcAlerter');
BC_DeleteSvc('NtLmSspRemoteRegistryResetRpcLocator');
BC_DeleteSvc('lanmanserverAVPProtectedStorage');
BC_DeleteSvc('lanmanserver 5');
BC_DeleteSvc('AudioSrvCiSvc');
BC_Activate;
RebootWindows(true);
end.[/CODE]

Повторите пункт 2 диагностики...
21.11.2008, 15:06
nvhost

[quote=Гриша;312498][URL="http://virusinfo.info/showthread.php?t=7239"][/URL]Повторите пункт 2 диагностики...[/quote]Какой пункт?не понял
21.11.2008, 15:12
Гриша

Второй стандартный скрипт...
21.11.2008, 15:22
PavelA

%SystemRoot%\System32\dimsntfy.dll - файлик на диске поищите.
21.11.2008, 16:06
nvhost

[quote=PavelA;312527]%SystemRoot%\System32\dimsntfy.dll - файлик на диске поищите.[/quote]
и чего с ним сделать?

[size="1"][color="#666686"][B][I]Добавлено через 1 минуту[/I][/B][/color][/size]

Еще тут это программа пристала проверка подленности от майкрософт пишет все время типа надо проверить надо проверить,не подскажите как избавиться от нее?
21.11.2008, 16:09
Гриша

Логи повторите для начала...
21.11.2008, 16:15
PavelA

[QUOTE=nvhost;312568]и чего с ним сделать?
[/QUOTE]

Если не найдется, то будем следы его в реестре удалять.
21.11.2008, 18:58
nvhost

Вот повтор логов
21.11.2008, 19:06
nvhost

[quote=PavelA;312578]Если не найдется, то будем следы его в реестре удалять.[/quote]
нашел есть такой
21.11.2008, 19:08
Гриша

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]

[CODE]begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('C:\WINDOWS\brastk.exe');
DeleteFile('C:\WINDOWS\system32\drivers\Winka53.sys');
DeleteFile('C:\WINDOWS\system32\drivers\Winpg31.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]

Повторите 3 стандартный скрипт...
22.11.2008, 10:20
nvhost

Повтор
22.11.2008, 11:10
Гриша

Чисто...
22.11.2008, 12:50
nvhost

Спасибо!!!!!!!!)))))))))))))))))))
22.02.2009, 08:54
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]291[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\администратор.9j8unz3jrbbkhy5\\local settings\\temp\\loader.exe - [B]Trojan.Win32.Agent.zkv[/B] (DrWEB: Trojan.DownLoad.2077)[*] c:\\documents and settings\\администратор.9j8unz3jrbbkhy5\\local settings\\temporary internet files\\content.ie5\\ryqo1h6d\\install[1].exe - [B]not-a-virus:FraudTool.Win32.XPAntiSpyware2009.d[/B] (DrWEB: Trojan.Fakealert.1670)[*] c:\\documents and settings\\лорочка.9j8unz3jrbbkhy5\\local settings\\temporary internet files\\content.ie5\\idyq7k0k\\install[1].exe - [B]Trojan-Downloader.Win32.FraudLoad.vdkw[/B] (DrWEB: Trojan.Packed.1214)[*] c:\\program files\\antispywarexp2009\\uninstall.exe - [B]Trojan-Downloader.Win32.FraudLoad.vdkw[/B] (DrWEB: Trojan.Packed.1214)[*] c:\\windows\\system32\\brastk.exe - [B]Trojan-Downloader.Win32.Agent.amoo[/B] (DrWEB: Trojan.Packed.1214)[*] c:\\windows\\system32\\drivers\\ethooklj.sys - [B]Rootkit.Win32.Agent.cik[/B] (DrWEB: Trojan.Spambot.3546)[*] c:\\windows\\system32\\drivers\\winam32.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winan40.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winao06.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winas18.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winbo08.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winbo30.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winbo62.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winbp28.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winbq42.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wincu10.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\windo31.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\windr62.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winds56.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\windt07.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\windy21.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winep08.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wineq06.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wines42.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wines52.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wines74.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winfr64.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winft32.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wingp84.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wingr31.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wingr76.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wingt30.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winhs63.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winhs64.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winht44.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winhw53.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winhx20.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winio63.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winir40.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winit75.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winix10.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winja75.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winjt12.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winju75.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winjv20.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winjv62.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winjw30.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winku21.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winkx64.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winla74.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winmb41.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winmw43.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winmx07.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winmy65.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winnb17.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winnx06.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winnx27.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winny08.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winoc52.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winod74.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winoh30.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winoj87.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winox54.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winpc28.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winpd52.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winpd63.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winpg42.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winqe28.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winrf74.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winse30.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winse76.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winsg17.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winsk21.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wintf31.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\wintf85.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winti84.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winui32.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winvg76.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winvg87.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winvj28.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winwi87.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winwj10.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winwl73.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winwl85.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winwm06.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winxl54.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winyj08.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winyl73.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winym08.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winyn52.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winyn84.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winyo42.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\drivers\\winyo63.sys - [B]Trojan-Downloader.Win32.Mutant.aim[/B] (DrWEB: Trojan.Rntm.10)[*] c:\\windows\\system32\\karna.dat - [B]Backdoor.Win32.Small.gjm[/B] (DrWEB: Trojan.Proxy.1739)[*] c:\\windows\\system32\\scui.cpl - [B]not-a-virus:FraudTool.Win32.XPAntivirus.ld[/B] (DrWEB: Trojan.Fakealert.991)[*] c:\\windows\\system32\\uthn.exe - [B]Net-Worm.Win32.Kolab.aei[/B] (DrWEB: Trojan.Packed.650)[*] c:\\windows\\system32\\winctrl32.dll - [B]Trojan-Downloader.Win32.Mutant.bsz[/B] (DrWEB: BackDoor.Bulknet.300)[*] c:\\windows\\system32\\wini10541.exe - [B]Trojan-Downloader.Win32.FraudLoad.vdkw[/B] (DrWEB: Trojan.Packed.1214)[*] c:\\windows\\system32\\wini10543.exe - [B]Trojan-Downloader.Win32.FraudLoad.vdsr[/B] (DrWEB: Trojan.Packed.1214)[/LIST][/LIST]