Добрый день, подхватил трояна, диспетчер заблокирован.
Printable View
Добрый день, подхватил трояна, диспетчер заблокирован.
1. Пожалуйста, выполните скрипт AVZ:
[CODE]
begin
SearchRootkit(true, true);
QuarantineFile('Tosrfcom.sys', 'CHQ=N');
QuarantineFile('c:\windows\system32\fplogonserv.exe', 'CHQ=S');
QuarantineFile('C:\WINDOWS\system32\FpWinLogonNp.dll', 'CHQ=S');
QuarantineFile('C:\WINDOWS\System32\PrintFilterPipelineSvc.exe', 'CHQ=N');
QuarantineFile('c:\windows\system32\tamsvr.exe', 'CHQ=S');
QuarantineFile('C:\WINDOWS\System32\Drivers\sptd.sys', 'CHQ=S');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\usbhub.sys', 'CHQ=N');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3019.37109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3019.37143__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3019.37143__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll', 'CHQ=G');
QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll', 'CHQ=G');
QuarantineFile('C:\Program Files\TrueSuite Access Manager\biologon.dll', 'CHQ=G');
BC_QrFile('C:\WINDOWS\System32\PrintFilterPipelineSvc.exe');
BC_QrFile('C:\WINDOWS\System32\Drivers\sptd.sys');
BC_QrFile('C:\WINDOWS\system32\DRIVERS\usbhub.sys');
BC_Activate;
RebootWindows(true);
end.
[/CODE]
В ходе выполнения скрипта компьютер перезагрузится.
2. Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы
3. В протоколе обнаружено много неопознанных файлов, рекомендуется выполнить [URL]http://virusinfo.info/index.php?page=uploadclean[/URL]
Файл сохранён как 100226_132810_virus_4b87a23a242c5.zip
Размер файла 2847816
MD5 a5db90d0c16f59a422f83104d42726af
Запустите AVZ.
Выполните скрипт через меню Файл:
[code]
begin
ExecuteRepair(6);
ExecuteWizard('TSW', 2, 2, true);
RebootWindows(false);
end.
[/code]
Компьютер перезагрузится.
Проблема решена?
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]49[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]