Вирус блокирует запуск антивируса Касперского антивирус ставится но запустится не может. Gmer детектирует руткит в системе. Проверял систему AVPTool и CureIt а так же сканировал с помощью рекавери диска Касперского нечего не было обнаружено.
Printable View
Вирус блокирует запуск антивируса Касперского антивирус ставится но запустится не может. Gmer детектирует руткит в системе. Проверял систему AVPTool и CureIt а так же сканировал с помощью рекавери диска Касперского нечего не было обнаружено.
Скопируйте текст ниже в блокнот и сохраните как файл с названием CFScript.txt на рабочий стол.
[code]KillAll::
File::
c:\windows\system32\ukkjd.dll
Driver::
Folder::
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^ЎЎЎЎЎЎ.lnk]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00648261-ffea-11dd-a67e-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00648263-ffea-11dd-a67e-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c7baf1a-dee7-11de-a865-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb5083b-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb50844-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb50857-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb5087b-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb50893-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb50899-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb508a9-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb508b7-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb508e2-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb508f0-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb508f2-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb508ff-5c8b-11de-a735-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fa6618c-e867-11de-a87e-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e5b0561-6300-11de-a742-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e5b0585-6300-11de-a742-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25603001-08e9-11de-a696-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a97327f-1a9a-11de-a6b1-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e293f07-07df-11de-a690-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e8f39de-0ea9-11de-a69e-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3384e213-2893-11de-a6d5-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39d72266-ce9d-11de-a83a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{420ed15b-ce82-11de-a839-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54168177-135b-11de-a6a1-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{547c9a27-5499-11de-a722-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{553c32c1-d981-11dd-a643-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55d2fdc4-37de-11df-9d43-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55d2fdc6-37de-11df-9d43-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{566cad31-a73d-11de-a7ce-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ada0359-d1b9-11dd-a63b-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c6400f5-72f0-11de-a761-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c6400f6-72f0-11de-a761-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c640128-72f0-11de-a761-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605bdaf6-622e-11de-a741-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a0bf-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a0fe-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a11b-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a12a-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a132-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a150-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a157-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a164-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a16b-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7385a180-6537-11de-a745-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7727ae40-646a-11de-a743-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7727ae7d-646a-11de-a743-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7727ae85-646a-11de-a743-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7727aea0-646a-11de-a743-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae5f7e-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae5fec-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae5ff6-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae6004-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae6011-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae6024-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae606b-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae60b3-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eae60ba-eb76-11de-a88a-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80842db8-128b-11de-a6a0-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a1a6004-d263-11dd-a63c-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0c851d2-ebb7-11de-a88b-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6056492-27cd-11de-a6d4-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a95030d2-2efa-11de-a6e7-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa821c40-03df-11de-a68b-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac7e5e26-6a34-11de-a747-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ada54b1f-51bb-11de-a719-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade874e2-e53a-11de-a879-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b19eb2eb-e8a7-11de-a880-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2967d37-0b3c-11de-a69b-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b296845f-0b3c-11de-a69b-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b62e9e62-e919-11de-a882-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b62e9e6c-e919-11de-a882-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04eda8a-b945-11de-a7f9-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04edab3-b945-11de-a7f9-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04edafd-b945-11de-a7f9-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04edb30-b945-11de-a7f9-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2842291-d8f6-11de-a855-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2842294-d8f6-11de-a855-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c973defe-a9c7-11de-a7d1-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4db5b5-555e-11de-a723-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4db5e8-555e-11de-a723-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd99dd02-f763-11dd-a671-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b302e3-eea7-11de-a892-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff165-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff16c-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff172-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff197-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff1b5-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff1dc-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff1f1-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4aff20d-620b-11de-a740-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ad9d08-b701-11de-a7f4-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6790e8d-d8cf-11de-a853-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9ac331a-d5a1-11dd-a63d-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de2888eb-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de288906-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28891a-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de288923-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28892b-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28893a-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28893f-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de288945-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28894c-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de288952-5af8-11de-a734-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df88a4b9-1466-11de-a6a4-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a6bcc0-c323-11de-a81f-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72a5f35-c856-11de-a828-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72a5fae-c856-11de-a828-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72a5fbc-c856-11de-a828-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5ebc4d-5a2e-11de-a731-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeddc856-edfa-11de-a891-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0d6a75d-ff97-11de-a8c4-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8d9722e-3981-11df-9d46-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8d9722f-3981-11df-9d46-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd4fd51a-d8da-11de-a854-001d72cc6916}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdf75cae-5a31-11de-a732-001d72cc6916}]
FileLook::
DirLook::[/code]
После сохранения переместите CFScript.txt на пиктограмму ComboFix.exe.
[IMG]http://i076.radikal.ru/1003/e5/554faea12baf.gif[/IMG]
Когда сохранится новый отчет ComboFix, запакуйте ComboFix.txt и прикрепите к сообщению.
Выполнил вот лог
Запакуйте, пожалуйста, папку [B]C:\Qoobox\Quarantine[/B] с паролем [B]virus[/B] и пришлите по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы
Сделайте еще раз логи gmer и AVZ
Карантин отправил
[CODE]\windows\apppatch\acadproc.dll
\windows\system32\drivers\afd.sys
\windows\system32\og.dll
\windows\system32\og.edt
[/CODE][URL="http://virusinfo.info/showpost.php?p=514765&postcount=3"]восстановите из карантина[/URL]
Также восстановите содержимое папки [B]registry_backups[/B], кроме legacy_abp470n5.reg.dat
Что сейчас с проблемой?
Всё антивирус установился и работает без проблем. Спасибо вам большое как всегда выручаете меня. Какие будут дальнейшие указания?
Установите [URL="http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=ru"]SP3[/URL] (может потребоваться активация) + все новые заплатки
Установите [URL="www.adobe.com/products/acrobat/"]Adobe Acrobat 9.3[/URL] или удалите старый
Обновите [URL="http://www.java.com/ru/download/manual.jsp"]JavaRE[/URL]
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]26[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]