вот логи:
Printable View
вот логи:
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\Installer\32ed2dd.msi','');
DeleteFile('C:\WINDOWS\Installer\32ed2dd.msi');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.[/CODE]
После перезагрузки:
- выполните такой скрипт
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы
- Сделайте повторный лог [COLOR="Blue"]virusinfo_syscheck.zip[/COLOR]
- Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"][COLOR="Blue"][B]MBAM[/B][/COLOR][/URL]
после выполнения проверки на MBAM у меня стал интернет выклбючаться переодически. вот логи:
[URL="http://virusinfo.info/showpost.php?p=493584&postcount=2"]Удалите в МВАМ[/URL] [code]Заражённые ключи в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent.CK) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Repair Registry Pro (Rogue.RepairRegistryPro) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\StimulProfit (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RepairRegistryPro.exe (Rogue.RepairRegistryPro) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Repair Registry Pro (Rogue.RepairRegistryPro) -> No action taken.
Заражённые папки:
c:\documents and settings\Андрей\application data\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Андрей\application data\funwebproducts\Data (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Андрей\application data\funwebproducts\Data\Андрей (Adware.MyWebSearch) -> No action taken.
c:\program files\connectionservices (Trojan.BHO) -> No action taken.
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\relevantknowledge (Spyware.MarketScore) -> No action taken.
c:\program files\repair registry pro (RepairRegistryPro) -> No action taken.
c:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
c:\documents and settings\Андрей\local settings\application data\ntias64 (Trojan.Agent) -> No action taken.
c:\WINDOWS\svchost (Backdoor.Bot) -> No action taken.
Заражённые файлы:
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
d:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\G18AGXLA\logo[1].gif (Extension.Mismatch) -> No action taken.
c:\documents and settings\Андрей\application data\addons.dat (Bifrose.Trace) -> No action taken.
c:\documents and settings\Андрей\application data\avdrn.dat (Malware.Trace) -> No action taken.
c:\documents and settings\Андрей\application data\wiaserva.log (Malware.Trace) -> No action taken.
c:\documents and settings\Андрей\application data\wiaservg.log (Malware.Trace) -> No action taken.
c:\program files\common files\keylog.txt (Malware.Trace) -> No action taken.
c:\program files\connectionservices\uninstall.exe (Trojan.BHO) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\avatarsmallbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0004DA20.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0004EF3E.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0004FC4E.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00051554.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0005D8F2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0005E873.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00063CCD.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00063F2E.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00064180 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\004D63D4 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\relevantknowledge\MSVCP71.DLL (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\MSVCR71.DLL (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> No action taken.
c:\program files\repair registry pro\repairregistrypro.exe (RepairRegistryPro) -> No action taken.
c:\program files\repair registry pro\uninst.exe (RepairRegistryPro) -> No action taken.[/code]
я снова сделал проверку и удалил всё что нашел МВАМ. делать повторные логи авз?
- Сделайте повторный лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"][COLOR="Blue"][B]MBAM[/B][/COLOR][/URL]
лог:
Что с проблемой?
вроде всё норм) спасибо)
Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]18[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\docume~1\\admin\\locals~1\\temp\\svchoost.exe - [B]not-a-virus:RiskTool.Win32.BitCoinMiner.p[/B] ( DrWEB: Tool.BtcMine.4, BitDefender: Application.BitCoinMiner.H )[/LIST][/LIST]