Показано с 1 по 6 из 6.

visdrive.exe и aadrive32.exe загружают систему (заявка № 102374)

  1. 18.05.2011, 13:23 #1
    Pace
    Pace вне форума
    Junior Member Репутация
    Регистрация
    02.04.2010
    Сообщений
    22
    Вес репутации
    52

    visdrive.exe и aadrive32.exe загружают систему

    Здравствуйте,
    процессы visdrive.exe и aadrive32.exe загружают систему на 100%
    visdrive.exe удалось остановить и удалил aadrive32.exe из C:/windows
    В системе куча каких то файлов с расширением .exe
    прикрепил логи согласно правилам
    помогите пожалуйста!
    Последний раз редактировалось Pace; 18.05.2011 в 13:35. Причина: забыл прикрепить файлы
  2.  Будь в курсе! Будь в курсе!
    Реклама на VirusInfo

    Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

    Anti-Malware Telegram
     
  3. 18.05.2011, 13:24 #2
    Info_bot
    Info_bot вне форума
    Cyber Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Info_bot
    Регистрация
    11.05.2011
    Сообщений
    2,287
    Вес репутации
    378
    Уважаемый(ая) Pace, спасибо за обращение на наш форум!

    Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы, в самое ближайшее время, ответят на Ваш запрос.

    Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
  4. 18.05.2011, 20:42 #3
    polword
    polword вне форума
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    23.06.2009
    Адрес
    Пермь
    Сообщений
    11,186
    Вес репутации
    551
    - Выполните скрипт в AVZ
    Код:
    begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\88.exe','');
 QuarantineFile('C:\WINDOWS\system32\87.scr','');
 QuarantineFile('C:\WINDOWS\system32\86.scr','');
 QuarantineFile('C:\WINDOWS\system32\85.scr','');
 QuarantineFile('C:\WINDOWS\system32\85.exe','');
 QuarantineFile('C:\WINDOWS\system32\84.scr','');
 QuarantineFile('C:\WINDOWS\system32\84.exe','');
 QuarantineFile('C:\WINDOWS\system32\82.scr','');
 QuarantineFile('C:\WINDOWS\system32\82.exe','');
 QuarantineFile('C:\WINDOWS\system32\76.exe','');
 QuarantineFile('C:\WINDOWS\system32\75.scr','');
 QuarantineFile('C:\WINDOWS\system32\74.scr','');
 QuarantineFile('C:\WINDOWS\system32\73.scr','');
 QuarantineFile('C:\WINDOWS\system32\72.scr','');
 QuarantineFile('C:\WINDOWS\system32\71.scr','');
 QuarantineFile('C:\WINDOWS\system32\68.scr','');
 QuarantineFile('C:\WINDOWS\system32\67.scr','');
 QuarantineFile('C:\WINDOWS\system32\66.scr','');
 QuarantineFile('C:\WINDOWS\system32\63.scr','');
 QuarantineFile('C:\WINDOWS\system32\58.scr','');
 QuarantineFile('C:\WINDOWS\system32\57.scr','');
 QuarantineFile('C:\WINDOWS\system32\55.scr','');
 QuarantineFile('C:\WINDOWS\system32\54.scr','');
 QuarantineFile('C:\WINDOWS\system32\53.scr','');
 QuarantineFile('C:\WINDOWS\system32\50.scr','');
 QuarantineFile('C:\WINDOWS\system32\47.exe','');
 QuarantineFile('C:\WINDOWS\system32\42.scr','');
 QuarantineFile('C:\WINDOWS\system32\38.scr','');
 QuarantineFile('C:\WINDOWS\system32\33.scr','');
 QuarantineFile('C:\WINDOWS\system32\32.scr','');
 QuarantineFile('C:\WINDOWS\system32\32.exe','');
 QuarantineFile('C:\WINDOWS\system32\30.scr','');
 QuarantineFile('C:\WINDOWS\system32\20.scr','');
 QuarantineFile('C:\WINDOWS\system32\15.scr','');
 QuarantineFile('C:\WINDOWS\system32\14.scr','');
 QuarantineFile('C:\WINDOWS\system32\13.scr','');
 QuarantineFile('C:\WINDOWS\system32\11.scr','');
 QuarantineFile('C:\WINDOWS\system32\11.exe','');
 QuarantineFile('C:\WINDOWS\system32\10.scr','');
 QuarantineFile('C:\WINDOWS\system32\10.exe','');
 QuarantineFile('C:\WINDOWS\system32\08.scr','');
 QuarantineFile('C:\WINDOWS\system32\06.scr','');
 QuarantineFile('C:\WINDOWS\system32\03.scr','');
 QuarantineFile('C:\WINDOWS\system32\03.exe','');
 QuarantineFile('C:\WINDOWS\system32\00.scr','');
 DelCLSID('{XL43Y412-BIRD-MACA-LAV9-564AZKMAE}');
 QuarantineFile('c:\RECYCLER\S-6-5-21-1482476501-1644491937-1282847265-1013\ATm.exe','');
 QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Xkaaax.exe','');
 QuarantineFile('C:\Documents and Settings\NetworkService\Application Data\Dmaaad.exe','');
 DeleteFile('C:\Documents and Settings\NetworkService\Application Data\Dmaaad.exe');
 RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Dmaaad');
 RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Dmaaad');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Dmaaad');
 DeleteFile('C:\Documents and Settings\Администратор\Application Data\Xkaaax.exe');
 DeleteFile('c:\RECYCLER\S-6-5-21-1482476501-1644491937-1282847265-1013\ATm.exe');
 DeleteFile('C:\WINDOWS\system32\00.scr');
 DeleteFile('C:\WINDOWS\system32\03.exe');
 DeleteFile('C:\WINDOWS\system32\03.scr');
 DeleteFile('C:\WINDOWS\system32\06.scr');
 DeleteFile('C:\WINDOWS\system32\08.scr');
 DeleteFile('C:\WINDOWS\system32\10.exe');
 DeleteFile('C:\WINDOWS\system32\10.scr');
 DeleteFile('C:\WINDOWS\system32\11.exe');
 DeleteFile('C:\WINDOWS\system32\11.scr');
 DeleteFile('C:\WINDOWS\system32\13.scr');
 DeleteFile('C:\WINDOWS\system32\14.scr');
 DeleteFile('C:\WINDOWS\system32\15.scr');
 DeleteFile('C:\WINDOWS\system32\20.scr');
 DeleteFile('C:\WINDOWS\system32\21.scr');
 DeleteFile('C:\WINDOWS\system32\22.scr');
 DeleteFile('C:\WINDOWS\system32\23.scr');
 DeleteFile('C:\WINDOWS\system32\27.exe');
 DeleteFile('C:\WINDOWS\system32\27.scr');
 DeleteFile('C:\WINDOWS\system32\30.scr');
 DeleteFile('C:\WINDOWS\system32\32.exe');
 DeleteFile('C:\WINDOWS\system32\32.scr');
 DeleteFile('C:\WINDOWS\system32\33.scr');
 DeleteFile('C:\WINDOWS\system32\38.scr');
 DeleteFile('C:\WINDOWS\system32\42.scr');
 DeleteFile('C:\WINDOWS\system32\47.exe');
 DeleteFile('C:\WINDOWS\system32\50.scr');
 DeleteFile('C:\WINDOWS\system32\53.scr');
 DeleteFile('C:\WINDOWS\system32\54.scr');
 DeleteFile('C:\WINDOWS\system32\55.scr');
 DeleteFile('C:\WINDOWS\system32\58.scr');
 DeleteFile('C:\WINDOWS\system32\63.scr');
 DeleteFile('C:\WINDOWS\system32\66.scr');
 DeleteFile('C:\WINDOWS\system32\67.scr');
 DeleteFile('C:\WINDOWS\system32\68.scr');
 DeleteFile('C:\WINDOWS\system32\71.scr');
 DeleteFile('C:\WINDOWS\system32\72.scr');
 DeleteFile('C:\WINDOWS\system32\73.scr');
 DeleteFile('C:\WINDOWS\system32\74.scr');
 DeleteFile('C:\WINDOWS\system32\75.scr');
 DeleteFile('C:\WINDOWS\system32\76.exe');
 DeleteFile('C:\WINDOWS\system32\82.exe');
 DeleteFile('C:\WINDOWS\system32\82.scr');
 DeleteFile('C:\WINDOWS\system32\84.exe');
 DeleteFile('C:\WINDOWS\system32\84.scr');
 DeleteFile('C:\WINDOWS\system32\85.exe');
 DeleteFile('C:\WINDOWS\system32\85.scr');
 DeleteFile('C:\WINDOWS\system32\86.scr');
 DeleteFile('C:\WINDOWS\system32\87.scr');
 DeleteFile('C:\WINDOWS\system32\88.exe');
 BC_ImportAll;
 ExecuteSysClean;
 ExecuteWizard('TSW', 2, 2, true);
 ExecuteWizard('SCU', 2, 2, true);
 BC_Activate;
 RebootWindows(true);
end.
    После перезагрузки:
    - выполните такой скрипт
    Код:
    begin
  CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
 end.
    - Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы

    Обновите систему
    - Установите Internet-Explorer 8.(даже если Вы его не используете)
    - Поставте все последние обновления системы Windows - тут

    После обновления:
    - Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log)
    - Сделайте лог MBAM
  5. 19.05.2011, 14:24 #4
    Pace
    Pace вне форума
    Junior Member Репутация
    Регистрация
    02.04.2010
    Сообщений
    22
    Вес репутации
    52
    polword, Все сделал как вы сказали.
    Прикрепил логи.
  6. 19.05.2011, 18:06 #5
    polword
    polword вне форума
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    23.06.2009
    Адрес
    Пермь
    Сообщений
    11,186
    Вес репутации
    551
    - Выполните скрипт в AVZ
    Код:
    begin
 DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
 QuarantineFile('c:\documents and settings\networkservice\application data\ghsyg.exe','');
QuarantineFile('c:\documents and settings\networkservice\application data\robbf.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\035718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\039703.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\041765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\041843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\043171.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\043359.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5635703.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5639671.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5641750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5641843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5641921.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5642781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5735703.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5739859.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2341828.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2342218.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3641656.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3641843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3642359.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4641750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4641859.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4642562.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\46430.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\304246.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1341765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1341781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1641765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1741765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1741781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2841812.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2842437.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4141734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4141843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4142609.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4143500.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5135687.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5141750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5141843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5142187.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5142421.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5142906.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\735750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\739984.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\741765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\741843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\742328.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\742546.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3241843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3242453.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5335687.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5341750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5341843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5341921.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5342468.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5935734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5940343.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5941765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5941843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5941937.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5942843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\435718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\440281.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\441765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\441812.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\441843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\441906.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4841750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4841843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4842234.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4842625.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1541765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1541781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3751578.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3841734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3841843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3842359.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3842671.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5535703.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5539671.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5541750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1135765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1139843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1141765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1241765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1241781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1841765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1841796.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1941765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\19420.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2541828.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2542156.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3041875.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3341843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3342484.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\335718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\339828.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\341765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\341843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\342187.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3441843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3441890.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4241734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4241843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4242656.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4242734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\935734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\939859.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\941765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3941781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3941843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3942578.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3942937.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4541750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4541843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4542531.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4542578.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3741656.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3741875.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3743203.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4741750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4741843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4742531.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4742796.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4935671.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4941750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4941875.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4941937.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4942390.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5235687.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5237437.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5241750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5241843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5243234.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5243562.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5741843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5741859.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5742109.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3541687.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3541859.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3543625.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\635734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\640375.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\641765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\641843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\642171.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\135734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\141765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\141843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\143781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1441765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\14446.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2041765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2042234.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2141765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2142546.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2241796.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2243718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5541843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5741750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\235718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2400.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\241765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\241843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\241906.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2441828.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2442812.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2641812.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2642984.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2741812.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2742390.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2941812.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\2942390.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\3141843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4041734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4041890.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4042843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4042875.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4341796.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4341875.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4342656.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4342718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\535718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\539890.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\541765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\541812.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\541843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\541906.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5435718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5439671.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5441750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5441843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5442281.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5443218.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4441765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4441843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\444215.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\4442875.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\835734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\841765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\841781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\844765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5035671.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5041750.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5041843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5042531.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5042718.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\554215.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5542828.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5835703.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5839734.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5841828.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5841843.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5841953.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\5842437.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1035781.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\application data\1041765.exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0MNY3LG5\dci[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0MNY3LG5\dci[2].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0MNY3LG5\myms[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\5Q41FHX0\200[3].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\5Q41FHX0\dci[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\CHOIQKIM\200[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\CHOIQKIM\sms[3].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\CHOIQKIM\sms[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\CHOIQKIM\sms[2].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\EDZ8KLET\200[1].exe','');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\EDZ8KLET\dci[2].exe','');
QuarantineFile('c:\documents and settings\администратор\application data\visdrive.exe','');
QuarantineFile('c:\documents and settings\администратор\application data\D.tmp','');
QuarantineFile('c:\documents and settings\администратор\application data\Dmaaad.exe','');
QuarantineFile('c:\documents and settings\администратор\application data\10.tmp','');
QuarantineFile('c:\documents and settings\администратор\application data\16.tmp','');
QuarantineFile('c:\documents and settings\администратор\application data\17.tmp','');
QuarantineFile('c:\documents and settings\администратор\application data\1F.tmp','');
QuarantineFile('c:\documents and settings\администратор\application data\21.tmp','');
QuarantineFile('c:\documents and settings\администратор\application data\29.tmp','');
QuarantineFile('c:\documents and settings\администратор\application data\47.tmp','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\1346796.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\1436375.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\1643359.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\1958984.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\2030375.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\2231437.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\5717484.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\5817484.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\5817500.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\739250.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\811890.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\82962.exe','');
QuarantineFile('c:\documents and settings\администратор\local settings\application data\829984.exe','');
 DeleteFile('c:\WINDOWS\logfile32.txt');
  CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
 DeleteFileMask('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5', '*.*', true);
end.
    - Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы
    - удалите в MBAMвсе кроме этой строки
    Код:
    c:\program files\total commander\Plugins\arc\Default.sfx (Malware.Packer.Gen) -> No action taken.
    - Сделайте повторный лог MBAM
  7. 20.05.2011, 18:06 #6
    CyberHelper
    CyberHelper вне форума
    Cybernetic Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.12.2008
    Сообщений
    48,233
    Вес репутации
    977

    Итог лечения

    Статистика проведенного лечения:
    • Получено карантинов: 1
    • Обработано файлов: 143
    • В ходе лечения обнаружены вредоносные программы:
      1. c:\\documents and settings\\networkservice\\application data\\dmaaad.exe - Trojan.Win32.Menti.gkte ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.KD.224460, AVAST4: Win32:Malware-gen )
      2. c:\\documents and settings\\администратор\\application data\\xkaaax.exe - Worm.Win32.Ngrbot.ajl ( DrWEB: BackDoor.Siggen.31020, BitDefender: Trojan.Generic.KD.224567, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:FakeAV-BTN [Trj] )
      3. c:\\windows\\system32\\03.exe - Trojan.Win32.Menti.gktd ( DrWEB: BackDoor.Siggen.31020, BitDefender: Trojan.Generic.KD.224567, NOD32: Win32/TrojanDownloader.Agent.QQN trojan, AVAST4: Win32:Malware-gen )
      4. c:\\windows\\system32\\10.exe - Trojan.Win32.Menti.gktd ( DrWEB: BackDoor.Siggen.31020, BitDefender: Trojan.Generic.KD.224567, NOD32: Win32/TrojanDownloader.Agent.QQN trojan, AVAST4: Win32:Malware-gen )
      5. c:\\windows\\system32\\11.exe - Trojan.Win32.Menti.gktd ( DrWEB: BackDoor.Siggen.31020, BitDefender: Trojan.Generic.KD.224567, NOD32: Win32/TrojanDownloader.Agent.QQN trojan, AVAST4: Win32:Malware-gen )
      6. c:\\windows\\system32\\32.exe - Trojan.Win32.Menti.gktf ( DrWEB: BackDoor.Siggen.31020, BitDefender: Worm.Generic.333900, AVAST4: Win32:Malware-gen )
      7. c:\\windows\\system32\\47.exe - Trojan.Win32.Menti.gktf ( DrWEB: BackDoor.Siggen.31020, BitDefender: Worm.Generic.333900, AVAST4: Win32:Malware-gen )
      8. c:\\windows\\system32\\76.exe - Trojan.Win32.Menti.gktf ( DrWEB: BackDoor.Siggen.31020, BitDefender: Worm.Generic.333900, AVAST4: Win32:Malware-gen )
      9. c:\\windows\\system32\\82.exe - Trojan.Win32.Menti.gktf ( DrWEB: BackDoor.Siggen.31020, BitDefender: Worm.Generic.333900, AVAST4: Win32:Malware-gen )
      10. c:\\windows\\system32\\84.exe - Trojan.Win32.Menti.gktd ( DrWEB: BackDoor.Siggen.31020, BitDefender: Trojan.Generic.KD.224567, NOD32: Win32/TrojanDownloader.Agent.QQN trojan, AVAST4: Win32:Malware-gen )
      11. c:\\windows\\system32\\85.exe - Trojan.Win32.Menti.gktd ( DrWEB: BackDoor.Siggen.31020, BitDefender: Trojan.Generic.KD.224567, NOD32: Win32/TrojanDownloader.Agent.QQN trojan, AVAST4: Win32:Malware-gen )
      12. c:\\windows\\system32\\88.exe - Trojan.Win32.Menti.gktd ( DrWEB: BackDoor.Siggen.31020, BitDefender: Trojan.Generic.KD.224567, NOD32: Win32/TrojanDownloader.Agent.QQN trojan, AVAST4: Win32:Malware-gen )

  • Уважаемый(ая) Pace, наши специалисты оказали Вам всю возможную помощь по вашему обращению.

    В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:

     

     

    Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:

     

     

    Anti-Malware VK

     

    Anti-Malware Telegram

     

     

    Надеемся больше никогда не увидеть ваш компьютер зараженным!

     

    Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.

    • « Предыдущая тема | Следующая тема »

    Похожие темы

    1. 2 процесса svchost.exe загружают систему на 100%
      От Смирвл в разделе Помогите!
      Ответов: 2
      Последнее сообщение: 03.06.2011, 12:15
    2. Непонятные процессы загружают систему
      От Pace в разделе Помогите!
      Ответов: 2
      Последнее сообщение: 18.05.2011, 21:19
    3. svchost.exe и services.exe периодически загружают систему
      От p1j1k в разделе Помогите!
      Ответов: 7
      Последнее сообщение: 18.10.2010, 16:37
    4. Winlogon и Svchost.exe чудовищно загружают систему (заявка №26334)
      От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
      Ответов: 2
      Последнее сообщение: 29.07.2010, 21:00
    5. explorer.exe и services.exe загружают систему
      От Storog в разделе Помогите!
      Ответов: 1
      Последнее сообщение: 07.01.2010, 18:00

    Свернуть/Развернуть Ваши права в разделе

    • Вы не можете создавать новые темы
    • Вы не можете отвечать в темах
    • Вы не можете прикреплять вложения
    • Вы не можете редактировать свои сообщения
    •  

    Правила форума

    Page generated in 0.00895 seconds with 19 queries