-
Junior Member
- Вес репутации
- 57
Eset взбесился ((
Eset взбесился, после обновления базы, запихнул в карантин около 60 файлов, говорит трояны (((
вот лог карантина:
07.10.2008 23:49:39 Real-time file system protection file C:\WINDOWS\system32\drivers\wdmaud.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:38 Real-time file system protection file C:\WINDOWS\system32\drivers\wanarp.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:37 Real-time file system protection file C:\WINDOWS\system32\drivers\usbstor.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:36 Real-time file system protection file C:\WINDOWS\system32\drivers\usbscan.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:36 Real-time file system protection file C:\WINDOWS\system32\drivers\usbprint.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:35 Real-time file system protection file C:\WINDOWS\system32\drivers\usbohci.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:34 Real-time file system protection file C:\WINDOWS\system32\drivers\usbhub.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:34 Real-time file system protection file C:\WINDOWS\system32\drivers\usbehci.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:33 Real-time file system protection file C:\WINDOWS\system32\drivers\usbccgp.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:32 Real-time file system protection file C:\WINDOWS\system32\drivers\update.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:32 Real-time file system protection file C:\WINDOWS\system32\drivers\sysaudio.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:31 Real-time file system protection file C:\WINDOWS\system32\drivers\swmidi.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:30 Real-time file system protection file C:\WINDOWS\system32\drivers\swenum.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:30 Real-time file system protection file C:\WINDOWS\system32\drivers\splitter.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:29 Real-time file system protection file C:\WINDOWS\system32\drivers\serenum.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:29 Real-time file system protection file C:\WINDOWS\system32\drivers\secdrv.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:28 Real-time file system protection file C:\WINDOWS\system32\drivers\rdpdr.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:28 Real-time file system protection file C:\WINDOWS\system32\drivers\raspti.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:27 Real-time file system protection file C:\WINDOWS\system32\drivers\raspppoe.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:26 Real-time file system protection file C:\WINDOWS\system32\drivers\rasl2tp.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:26 Real-time file system protection file C:\WINDOWS\system32\drivers\ptserlp.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:25 Real-time file system protection file C:\WINDOWS\system32\drivers\ptilink.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:25 Real-time file system protection file C:\WINDOWS\system32\drivers\psched.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:24 Real-time file system protection file C:\WINDOWS\system32\drivers\raspptp.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:23 Real-time file system protection file C:\WINDOWS\system32\drivers\pfc.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:23 Real-time file system protection file C:\WINDOWS\system32\drivers\pcouffin.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:21 Real-time file system protection file C:\WINDOWS\system32\drivers\parport.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:20 Real-time file system protection file C:\WINDOWS\system32\drivers\nwlnkfwd.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:20 Real-time file system protection file C:\WINDOWS\system32\drivers\nwlnkflt.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:19 Real-time file system protection file C:\WINDOWS\system32\drivers\nvenet.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:19 Real-time file system protection file C:\WINDOWS\system32\drivers\nv4_mini.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:17 Real-time file system protection file C:\WINDOWS\system32\drivers\ndiswan.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:17 Real-time file system protection file C:\WINDOWS\system32\drivers\ndisuio.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:16 Real-time file system protection file C:\WINDOWS\system32\drivers\ndistapi.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:16 Real-time file system protection file C:\WINDOWS\system32\drivers\msmpu401.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:15 Real-time file system protection file C:\WINDOWS\system32\drivers\mssmbios.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:14 Real-time file system protection file C:\WINDOWS\system32\drivers\mspqm.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:14 Real-time file system protection file C:\WINDOWS\system32\drivers\mspclock.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:13 Real-time file system protection file C:\WINDOWS\system32\drivers\mskssrv.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:13 Real-time file system protection file C:\WINDOWS\system32\drivers\mouhid.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:12 Real-time file system protection file C:\WINDOWS\system32\drivers\kmixer.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:11 Real-time file system protection file C:\WINDOWS\system32\drivers\irenum.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:11 Real-time file system protection file C:\WINDOWS\system32\drivers\ipnat.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:10 Real-time file system protection file C:\WINDOWS\system32\drivers\ipinip.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:10 Real-time file system protection file C:\WINDOWS\system32\drivers\ipfltdrv.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:09 Real-time file system protection file C:\WINDOWS\system32\drivers\ip6fw.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:08 Real-time file system protection file C:\WINDOWS\system32\drivers\http.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:08 Real-time file system protection file C:\WINDOWS\system32\drivers\hidusb.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:07 Real-time file system protection file C:\WINDOWS\system32\drivers\msgpc.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:06 Real-time file system protection file C:\WINDOWS\system32\drivers\gameenum.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:06 Real-time file system protection file C:\WINDOWS\system32\drivers\flpydisk.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:05 Real-time file system protection file C:\WINDOWS\system32\drivers\fdc.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:04 Real-time file system protection file C:\WINDOWS\system32\drivers\epfwndis.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:04 Real-time file system protection file C:\WINDOWS\system32\drivers\drmkaud.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:03 Real-time file system protection file C:\WINDOWS\system32\drivers\dmusic.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:03 Real-time file system protection file C:\WINDOWS\system32\drivers\btwusb.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:01 Real-time file system protection file C:\WINDOWS\system32\drivers\btwhid.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:01 Real-time file system protection file C:\WINDOWS\system32\drivers\btwdndis.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:49:00 Real-time file system protection file C:\WINDOWS\system32\drivers\btkrnl.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:59 Real-time file system protection file C:\WINDOWS\system32\drivers\btport.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:59 Real-time file system protection file C:\WINDOWS\system32\drivers\btaudio.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:58 Real-time file system protection file C:\WINDOWS\system32\drivers\audstub.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:57 Real-time file system protection file C:\WINDOWS\system32\drivers\atmarpc.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:57 Real-time file system protection file C:\WINDOWS\system32\drivers\asyncmac.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:56 Real-time file system protection file C:\WINDOWS\system32\drivers\alcxwdm.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:55 Real-time file system protection file C:\WINDOWS\system32\drivers\alcxsens.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
07.10.2008 23:48:55 Real-time file system protection file C:\WINDOWS\system32\drivers\aec.sys Win32/PSW.Chill.D trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wpv0423.cpx.
по-моему, часть из них, это драйвера подключения к интернету
а остальные? взгляните, пожалуйста, что-то подозрительно очень, не собрался ли он мне систему убить )
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
Надо выполнять правила А то вдруг НОД не взбесился, а прозрел...
Left home for a few days and look what happens...
-
-
Junior Member
- Вес репутации
- 57
может и прозрел, об этом уже не узнать. правила это хорошо, но если бы вы на секундочку заглянули в лог, то увидели бы, что все файлы из папки sistem32\drivers, потому и дала лог с есета, что с работающей машины антивирус удалить их не мог. а по правилам, надо перегрузиться в безопасный режим, соответсвенно после перезагрузки все удаляемые драйвера удалились окончательно, чем лишили систему функциональности, как тока клава осталась работать неизвестно... с машины исчезли все устройства вообще...
что ж, спасибо за помощь, после переустановки теперь система девственно чиста )
-
правила это хорошо, но если бы вы на секундочку заглянули в лог, то увидели бы, что все файлы из папки sistem32\drivers
Правила написаны отнюдь не с потолка. Лог с Eset не содержит полезной информации, потому как по именам файлов судить не о чем, лог АВЗ содержит контрольную сумму файла по которой уже можно сказать, действительно ли файл был изменен или заражен, или это глюк Нода.
PS: Нод лечить вирусы почти не умеет, эвристик это хорошо, только против вирусов он не спасает, собственно отсюда и результат
-
-
Junior Member
- Вес репутации
- 57
а нельзя ли сделать исследование без перезагрузки? а то может получиться как в моем случае, после нее уже никаких исследований не нада.