Нашел на компе куча вирусов боюсь еще не все чисто,пожалуйста проверьте логи
Нашел на компе куча вирусов боюсь еще не все чисто,пожалуйста проверьте логи
Последний раз редактировалось nvhost; 24.11.2008 в 07:41.
Я бы сказал у вас далеко не чисто
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Пришлите карантин по правилам и повторите логи...Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\wini10543.exe',''); QuarantineFile('C:\WINDOWS\system32\wini10541.exe',''); QuarantineFile('C:\WINDOWS\system32\scui.cpl',''); QuarantineFile('C:\Program Files\AntiSpywareXP2009\Uninstall.exe',''); QuarantineFile('C:\Documents and Settings\Лорочка.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\IDYQ7K0K\Install[1].exe',''); QuarantineFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\RYQO1H6D\Install[1].exe',''); QuarantineFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temp\loader.exe',''); QuarantineFile('c:\windows\system32\karna.dat',''); QuarantineFile('C:\WINDOWS\System32\brastk.exe',''); DeleteService('Winyo63'); DeleteService('Winyo42'); DeleteService('Winyn84'); DeleteService('Winyn52'); DeleteService('Winym08'); DeleteService('Winyl73'); DeleteService('Winyj08'); DeleteService('Winxl54'); DeleteService('Winwm06'); DeleteService('Winwl85'); DeleteService('Winwl73'); DeleteService('Winwj10'); DeleteService('Winwi87'); DeleteService('Winvj28'); DeleteService('Winvg87'); DeleteService('Winvg76'); DeleteService('Winui32'); DeleteService('Winti84'); DeleteService('Wintf85'); DeleteService('Wintf31'); DeleteService('Winse76'); DeleteService('Winse30'); DeleteService('Winrf74'); DeleteService('Winqe28'); DeleteService('Winpg42'); DeleteService('Winpd63'); DeleteService('Winpd52'); DeleteService('Winpc28'); DeleteService('Winoh30'); DeleteService('Winod74'); DeleteService('Winoc52'); DeleteService('Winny08'); DeleteService('Winnx27'); DeleteService('Winnx06'); DeleteService('Winmy65'); DeleteService('Winmx07'); DeleteService('Winmw43'); DeleteService('Winmb41'); DeleteService('Winkx64'); DeleteService('Winku21'); DeleteService('Winjw30'); DeleteService('Winjv62'); DeleteService('Winjv20'); DeleteService('Winju75'); DeleteService('Winjt12'); DeleteService('Winja75'); DeleteService('Winix10'); DeleteService('Winio63'); DeleteService('Winhx20'); DeleteService('Winhw53'); DeleteService('Winht44'); DeleteService('Winhs64'); DeleteService('Winhs63'); DeleteService('Wingt30'); DeleteService('Wingr76'); DeleteService('Wingr31'); DeleteService('Wingp84'); DeleteService('Winft32'); DeleteService('Wines74'); DeleteService('Wines52'); DeleteService('Wines42'); DeleteService('Winep08'); DeleteService('Windy21'); DeleteService('Windt07'); DeleteService('Winds56'); DeleteService('Windr62'); DeleteService('Windo31'); DeleteService('Wincu10'); DeleteService('Winbq42'); DeleteService('Winbo62'); DeleteService('Winbo30'); DeleteService('Winbo08'); DeleteService('Winas18'); DeleteService('Winao06'); DeleteService('Winan40'); DeleteService('Winam32'); QuarantineFile('C:\WINDOWS\System32\drivers\Winyo63.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winyo42.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winyn84.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winyn52.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winym08.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winyl73.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winyj08.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winxl54.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winwm06.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winwl85.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winwl73.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winwj10.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winwi87.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winvj28.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winvg87.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winvg76.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winui32.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winti84.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wintf85.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wintf31.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winsk21.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winsg17.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winse76.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winse30.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winrf74.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winqe28.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winpg42.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winpd63.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winpd52.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winpc28.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winox54.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winoj87.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winoh30.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winoc52.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winny08.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winnx27.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winnx06.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winmy65.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winmx07.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winmw43.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winmb41.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winla74.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winkx64.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winjw30.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winjv62.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winjv20.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winju75.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winjt12.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winja75.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winix10.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winit75.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winio63.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winhx20.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winhw53.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winht44.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winhs64.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winhs63.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wingt30.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wingr76.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wingr31.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wingp84.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winft32.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winfr64.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wines74.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wines52.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wines42.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wineq06.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winep08.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Windy21.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Windt07.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winds56.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Windr62.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Windo31.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Wincu10.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winbq42.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winbp28.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winbo62.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winbo30.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winbo08.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winas18.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winao06.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winan40.sys',''); QuarantineFile('C:\WINDOWS\System32\drivers\Winam32.sys',''); DeleteService('ethooklj'); QuarantineFile('C:\WINDOWS\system32\drivers\ethooklj.sys',''); DeleteService('WZCSVCBrowser'); DeleteService('Wmilanmanserver'); DeleteService('WmiApSrvNtmsSvcAlerter'); DeleteService('winmgmtSharedAccess'); DeleteService('VSSWmdmPmSpCryptSvcEventlogdmserver'); DeleteService('VSSWmdmPmSp'); DeleteService('uploadmgrClipSrvSysmonLoglanmanserver'); DeleteService('TrkWkslanmanserverlanmanserverDhcp'); DeleteService('TrkWkslanmanserverlanmanserver'); DeleteService('TlntSvrTrkWks'); DeleteService('stisvcResetRpcLocatoruploadmgr'); DeleteService('stisvcResetRpcLocatordmadminShellHWDetection'); DeleteService('stisvcResetRpcLocatordmadminlanmanserverlanmanserver'); DeleteService('stisvcResetRpcLocatorCryptSvcEventlog'); DeleteService('stisvcResetRpcLocator'); DeleteService('stisvcEventSystemCryptSvcEventlogDhcpAppMgmtAudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); DeleteService('stisvcEventSystemCryptSvcEventlogDhcpAppMgmt'); DeleteService('stisvcEventSystem'); DeleteService('SSDPSRVTapiSrvSamSsSCardDrvMessenger'); DeleteService('SSDPSRVTapiSrv'); DeleteService('srserviceDnscacheBrowserRSVPBrowserDhcp'); DeleteService('srserviceDnscacheBrowserRSVPBrowser'); DeleteService('SpoolerSCardSvr'); DeleteService('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmiCryptSvcSamSs'); DeleteService('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); DeleteService('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvcSCardDrvWebClient'); DeleteService('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvc'); DeleteService('SharedAccessAppMgmtNetmanCOMSysApp'); DeleteService('SharedAccessAppMgmt'); DeleteService('SENSNetDDEdsdm'); DeleteService('ScheduleRSVPBrowserMDMRemoteRegistryResetRpcLocator'); DeleteService('ScheduleRSVPBrowser'); DeleteService('SCardDrvWebClient'); DeleteService('SCardDrvSamSsSCardDrvMessenger'); DeleteService('SCardDrvMessenger'); DeleteService('SamSsSCardDrvMessenger'); DeleteService('RSVPose'); DeleteService('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan'); DeleteService('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserver'); DeleteService('RpcSsWebClient'); DeleteService('RpcSsRemoteRegistryuploadmgr'); DeleteService('RpcLocatorSharedAccessAppMgmt'); DeleteService('RpcLocatorRasManNtLmSsp'); DeleteService('RpcLocatorRasMan'); DeleteService('ResetRpcLocator'); DeleteService('RemoteRegistryuploadmgr'); DeleteService('RemoteRegistryResetRpcLocatorRSVPose'); DeleteService('RemoteRegistryResetRpcLocator'); DeleteService('RemoteRegistrylanmanserverlanmanserverTapiSrv'); DeleteService('PolicyAgentlanmanworkstation'); DeleteService('PolicyAgentEventlogAVPSSDPSRV'); DeleteService('PolicyAgentEventlog'); DeleteService('osesrservice'); DeleteService('NtmsSvcAppMgmt'); DeleteService('NtmsSvcAlerter'); DeleteService('NtLmSspRemoteRegistryResetRpcLocator'); DeleteService('NetmanCOMSysApp'); DeleteService('NetlogonMessenger'); DeleteService('MSDTCNtLmSspsrservice'); DeleteService('MSDTCNtLmSsp'); DeleteService('MSDTCCiSvc'); DeleteService('MDMRemoteRegistryResetRpcLocatorAppMgmt'); DeleteService('MDMRemoteRegistryResetRpcLocator'); DeleteService('LmHostswuauserv'); DeleteService('lanmanserverlanmanserverTapiSrv'); DeleteService('lanmanserverlanmanserver'); DeleteService('lanmanserverAVPProtectedStorage'); DeleteService('lanmanserverAVP'); DeleteService('lanmanserver 5'); DeleteService('HidServRpcSs'); DeleteService('HidServMSIServer'); DeleteService('EventlogdmadminBITS'); DeleteService('Eventlogdmadmin'); DeleteService('ERSvcRpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan'); DeleteService('DnscacheBrowserRSVPBrowser'); DeleteService('dmadminuploadmgrseclogon'); DeleteService('dmadminuploadmgrERSvcAudioSrvCiSvc'); DeleteService('dmadminuploadmgrERSvc'); DeleteService('dmadminuploadmgr'); DeleteService('DhcpTermService'); DeleteService('DhcpMSDTCCiSvc'); DeleteService('DhcpAppMgmt'); DeleteService('CryptSvcupnphost'); DeleteService('CryptSvcSamSs'); DeleteService('CryptSvcEventlogImapiServiceNtmsSvcAlerterlanmanserverlanmanserverTapiSrv'); DeleteService('CryptSvcEventlogEventlogdmadminBITS'); DeleteService('CryptSvcEventlogdmserver'); DeleteService('CryptSvcEventlogDhcpAppMgmt'); DeleteService('CryptSvcEventlog'); DeleteService('ClipSrvSysmonLogWebClientWmiSSDPSRVTapiSrv'); DeleteService('ClipSrvSysmonLogWebClientWmiBrowserFastUserSwitchingCompatibility'); DeleteService('ClipSrvSysmonLogWebClientWmi'); DeleteService('ClipSrvSysmonLogWebClient'); DeleteService('ClipSrvSysmonLoglanmanserverAVP'); DeleteService('ClipSrvSysmonLoglanmanserver'); DeleteService('CiSvcClipSrvSysmonLogWebClient'); DeleteService('CiSvcAudioSrv'); DeleteService('BrowserRSVPBrowser'); DeleteService('BrowserFastUserSwitchingCompatibility'); DeleteService('BITSMSDTCNtLmSsp'); DeleteService('AVPSSDPSRV'); DeleteService('AudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); DeleteService('AudioSrvCiSvc'); DeleteService('AppMgmtNetDDEdsdm'); QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll',''); QuarantineFile('C:\WINDOWS\System32\uthn.exe',''); QuarantineFile('C:\WINDOWS\system32\linkinoo.dll',''); DeleteFile('C:\WINDOWS\system32\linkinoo.dll'); DeleteFile('C:\WINDOWS\System32\uthn.exe'); DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll'); DeleteFile('C:\WINDOWS\system32\drivers\ethooklj.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winam32.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winan40.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winao06.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winas18.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winbo08.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winbo30.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winbo62.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winbp28.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winbq42.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wincu10.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Windo31.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Windr62.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winds56.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Windt07.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Windy21.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winep08.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wineq06.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wines42.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wines52.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wines74.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winfr64.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winft32.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wingp84.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wingr31.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wingr76.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wingt30.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winhs63.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winhs64.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winht44.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winhw53.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winhx20.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winio63.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winit75.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winix10.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winja75.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winjt12.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winju75.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winjv20.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winjv62.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winjw30.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winku21.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winla74.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winmb41.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winmw43.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winmx07.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winmy65.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winnx06.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winnx27.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winny08.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winoc52.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winod74.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winoh30.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winoj87.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winox54.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winpc28.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winpd52.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winpd63.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winpg42.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winqe28.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winrf74.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winse30.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winse76.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winsg17.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winsk21.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wintf31.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Wintf85.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winti84.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winui32.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winvg76.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winvg87.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winvj28.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winwi87.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winwj10.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winwl73.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winwl85.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winwm06.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winxl54.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winyj08.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winyl73.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winym08.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winyn52.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winyn84.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winyo42.sys'); DeleteFile('C:\WINDOWS\System32\drivers\Winyo63.sys'); DeleteFile('C:\WINDOWS\System32\blphc11oj0epwo.scr'); DeleteFile('C:\WINDOWS\System32\brastk.exe'); DeleteFile('c:\windows\system32\karna.dat'); DeleteFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temp\loader.exe'); DeleteFile('C:\Documents and Settings\Администратор.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\RYQO1H6D\Install[1].exe'); DeleteFile('C:\Documents and Settings\Лорочка.9J8UNZ3JRBBKHY5\Local Settings\Temporary Internet Files\Content.IE5\IDYQ7K0K\Install[1].exe'); DeleteFile('C:\Program Files\AntiSpywareXP2009\Uninstall.exe'); DeleteFile('C:\WINDOWS\system32\scui.cpl'); DeleteFile('C:\WINDOWS\system32\wini10541.exe'); DeleteFile('C:\WINDOWS\system32\wini10543.exe'); BC_ImportALL; ExecuteSysClean; BC_Activate; ExecuteRepair(5); ExecuteRepair(6); ExecuteRepair(13); RebootWindows(true); end.
Логи повтор
Последний раз редактировалось nvhost; 24.11.2008 в 07:41.
Пофиксить
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".Код:O20 - AppInit_DLLs: c:\windows\system32\karna.dat O20 - Winlogon Notify: reset5 - C:\WINDOWS\ O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) O21 - SSODL: UpdateCheck - {0DDD1A25-BE60-4DAC-AACA-4E440EC87AC4} - (no file)
Повторите логи...Код:begin SetAVZGuardStatus(True); BC_DeleteSvc('Winkx64'); BC_DeleteSvc('WZCSVCBrowser'); BC_DeleteSvc('Wmilanmanserver'); BC_DeleteSvc('WmiApSrvNtmsSvcAlerter'); BC_DeleteSvc('winmgmtSharedAccess'); BC_DeleteSvc('VSSWmdmPmSpCryptSvcEventlogdmserver'); BC_DeleteSvc('VSSWmdmPmSp'); BC_DeleteSvc('uploadmgrClipSrvSysmonLoglanmanserver'); BC_DeleteSvc('TrkWkslanmanserverlanmanserverDhcp'); BC_DeleteSvc('TrkWkslanmanserverlanmanserver'); BC_DeleteSvc('TlntSvrTrkWks'); BC_DeleteSvc('stisvcResetRpcLocatoruploadmgr'); BC_DeleteSvc('stisvcResetRpcLocatordmadminShellHWDetection'); BC_DeleteSvc('stisvcResetRpcLocatordmadminlanmanserverlanmanserver'); BC_DeleteSvc('stisvcResetRpcLocator'); BC_DeleteSvc('stisvcEventSystemCryptSvcEventlogDhcpAppMgmt'); BC_DeleteSvc('stisvcEventSystem'); BC_DeleteSvc('SSDPSRVTapiSrvSamSsSCardDrvMessenger'); BC_DeleteSvc('SSDPSRVTapiSrv'); BC_DeleteSvc('srserviceDnscacheBrowserRSVPBrowser'); BC_DeleteSvc('SpoolerSCardSvr'); BC_DeleteSvc('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmiCryptSvcSamSs'); BC_DeleteSvc('SpoolerAudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); BC_DeleteSvc('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvcSCardDrvWebClient'); BC_DeleteSvc('SharedAccessAppMgmtNetmanCOMSysAppMSDTCCiSvc'); BC_DeleteSvc('SharedAccessAppMgmtNetmanCOMSysApp'); BC_DeleteSvc('SharedAccessAppMgmt'); BC_DeleteSvc('SENSNetDDEdsdm'); BC_DeleteSvc('ScheduleRSVPBrowserMDMRemoteRegistryResetRpcLocator'); BC_DeleteSvc('ScheduleRSVPBrowser'); BC_DeleteSvc('SCardDrvWebClient'); BC_DeleteSvc('SCardDrvSamSsSCardDrvMessenger'); BC_DeleteSvc('SCardDrvMessenger'); BC_DeleteSvc('SamSsSCardDrvMessenger'); BC_DeleteSvc('RSVPBrowser'); BC_DeleteSvc('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserver'); BC_DeleteSvc('RpcSsWebClient'); BC_DeleteSvc('RpcSsRemoteRegistryuploadmgr'); BC_DeleteSvc('RpcLocatorSharedAccessAppMgmt'); BC_DeleteSvc('RpcLocatorRasManNtLmSsp'); BC_DeleteSvc('ResetRpcLocator'); BC_DeleteSvc('RemoteRegistryResetRpcLocator'); BC_DeleteSvc('RemoteRegistrylanmanserverlanmanserverTapiSrv'); BC_DeleteSvc('PolicyAgentlanmanworkstation'); BC_DeleteSvc('PolicyAgentEventlogAVPSSDPSRV'); BC_DeleteSvc('osesrservice'); BC_DeleteSvc('NtmsSvcAppMgmt'); BC_DeleteSvc('NtmsSvcAlerterlanmanserverlanmanserverTapiSrv'); BC_DeleteSvc('NetmanCOMSysApp'); BC_DeleteSvc('NetlogonMessenger'); BC_DeleteSvc('MSDTCNtLmSspsrservice'); BC_DeleteSvc('MSDTCNtLmSsp'); BC_DeleteSvc('MSDTCCiSvc'); BC_DeleteSvc('MDMRemoteRegistryResetRpcLocatorAppMgmt'); BC_DeleteSvc('MDMRemoteRegistryResetRpcLocator'); BC_DeleteSvc('LmHostswuauserv'); BC_DeleteSvc('lanmanserverlanmanserverTapiSrv'); BC_DeleteSvc('lanmanserverlanmanserver'); BC_DeleteSvc('lanmanserverAVP'); BC_DeleteSvc('ImapiServiceNtmsSvcAlerterlanmanserverlanmanserverTapiSrv'); BC_DeleteSvc('HidServRpcSs'); BC_DeleteSvc('HidServMSIServer'); BC_DeleteSvc('EventlogdmadminBITS'); BC_DeleteSvc('Eventlogdmadmin'); BC_DeleteSvc('ERSvcRpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan'); BC_DeleteSvc('DnscacheBrowserRSVPBrowser'); BC_DeleteSvc('dmadminuploadmgrseclogon'); BC_DeleteSvc('dmadminuploadmgrERSvcAudioSrvCiSvc'); BC_DeleteSvc('dmadminuploadmgrERSvc'); BC_DeleteSvc('dmadminuploadmgr'); BC_DeleteSvc('DhcpTermService'); BC_DeleteSvc('DhcpMSDTCCiSvc'); BC_DeleteSvc('DhcpAppMgmt'); BC_DeleteSvc('CryptSvcupnphost'); BC_DeleteSvc('CryptSvcSamSs'); BC_DeleteSvc('CryptSvcEventlogImapiServiceNtmsSvcAlerterlanmanserverlanmanserverTapiSrv'); BC_DeleteSvc('CryptSvcEventlogEventlogdmadminBITS'); BC_DeleteSvc('CryptSvcEventlogdmserver'); BC_DeleteSvc('CryptSvcEventlogDhcpAppMgmt'); BC_DeleteSvc('CryptSvcEventlog'); BC_DeleteSvc('ClipSrvSysmonLogWebClientWmiSSDPSRVTapiSrv'); BC_DeleteSvc('ClipSrvSysmonLogWebClientWmiClipSrvSysmonLogWebClient'); BC_DeleteSvc('ClipSrvSysmonLogWebClientWmiBrowserFastUserSwitchingCompatibility'); BC_DeleteSvc('ClipSrvSysmonLogWebClientWmi'); BC_DeleteSvc('ClipSrvSysmonLogWebClient'); BC_DeleteSvc('ClipSrvSysmonLoglanmanserverAVP'); BC_DeleteSvc('ClipSrvSysmonLoglanmanserver'); BC_DeleteSvc('ClipSrvSysmonLog'); BC_DeleteSvc('CiSvcClipSrvSysmonLogWebClient'); BC_DeleteSvc('CiSvcAudioSrv'); BC_DeleteSvc('BrowserRSVPBrowser'); BC_DeleteSvc('BrowserFastUserSwitchingCompatibility'); BC_DeleteSvc('BITSMSDTCNtLmSsp'); BC_DeleteSvc('AVPSSDPSRV'); BC_DeleteSvc('AudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); BC_DeleteSvc('AudioSrvCiSvcAudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); BC_DeleteSvc('AppMgmtNetDDEdsdm'); DeleteFile('C:\WINDOWS\System32\drivers\Winkx64.sys'); DeleteFile('c:\windows\system32\karna.dat'); DeleteFile('WinCtrl32.dll'); DeleteFile('C:\WINDOWS\system32\drivers\Winir40.sys'); DeleteFile('C:\WINDOWS\system32\drivers\Winkx64.sys'); DeleteFile('C:\WINDOWS\system32\drivers\Winnb17.sys'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Вот логи повтор,когда фиксил строку O20 - AppInit_DLLs: c:\windows\system32\karna.dat он написал ошибку,какую к сожалению не помню
Последний раз редактировалось nvhost; 06.12.2008 в 10:28.
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Повторите пункт 2 диагностики...Код:begin ClearQuarantine; SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteService('stisvcResetRpcLocatordmadmin'); DeleteService('stisvcResetRpcLocatorCryptSvcEventlog'); DeleteService('stisvcEventSystemCryptSvcEventlogDhcpAppMgmtAudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); DeleteService('srserviceDnscacheBrowserRSVPBrowserDhcp'); DeleteService('RSVPose'); DeleteService('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan'); DeleteService('RpcLocatorRasMan'); DeleteService('RemoteRegistryuploadmgr'); DeleteService('RemoteRegistryResetRpcLocatorRSVPose'); DeleteService('PolicyAgentEventlog'); DeleteService('NtmsSvcAlerter'); DeleteService('NtLmSspRemoteRegistryResetRpcLocator'); DeleteService('lanmanserverAVPProtectedStorage'); DeleteService('lanmanserver 5'); DeleteService('AudioSrvCiSvc'); BC_ImportDeletedList; ExecuteSysClean; BC_DeleteSvc('stisvcResetRpcLocatordmadmin'); BC_DeleteSvc('stisvcResetRpcLocatorCryptSvcEventlog'); BC_DeleteSvc('stisvcEventSystemCryptSvcEventlogDhcpAppMgmtAudioSrvCiSvcClipSrvSysmonLogWebClientWmi'); BC_DeleteSvc('srserviceDnscacheBrowserRSVPBrowserDhcp'); BC_DeleteSvc('RSVPose'); BC_DeleteSvc('RpcSsWebClientuploadmgrClipSrvSysmonLoglanmanserverRasMan'); BC_DeleteSvc('RpcLocatorRasMan'); BC_DeleteSvc('RemoteRegistryuploadmgr'); BC_DeleteSvc('RemoteRegistryResetRpcLocatorRSVPose'); BC_DeleteSvc('PolicyAgentEventlog'); BC_DeleteSvc('NtmsSvcAlerter'); BC_DeleteSvc('NtLmSspRemoteRegistryResetRpcLocator'); BC_DeleteSvc('lanmanserverAVPProtectedStorage'); BC_DeleteSvc('lanmanserver 5'); BC_DeleteSvc('AudioSrvCiSvc'); BC_Activate; RebootWindows(true); end.
Второй стандартный скрипт...
%SystemRoot%\System32\dimsntfy.dll - файлик на диске поищите.
Павел
AVZ HijackThis помощь с 10-00 до 18-00МСК
Windows7, SEP(work)
WindowsXP KIS(home)
На up не реагирую
Логи повторите для начала...
Вот повтор логов
Последний раз редактировалось nvhost; 06.12.2008 в 10:28.
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Повторите 3 стандартный скрипт...Код:begin ClearQuarantine; SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteFile('C:\WINDOWS\brastk.exe'); DeleteFile('C:\WINDOWS\system32\drivers\Winka53.sys'); DeleteFile('C:\WINDOWS\system32\drivers\Winpg31.sys'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
Повтор
Последний раз редактировалось nvhost; 06.12.2008 в 10:28.
Чисто...
Спасибо!!!!!!!!)))))))))))))))))))
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 291
- В ходе лечения обнаружены вредоносные программы:
- c:\\documents and settings\\администратор.9j8unz3jrbbkhy5\\local settings\\temp\\loader.exe - Trojan.Win32.Agent.zkv (DrWEB: Trojan.DownLoad.2077)
- c:\\documents and settings\\администратор.9j8unz3jrbbkhy5\\local settings\\temporary internet files\\content.ie5\\ryqo1h6d\\install[1].exe - not-a-virus:FraudTool.Win32.XPAntiSpyware2009.d (DrWEB: Trojan.Fakealert.1670)
- c:\\documents and settings\\лорочка.9j8unz3jrbbkhy5\\local settings\\temporary internet files\\content.ie5\\idyq7k0k\\install[1].exe - Trojan-Downloader.Win32.FraudLoad.vdkw (DrWEB: Trojan.Packed.1214)
- c:\\program files\\antispywarexp2009\\uninstall.exe - Trojan-Downloader.Win32.FraudLoad.vdkw (DrWEB: Trojan.Packed.1214)
- c:\\windows\\system32\\brastk.exe - Trojan-Downloader.Win32.Agent.amoo (DrWEB: Trojan.Packed.1214)
- c:\\windows\\system32\\drivers\\ethooklj.sys - Rootkit.Win32.Agent.cik (DrWEB: Trojan.Spambot.3546)
- c:\\windows\\system32\\drivers\\winam32.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winan40.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winao06.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winas18.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winbo08.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winbo30.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winbo62.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winbp28.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winbq42.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wincu10.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\windo31.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\windr62.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winds56.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\windt07.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\windy21.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winep08.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wineq06.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wines42.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wines52.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wines74.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winfr64.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winft32.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wingp84.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wingr31.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wingr76.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wingt30.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winhs63.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winhs64.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winht44.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winhw53.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winhx20.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winio63.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winir40.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winit75.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winix10.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winja75.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winjt12.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winju75.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winjv20.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winjv62.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winjw30.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winku21.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winkx64.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winla74.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winmb41.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winmw43.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winmx07.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winmy65.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winnb17.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winnx06.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winnx27.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winny08.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winoc52.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winod74.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winoh30.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winoj87.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winox54.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winpc28.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winpd52.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winpd63.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winpg42.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winqe28.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winrf74.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winse30.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winse76.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winsg17.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winsk21.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wintf31.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\wintf85.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winti84.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winui32.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winvg76.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winvg87.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winvj28.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winwi87.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winwj10.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winwl73.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winwl85.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winwm06.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winxl54.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winyj08.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winyl73.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winym08.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winyn52.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winyn84.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winyo42.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\drivers\\winyo63.sys - Trojan-Downloader.Win32.Mutant.aim (DrWEB: Trojan.Rntm.10)
- c:\\windows\\system32\\karna.dat - Backdoor.Win32.Small.gjm (DrWEB: Trojan.Proxy.1739)
- c:\\windows\\system32\\scui.cpl - not-a-virus:FraudTool.Win32.XPAntivirus.ld (DrWEB: Trojan.Fakealert.991)
- c:\\windows\\system32\\uthn.exe - Net-Worm.Win32.Kolab.aei (DrWEB: Trojan.Packed.650)
- c:\\windows\\system32\\winctrl32.dll - Trojan-Downloader.Win32.Mutant.bsz (DrWEB: BackDoor.Bulknet.300)
- c:\\windows\\system32\\wini10541.exe - Trojan-Downloader.Win32.FraudLoad.vdkw (DrWEB: Trojan.Packed.1214)
- c:\\windows\\system32\\wini10543.exe - Trojan-Downloader.Win32.FraudLoad.vdsr (DrWEB: Trojan.Packed.1214)
Уважаемый(ая) nvhost, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.