Junior Member
Вес репутации
57
Последствия после лже-программы Antivirus XP 2008
После удаления лже программы Antivirus XP 2008 и тщательной отчистки реестра в свойствах рабочего окна так и не восстановилась вкладка "заставка". При входе в систему,т.е. учетной записи на фоне (я так понял это просто картинка) появляется уведомление о том, что Ваш компьютер инфицирован.....
Как от этого избавиться? Нужна Ваша помощь.
К дополнению еще был обнаружен вирус Back.Door.Bulknet.225 в файле WinCntrl32.dll который DrWeb немог удалить, т.к. доспут к этому файлу был ограничен...после тщательной проверки DrWeb в безопасном режиме данный вирус пока не проявлялся.
Заранее благодарен.
Вся работа проделана строго по "Правилам"
Логи прилагаются
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Junior Member
Вес репутации
57
Логи не прикрепились....еще раз высылаю
Вложения
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\svchost.exe','');
DelBHO('{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}');
QuarantineFile('C:\WINDOWS\system32\braviax.exe','');
QuarantineFile('C:\WINDOWS\msvupdater.exe','');
DeleteService('Winye15');
DeleteService('Winye04');
DeleteService('Winyd48');
DeleteService('Winyd15');
DeleteService('Winxd48');
DeleteService('Winxc83');
DeleteService('Winxc50');
DeleteService('Winxc04');
DeleteService('Winwb50');
DeleteService('Winvb61');
DeleteService('Winva83');
DeleteService('Winva50');
DeleteService('Winva26');
DeleteService('Winuy83');
DeleteService('Winuy61');
DeleteService('Winty83');
DeleteService('Winty48');
DeleteService('Wintx26');
DeleteService('Winsx83');
DeleteService('Winsx72');
DeleteService('Winsw61');
DeleteService('Winsw26');
DeleteService('Winrw61');
DeleteService('Winrv61');
DeleteService('Winrv37');
DeleteService('Winrb56');
DeleteService('Winqu50');
DeleteService('Winqu48');
DeleteService('Winpu83');
DeleteService('Winpt83');
DeleteService('Winpt37');
DeleteService('Winot72');
DeleteService('Winos50');
DeleteService('Winns15');
DeleteService('Winns04');
DeleteService('Winnr83');
DeleteService('winmr04');
DeleteService('Winmq26');
DeleteService('Winlq83');
DeleteService('Winlq61');
DeleteService('Winkp72');
DeleteService('Winko61');
DeleteService('Winko48');
DeleteService('Winko04');
DeleteService('Winjo48');
DeleteService('Winjn48');
DeleteService('Winjn37');
DeleteService('Winin61');
DeleteService('Winin48');
DeleteService('Winim61');
DeleteService('Winim48');
DeleteService('Winhl83');
DeleteService('Wingm37');
DeleteService('Wingl48');
DeleteService('Wingk83');
DeleteService('Wingk15');
DeleteService('Winfk04');
DeleteService('Winej50');
DeleteService('Winei26');
DeleteService('Winei15');
DeleteService('Windi83');
DeleteService('Windi26');
DeleteService('Windh83');
DeleteService('Windh15');
DeleteService('Winch48');
DeleteService('Wincg83');
DeleteService('Wincg50');
DeleteService('Winbg48');
DeleteService('Winbf48');
DeleteService('Winbf04');
DeleteService('Winaf83');
DeleteService('Winaf72');
DeleteService('Winaf61');
DeleteService('Winaf50');
DeleteService('Winae48');
DeleteService('Wcg72');
DeleteService('Wcg48');
DeleteService('Wbf72');
DeleteService('Vbf15');
DeleteService('Uyd26');
QuarantineFile('C:\WINDOWS\System32\drivers\Vbf15.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Uyd26.sys','');
DeleteService('Tyd26');
QuarantineFile('C:\WINDOWS\System32\drivers\Tyd26.sys','');
DeleteService('tcpsr');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
DeleteService('Rwb48');
DeleteService('Rva83');
DeleteService('Qva61');
DeleteService('Qva50');
DeleteService('Qva15');
QuarantineFile('C:\WINDOWS\System32\drivers\Rwb48.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Rva83.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Qva61.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Qva50.sys','');
DeleteService('Ptx04');
QuarantineFile('C:\WINDOWS\System32\drivers\Ptx04.sys','');
DeleteService('Otx15');
DeleteService('Osw37');
QuarantineFile('C:\WINDOWS\System32\drivers\Otx15.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Osw37.sys','');
DeleteService('Nrv37');
QuarantineFile('C:\WINDOWS\System32\drivers\Nrv37.sys','');
DeleteService('Lpt48');
QuarantineFile('C:\WINDOWS\System32\Drivers\Lpt48.sys','');
DeleteService('Kpt15');
DeleteService('Kos72');
DeleteService('Inr15');
QuarantineFile('C:\WINDOWS\System32\drivers\Kpt15.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Kos72.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Inr15.sys','');
DeleteService('Imq83');
DeleteService('Imq61');
DeleteService('Ieov63');
QuarantineFile('C:\WINDOWS\System32\drivers\Imq83.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Imq61.sys','');
DeleteService('Gko04');
DeleteService('Fjn61');
QuarantineFile('C:\WINDOWS\System32\drivers\Gko04.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Fjn61.sys','');
DeleteService('WZCSVCWmdmPmSNTapiSrv');
DeleteService('WZCSVCWmdmPmSN');
DeleteService('W32TimeNtLmSsp');
DeleteService('VSSlanmanserverupnphostSysmonLog');
DeleteService('VSSlanmanserverupnphost');
DeleteService('VSSlanmanserver');
DeleteService('vcdsecsimapiserviceimapiservice');
DeleteService('upsscarddrvclipsrv');
DeleteService('upsmsiserverseclogonrasmanmsdtcnetddedmserverdnscache');
DeleteService('upsmsiserverseclogonrasmanmsdtc');
DeleteService('UPSMSIServerseclogonRasMan');
DeleteService('UPSMSIServerseclogon');
DeleteService('UPSMSIServer');
DeleteService('upnphostAlerter');
DeleteService('ThemesTapiSrvHTTPFilter');
DeleteService('tapisrvhttpfiltersysmonlogthemesimapiserviceimapiservicevsslanmanserver');
DeleteService('TapiSrvHTTPFilterSysmonLogThemesImapiServiceImapiService');
DeleteService('TapiSrvHTTPFilter');
DeleteService('sysmonlogthemessamss');
DeleteService('sysmonlogthemeslanmanworkstationeventlog');
DeleteService('sysmonlogthemesimapiserviceimapiservicerdsessmgrplugplay');
DeleteService('SysmonLogThemesImapiServiceImapiService');
DeleteService('SysmonLogThemes');
DeleteService('sysmonloghttpfilter');
DeleteService('stisvcersvc');
DeleteService('SharedAccessFastUserSwitchingCompatibility');
DeleteService('senstapisrvsysmonlogthemesimapiserviceimapiservicerdsessmgrplugplay');
DeleteService('SENSTapiSrv');
DeleteService('schedulevsslanmanserver');
DeleteService('ScheduleShellHWDetection');
DeleteService('scardsvrdhcpappmgmt');
DeleteService('SCardSvrDhcp');
DeleteService('scarddrvclipsrv');
DeleteService('RpcSsSpooler');
DeleteService('RpcSsRDSessMgr');
DeleteService('rpclocatortapisrvhttpfilter');
DeleteService('RemoteRegistryClipSrv');
DeleteService('RDSessMgrPlugPlay');
DeleteService('RDSessMgrNetman');
DeleteService('RasManSwPrv');
DeleteService('RasAutoRasAutoEventSystem');
DeleteService('RasAutoMessenger');
DeleteService('RasAutoEventSystem');
DeleteService('PolicyAgentWmdmPmSNwinmgmthelpsvc');
DeleteService('PolicyAgentWmdmPmSNwinmgmt');
DeleteService('policyagentwmdmpmsntlntsvrrpclocatortapisrvhttpfilter');
DeleteService('PolicyAgentWmdmPmSNTlntSvr');
DeleteService('PolicyAgentWmdmPmSN');
DeleteService('PolicyAgentDhcp');
DeleteService('osecisvc');
DeleteService('NtmsSvclanmanworkstation');
DeleteService('NetlogonRSVP');
DeleteService('NetlogonEventSystemTapiSrvHTTPFilter');
DeleteService('netddedmserverdnscache');
DeleteService('mnmsrvcRasMan');
DeleteService('lanmanworkstationInterBaseServerSNDSrvc');
DeleteService('lanmanworkstationEventlog');
DeleteService('InterBaseServerSNDSrvc');
DeleteService('InterBaseGuardianDcomLaunchUPSRemoteRegistry');
DeleteService('InterBaseGuardianDcomLaunchUPS');
DeleteService('ImapiServiceRasAutoRasAutoEventSystem');
DeleteService('ImapiServiceImapiService');
DeleteService('EventSystemTapiSrvHTTPFilter');
DeleteService('EventlogWZCSVCWmdmPmSN');
DeleteService('Eventlogcisvc');
DeleteService('ersvcsrservice');
DeleteService('dmserverdnscachesrservice');
DeleteService('dmserverDnscache');
DeleteService('DcomLaunchUPSImapiServiceImapiServiceMDM');
DeleteService('DcomLaunchUPSImapiServiceImapiService');
DeleteService('DcomLaunchUPS');
DeleteService('COMSysApplanmanworkstationEventlogDhcp');
DeleteService('COMSysApplanmanworkstationEventlog');
DeleteService('cisvcmnmsrvcRasMan');
DeleteService('browserpolicyagentwmdmpmsn');
QuarantineFile('srv.exe','');
QuarantineFile('C:\PROGRA~1\MYCENT~1\InfoBar\MYCENT~1.DLL','');
DeleteFile('C:\PROGRA~1\MYCENT~1\InfoBar\MYCENT~1.DLL');
DeleteFile('srv.exe');
DeleteFile('C:\WINDOWS\System32\drivers\Fjn61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Gko04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Imq61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Imq83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Inr15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Kos72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Kpt15.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Lpt48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Nrv37.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Osw37.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Otx15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Ptx04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Qva15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Qva50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Qva61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Rva83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Rwb48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Tyd26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Uyd26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Vbf15.sys');
DeleteFile('C:\WINDOWS\msvupdater.exe');
DeleteFile('C:\WINDOWS\system32\blphccv9j0evln.scr');
DeleteFile('C:\WINDOWS\system32\braviax.exe');
DeleteFile('karina.dat');
DeleteFile('msansspc.dll');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Пришлите карантин по правилам и повторите логи...
Junior Member
Вес репутации
57
Карантин выслал, логи повторяю ..скоро будут.
После выполнения скрипта комп перегрузился, но изменений не произошло
Вам ни кто не обещал, что вы станете миллионером после скрипта лечение еще не окончено...
Junior Member
Вес репутации
57
надеюсь н аВашу помощь
Еще вот такой скрипт выполните:
Код:
begin
ClearHosts;
end.
Павел
AVZ HijackThis помощь с 10-00 до 18-00МСК
Windows7, SEP(work)
WindowsXP KIS(home)
На up не реагирую
Junior Member
Вес репутации
57
Вложения
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('c:\windows\system32\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\lsass.exe','');
QuarantineFile('C:\WINDOWS\system32\services.exe','');
QuarantineFile('c:\windows\system32\winlogon.exe','');
QuarantineFile('c:\windows\system32\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\vcdmpdrv.sys','');
DeleteFile('C:\WINDOWS\System32\drivers\Wbf72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wcg48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wcg72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winae48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winaf50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winaf61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winaf72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winaf83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbf04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbf48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbg48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wincg50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wincg83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winch48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windh15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windh83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windi26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Windi83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winei15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winei26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winej50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winfk04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingk15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingk83.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingl48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingm37.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhl83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winim48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winim61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winin48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winin61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjn37.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjn48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjo48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winko04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winko48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winko61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winkp72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winlq61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winlq83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winmq26.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winnr83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winns04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winns15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winos50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winot72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpt37.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpt83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpu83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winqu48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winqu50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winrb56.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winrv37.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winrv61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winrw61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsw26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsw61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsx72.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsx83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wintx26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winty48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winty83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winuy61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winuy83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winva26.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winva50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winva83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winvb61.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwb50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winxc04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winxc50.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winxc83.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winxd48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyd15.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyd48.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winye04.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winye15.sys');
DeleteService('Winye15');
DeleteService('Winye04');
DeleteService('Winyd48');
DeleteService('Winyd15');
DeleteService('Winxd48');
DeleteService('Winxc83');
DeleteService('Winxc50');
DeleteService('Winxc04');
DeleteService('Winwb50');
DeleteService('Winvb61');
DeleteService('Winva83');
DeleteService('Winva50');
DeleteService('Winva26');
DeleteService('Winuy83');
DeleteService('Winuy61');
DeleteService('Winty83');
DeleteService('Winty48');
DeleteService('Wintx26');
DeleteService('Winsx83');
DeleteService('Winsx72');
DeleteService('Winsw61');
DeleteService('Winsw26');
DeleteService('Winrw61');
DeleteService('Winrv61');
DeleteService('Winrv37');
DeleteService('Winrb56');
DeleteService('Winqu50');
DeleteService('Winqu48');
DeleteService('Winpu83');
DeleteService('Winpt83');
DeleteService('Winpt37');
DeleteService('Winot72');
DeleteService('Winos50');
DeleteService('Winns15');
DeleteService('Winns04');
DeleteService('Winnr83');
DeleteService('winmr04');
DeleteService('Winmq26');
DeleteService('Winlq83');
DeleteService('Winlq61');
DeleteService('Winkp72');
DeleteService('Winko61');
DeleteService('Winko48');
DeleteService('Winko04');
DeleteService('Winjo48');
DeleteService('Winjn48');
DeleteService('Winjn37');
DeleteService('Winin61');
DeleteService('Winin48');
DeleteService('Winim61');
DeleteService('Winim48');
DeleteService('Winhl83');
DeleteService('Wingm37');
DeleteService('Wingl48');
DeleteService('Wingk83');
DeleteService('Wingk15');
DeleteService('Winfk04');
DeleteService('Winej50');
DeleteService('Winei26');
DeleteService('Winei15');
DeleteService('Windi83');
DeleteService('Windi26');
DeleteService('Windh83');
DeleteService('Windh15');
DeleteService('Winch48');
DeleteService('Wincg83');
DeleteService('Wincg50');
DeleteService('Winbg48');
DeleteService('Winbf48');
DeleteService('Winbf04');
DeleteService('Winaf83');
DeleteService('Winaf72');
DeleteService('Winaf61');
DeleteService('Winaf50');
DeleteService('Winae48');
DeleteService('Wcg72');
DeleteService('Wcg48');
DeleteService('Wbf72');
BC_ImportALL;
BC_DeleteSvc('DcomLaunchUPS');
BC_DeleteSvc('WZCSVCWmdmPmSN');
BC_DeleteSvc('W32TimeNtLmSsp');
BC_DeleteSvc('VSSlanmanserver');
BC_DeleteSvc('UPSMSIServer');
BC_DeleteSvc('upnphostAlerter');
BC_DeleteSvc('SysmonLogThemes');
BC_DeleteSvc('SENSTapiSrv');
BC_DeleteSvc('SCardSvrDhcp');
BC_DeleteSvc('scarddrvclipsrv');
BC_DeleteSvc('RpcSsSpooler');
BC_DeleteSvc('RpcSsRDSessMgr');
BC_DeleteSvc('RDSessMgrNetman');
BC_DeleteSvc('RasManSwPrv');
BC_DeleteSvc('PolicyAgentDhcp');
BC_DeleteSvc('plugplayxmlprov');
BC_DeleteSvc('osecisvc');
BC_DeleteSvc('NetlogonRSVP');
BC_DeleteSvc('Eventlogcisvc');
BC_DeleteSvc('ersvcsrservice');
BC_DeleteSvc('DcomLaunchUPS');
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(5);
BC_ImportALL;
ExecuteSysClean;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил
Пофиксить в HijackThis следующие строчки
Код:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
Добавлено через 9 минут
Да накопилось Вы проверяли cureit ?
Логи повторите.
Последний раз редактировалось akoK; 20.11.2008 в 17:12 .
Причина: Добавлено
Microsoft Most Valuable Professional in Consumer Security
Junior Member
Вес репутации
57
Скрипт выполнил
Карантин выслал
Логи повторил
Curit-ом всю ночь проверял....что нашел - удалил
Вложения
У Вас svchost.exe патченный, не родной.
Надо будет записать CureIt на болванку на чистой машине и провериться.
Павел
AVZ HijackThis помощь с 10-00 до 18-00МСК
Windows7, SEP(work)
WindowsXP KIS(home)
На up не реагирую
Junior Member
Вес репутации
57
Сделаю...обязательно отпишусь, спасибо
Итог лечения
Статистика проведенного лечения:
Получено карантинов: 2 Обработано файлов: 74 В ходе лечения обнаружены вредоносные программы:
c:\\progra~1\\mycent~1\\infobar\\mycentriainfobar. dll - not-a-virus:AdWare.Win32.MyCentria.m (DrWEB: Trojan.Mycentria.17) c:\\progra~1\\mycent~1\\infobar\\mycent~1.dll - not-a-virus:AdWare.Win32.MyCentria.m (DrWEB: Trojan.Mycentria.17) c:\\windows\\system32\\lsass.exe - Trojan.Win32.Patched.cx c:\\windows\\system32\\services.exe - Trojan.Win32.Patched.cx c:\\windows\\system32\\svchost.exe - Trojan.Win32.Patched.cx c:\\windows\\system32\\winlogon.exe - Trojan.Win32.Patched.cx