Сообщение от
Alex_2
пусто
У Вас какой Live CD? Если не ERD Commander, то искать в ветке надо было несколько иначе
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\explorer.exe:userini.exe');
QuarantineFile('c:\windows\explorer.exe:userini.exe:$DATA','');
QuarantineFile('C:\PSN\QINDOWS\phloh.exe','');
QuarantineFile('C:\RECYCLER\S-51-9-25-3434476501-1644491938-601003312-1214\Lmhgpw.exe','');
QuarantineFile('C:\Documents and Settings\Директор\ctfmon.exe','');
QuarantineFile('C:\Documents and Settings\Директор\Application Data\zwog.exe','');
QuarantineFile('C:\Documents and Settings\Директор\Application Data\zwog.exe,explorer.exe,C:\Documents and Set-tings\Директор\ctfmon.exe','');
QuarantineFile('C:\Documents and Settings\Директор\Application Data\Microsoft\pikoud.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\protect.sys','');
QuarantineFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\cwyadencjz.sys','');
QuarantineFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\ciiglzziws.sys','');
QuarantineFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\licohc.sys','');
QuarantineFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\pckfsdc.sys','');
QuarantineFile('C:\WINDOWS\System32\DRIVERS\aecq.sys','');
QuarantineFile('C:\Documents and Settings\читер\Application Data\Microsoft\moulybaf.exe','');
QuarantineFile('c:\windows\explorer.exe:userini.exe','');
SetServiceStart('aecq', 4);
DeleteFile('c:\windows\explorer.exe:userini.exe');
DeleteFile('C:\Documents and Settings\читер\Application Data\Microsoft\moulybaf.exe');
DeleteFile('C:\WINDOWS\System32\DRIVERS\aecq.sys');
DeleteFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\pckfsdc.sys');
DeleteFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\licohc.sys');
DeleteFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\ciiglzziws.sys');
DeleteFile('C:\DOCUME~1\575B~1\LOCALS~1\Temp\cwyadencjz.sys');
DeleteFile('C:\WINDOWS\system32\drivers\protect.sys');
DeleteFile('C:\Documents and Settings\Директор\Application Data\Microsoft\pikoud.exe');
DeleteFile('C:\Documents and Settings\Директор\Application Data\zwog.exe');
DeleteFile('C:\Documents and Settings\Директор\Application Data\zwog.exe,explorer.exe,C:\Documents and Set-tings\Директор\ctfmon.exe');
DeleteFile('C:\Documents and Settings\Директор\ctfmon.exe');
DeleteFile('C:\RECYCLER\S-51-9-25-3434476501-1644491938-601003312-1214\Lmhgpw.exe');
DeleteFile('C:\PSN\QINDOWS\phloh.exe');
DeleteFile('c:\windows\explorer.exe:userini.exe:$DATA');
DelCLSID('{67KLN5J0-4OPM-33WE-AAX5-21KC2A3453431}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','semou');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
DeleteService('aecq');
DeleteService('emolyrxkyncdm');
DeleteService('eoieakiyoc');
DeleteService('fxralcdicbyy');
DeleteService('icslldrujbmid');
DeleteService('protect');
DeleteFileMask('C:\PSN', '*.*', true);
DeleteDirectory('C:\PSN');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи обычным AVZ + лог http://virusinfo.info/showpost.php?p=493610&postcount=1