Jump to content
СофтФорум - всё о компьютерах и не только

Посмотрите, пожалуйста, логи


Recommended Posts

В том числе заблокированы сайты Касперского, Dr.Web

Постоянно выскакивают ошибки, как на скрине.

Что делать? Спасибо.

Error.JPG

virusinfo_syscure.zip

virusinfo_syscheck.zip

hijackthis.log

post-76040-1228904403_thumb.jpg

virusinfo_syscure.zip

virusinfo_syscheck.zip

hijackthis.log

Link to comment
Share on other sites

1.AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".

beginSearchRootkit(true, true);SetAVZGuardStatus(True);QuarantineFile('C:\WINDOWS\system32\svсhost.exe','');QuarantineFile('C:\WINDOWS\system32\сsrss.exe','');QuarantineFile('C:\WINDOWS\System32\Drivers\Beep.SYS','');QuarantineFile('c:\tmp\xvfy.exe','');TerminateProcessByName('c:\tmp\xvfy.exe');QuarantineFile('c:\tmp\sebd.exe','');TerminateProcessByName('c:\tmp\sebd.exe');DeleteFile('c:\tmp\sebd.exe');DeleteFile('C:\WINDOWS\system32\сsrss.exe');DeleteFile('C:\WINDOWS\system32\svсhost.exe');DeleteFile('c:\tmp\xvfy.exe');DeleteFile('C:\WINDOWS\System32\Drivers\Beep.SYS');DeleteFile('C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP373\A0923785.exe');DeleteFile('C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP379\A0935440.exe');DeleteFile('C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP379\A0937179.exe');BC_ImportAll;DeleteService('abp470n5');DeleteService('Beep');ExecuteSysClean;ExecuteRepair(11);ExecuteRepair(17);BC_Activate;RebootWindows(true);end.

После выполнения скрипта компьютер перезагрузится.

AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".

beginCreateQurantineArchive(GetAVZDirectory+'quarantine.zip');end.

Прислать карантин (файл quarantine.zip из папки AVZ) на адрес 54712<at>rambler.ru где <at> - это @.

2.Пофиксить в HijackThis следующие строчки )

O2 - BHO: (no name) - {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} - C:\PROGRA~1\MYCENT~1\InfoBar\MYCENT~1.DLL (file missing) 

Повторите логи.

Edited by wise-wistful
Link to comment
Share on other sites

AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".

beginClearQuarantine;SearchRootkit(true, true);SetAVZGuardStatus(true);SetServiceStart('abp470n5', 4);DeleteFile('C:\WINDOWS\system32\drivers\idlrmm.sys');DeleteService('abp470n5');BC_ImportDeletedList;BC_Activate;ExecuteSysClean;RebootWindows(true);end.

После выполнения скрипта компьютер перезагрузится.

Скачайте Malwarebytes' Anti-Malware, установите, обновите базы, выберите "Perform Full Scan", нажмите "Scan", после сканирования - Ok - Show Results (показать результаты) - нажмите "Remove Selected" (удалить выделенные). Откройте лог и скопируйте в сообщение.

Link to comment
Share on other sites

Malwarebytes' Anti-Malware 1.31

Database version: 1497

Windows 5.1.2600 Service Pack 2

14.12.2008 1:03:35

mbam-log-2008-12-14 (01-03-35).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|)

Objects scanned: 348874

Time elapsed: 1 hour(s), 22 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\YourSiteBar (Adware.ISTBar) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\config\56133762.Evt (Rootkit.Agent.H) -> Delete on reboot.

C:\System Volume Information\_restore{6C04D56E-D120-4013-86AB-23214FE02C03}\RP377\A0930247.exe (Malware.Tool) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{ABB80C42-AA45-468F-83EA-5880E03A563F}\RP5\A0001271.exe (Malware.Tool) -> Quarantined and deleted successfully.

C:\WIN2K3\system32\drivers\utg5odu4.sys (Worm.Bagel) -> Quarantined and deleted successfully.

C:\Program Files\Игры от NevoSoft\NevoDRM\UnWrapper.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\Katty\Games\UnWrapper.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...