Добрый день. Прочитал о диагностике.. .еще прочитал пару тем на Вашем форуме. Создал куча логов с разных программ. Тестировал и т.д. и т.п. Но проблема остается - главное:
Объекты реестра заражены:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\System32\vssvc.exe','');
QuarantineFile('C:\WINDOWS\system32\netdde.exe','');
QuarantineFile('C:\WINDOWS\system32\locator.exe','');
DeleteFile('D:\autorun.inf');
DeleteFile('E:\autorun.inf');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('gljn.sys');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteFile('gljn.sys');
BC_Activate;
RebootWindows(true);
end.
RegLock::
[HKEY_USERS\S-1-5-21-1644491937-2147257089-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
c:\windows\regedit.exe . . . is infected!!
c:\windows\TASKMAN.EXE . . . is infected!!
c:\windows\twunk_32.exe . . . is infected!!
c:\windows\winhlp32.exe . . . is infected!!
c:\windows\inf\unregmp2.exe . . . is infected!!
c:\windows\msagent\agentsvr.exe . . . is infected!!
c:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . is infected!!
c:\windows\pchealth\helpctr\binaries\HelpHost.exe . . . is infected!!
c:\windows\pchealth\helpctr\binaries\HelpSvc.exe . . . is infected!!
c:\windows\pchealth\helpctr\binaries\HscUpd.exe . . . is infected!!
c:\windows\pchealth\helpctr\binaries\notiflag.exe . . . is infected!!
c:\windows\pchealth\UploadLB\Binaries\UploadM.exe . . . is infected!!
c:\windows\system32\actmovie.exe . . . is infected!!
c:\windows\system32\alg.exe . . . is infected!!
c:\windows\system32\arp.exe . . . is infected!!
c:\windows\system32\asr_fmt.exe . . . is infected!!
c:\windows\system32\asr_ldm.exe . . . is infected!!
c:\windows\system32\asr_pfu.exe . . . is infected!!
c:\windows\system32\at.exe . . . is infected!!
c:\windows\system32\atmadm.exe . . . is infected!!
c:\windows\system32\attrib.exe . . . is infected!!
c:\windows\system32\auditusr.exe . . . is infected!!
c:\windows\system32\autochk.exe . . . is infected!!
c:\windows\system32\autoconv.exe . . . is infected!!
c:\windows\system32\autofmt.exe . . . is infected!!
c:\windows\system32\autolfn.exe . . . is infected!!
c:\windows\system32\blastcln.exe . . . is infected!!
c:\windows\system32\bootcfg.exe . . . is infected!!
c:\windows\system32\bootok.exe . . . is infected!!
c:\windows\system32\bootvrfy.exe . . . is infected!!
c:\windows\system32\cacls.exe . . . is infected!!
c:\windows\system32\chkdsk.exe . . . is infected!!
c:\windows\system32\chkntfs.exe . . . is infected!!
c:\windows\system32\cidaemon.exe . . . is infected!!
c:\windows\system32\cipher.exe . . . is infected!!
c:\windows\system32\cisvc.exe . . . is infected!!
c:\windows\system32\ckcnv.exe . . . is infected!!
c:\windows\system32\cmmon32.exe . . . is infected!!
c:\windows\system32\comp.exe . . . is infected!!
c:\windows\system32\compact.exe . . . is infected!!
c:\windows\system32\control.exe . . . is infected!!
c:\windows\system32\convert.exe . . . is infected!!
c:\windows\system32\dcomcnfg.exe . . . is infected!!
c:\windows\system32\ddeshare.exe . . . is infected!!
c:\windows\system32\defrag.exe . . . is infected!!
c:\windows\system32\dfrgfat.exe . . . is infected!!
c:\windows\system32\dfrgntfs.exe . . . is infected!!
c:\windows\system32\diantz.exe . . . is infected!!
c:\windows\system32\diskpart.exe . . . is infected!!
c:\windows\system32\diskperf.exe . . . is infected!!
c:\windows\system32\dllhost.exe . . . is infected!!
c:\windows\system32\dllhst3g.exe . . . is infected!!
c:\windows\system32\dmadmin.exe . . . is infected!!
c:\windows\system32\dmremote.exe . . . is infected!!
c:\windows\system32\doskey.exe . . . is infected!!
c:\windows\system32\dplaysvr.exe . . . is infected!!
c:\windows\system32\dpnsvr.exe . . . is infected!!
c:\windows\system32\dpvsetup.exe . . . is infected!!
c:\windows\system32\driverquery.exe . . . is infected!!
c:\windows\system32\drwtsn32.exe . . . is infected!!
c:\windows\system32\dumprep.exe . . . is infected!!
c:\windows\system32\dvdplay.exe . . . is infected!!
c:\windows\system32\dvdupgrd.exe . . . is infected!!
c:\windows\system32\dwwin.exe . . . is infected!!
c:\windows\system32\dxdiag.exe . . . is infected!!
c:\windows\system32\esentutl.exe . . . is infected!!
c:\windows\system32\eudcedit.exe . . . is infected!!
c:\windows\system32\eventcreate.exe . . . is infected!!
c:\windows\system32\eventtriggers.exe . . . is infected!!
c:\windows\system32\expand.exe . . . is infected!!
c:\windows\system32\extrac32.exe . . . is infected!!
c:\windows\system32\fc.exe . . . is infected!!
c:\windows\system32\find.exe . . . is infected!!
c:\windows\system32\findstr.exe . . . is infected!!
c:\windows\system32\finger.exe . . . is infected!!
c:\windows\system32\fixmapi.exe . . . is infected!!
c:\windows\system32\fltMc.exe . . . is infected!!
c:\windows\system32\fontview.exe . . . is infected!!
c:\windows\system32\forcedos.exe . . . is infected!!
c:\windows\system32\fsutil.exe . . . is infected!!
c:\windows\system32\ftp.exe . . . is infected!!
c:\windows\system32\getmac.exe . . . is infected!!
c:\windows\system32\gpresult.exe . . . is infected!!
c:\windows\system32\gpupdate.exe . . . is infected!!
c:\windows\system32\grpconv.exe . . . is infected!!
c:\windows\system32\help.exe . . . is infected!!
c:\windows\system32\hostname.exe . . . is infected!!
c:\windows\system32\ie4uinit.exe . . . is infected!!
c:\windows\system32\imapi.exe . . . is infected!!
c:\windows\system32\ipconfig.exe . . . is infected!!
c:\windows\system32\ipsec6.exe . . . is infected!!
c:\windows\system32\ipv6.exe . . . is infected!!
c:\windows\system32\ipxroute.exe . . . is infected!!
c:\windows\system32\label.exe . . . is infected!!
c:\windows\system32\lights.exe . . . is infected!!
c:\windows\system32\lnkstub.exe . . . is infected!!
c:\windows\system32\locator.exe . . . is infected!!
c:\windows\system32\lodctr.exe . . . is infected!!
c:\windows\system32\logagent.exe . . . is infected!!
c:\windows\system32\logman.exe . . . is infected!!
c:\windows\system32\logoff.exe . . . is infected!!
c:\windows\system32\lpq.exe . . . is infected!!
c:\windows\system32\lpr.exe . . . is infected!!
c:\windows\system32\makecab.exe . . . is infected!!
c:\windows\system32\mmcperf.exe . . . is infected!!
c:\windows\system32\mountvol.exe . . . is infected!!
c:\windows\system32\mplay32.exe . . . is infected!!
c:\windows\system32\mpnotify.exe . . . is infected!!
c:\windows\system32\mqbkup.exe . . . is infected!!
c:\windows\system32\mqsvc.exe . . . is infected!!
c:\windows\system32\mqtgsvc.exe . . . is infected!!
c:\windows\system32\mrinfo.exe . . . is infected!!
c:\windows\system32\msg.exe . . . is infected!!
c:\windows\system32\mshta.exe . . . is infected!!
c:\windows\system32\msiexec.exe . . . is infected!!
c:\windows\system32\msswchx.exe . . . is infected!!
c:\windows\system32\mstinit.exe . . . is infected!!
c:\windows\system32\napstat.exe . . . is infected!!
c:\windows\system32\nbtstat.exe . . . is infected!!
c:\windows\system32\nddeapir.exe . . . is infected!!
c:\windows\system32\net.exe . . . is infected!!
c:\windows\system32\net1.exe . . . is infected!!
c:\windows\system32\netdde.exe . . . is infected!!
c:\windows\system32\netsetup.exe . . . is infected!!
c:\windows\system32\netsh.exe . . . is infected!!
c:\windows\system32\netstat.exe . . . is infected!!
c:\windows\system32\ntkrnlpa.exe . . . is infected!!
c:\windows\system32\ntvdm.exe . . . is infected!!
c:\windows\system32\nwscript.exe . . . is infected!!
c:\windows\system32\odbcconf.exe . . . is infected!!
c:\windows\system32\openfiles.exe . . . is infected!!
c:\windows\system32\osuninst.exe . . . is infected!!
c:\windows\system32\packager.exe . . . is infected!!
c:\windows\system32\pathping.exe . . . is infected!!
c:\windows\system32\pentnt.exe . . . is infected!!
c:\windows\system32\ping.exe . . . is infected!!
c:\windows\system32\ping6.exe . . . is infected!!
c:\windows\system32\powercfg.exe . . . is infected!!
c:\windows\system32\print.exe . . . is infected!!
c:\windows\system32\progman.exe . . . is infected!!
c:\windows\system32\proquota.exe . . . is infected!!
c:\windows\system32\proxycfg.exe . . . is infected!!
c:\windows\system32\qappsrv.exe . . . is infected!!
c:\windows\system32\qprocess.exe . . . is infected!!
c:\windows\system32\qwinsta.exe . . . is infected!!
c:\windows\system32\rasautou.exe . . . is infected!!
c:\windows\system32\rasdial.exe . . . is infected!!
c:\windows\system32\rasphone.exe . . . is infected!!
c:\windows\system32\rcp.exe . . . is infected!!
c:\windows\system32\rdpclip.exe . . . is infected!!
c:\windows\system32\rdsaddin.exe . . . is infected!!
c:\windows\system32\rdshost.exe . . . is infected!!
c:\windows\system32\recover.exe . . . is infected!!
c:\windows\system32\reg.exe . . . is infected!!
c:\windows\system32\regini.exe . . . is infected!!
c:\windows\system32\regsvr32.exe . . . is infected!!
c:\windows\system32\regwiz.exe . . . is infected!!
c:\windows\system32\relog.exe . . . is infected!!
c:\windows\system32\replace.exe . . . is infected!!
c:\windows\system32\reset.exe . . . is infected!!
c:\windows\system32\rexec.exe . . . is infected!!
c:\windows\system32\route.exe . . . is infected!!
c:\windows\system32\routemon.exe . . . is infected!!
c:\windows\system32\rsh.exe . . . is infected!!
c:\windows\system32\rsm.exe . . . is infected!!
c:\windows\system32\rsmsink.exe . . . is infected!!
c:\windows\system32\rsmui.exe . . . is infected!!
c:\windows\system32\rsnotify.exe . . . is infected!!
c:\windows\system32\rsopprov.exe . . . is infected!!
c:\windows\system32\rsvp.exe . . . is infected!!
c:\windows\system32\runas.exe . . . is infected!!
c:\windows\system32\rundll32.exe . . . is infected!!
c:\windows\system32\rwinsta.exe . . . is infected!!
c:\windows\system32\savedump.exe . . . is infected!!
c:\windows\system32\sc.exe . . . is infected!!
c:\windows\system32\scardsvr.exe . . . is infected!!
c:\windows\system32\schtasks.exe . . . is infected!!
c:\windows\system32\sdbinst.exe . . . is infected!!
c:\windows\system32\secedit.exe . . . is infected!!
c:\windows\system32\sessmgr.exe . . . is infected!!
c:\windows\system32\sethc.exe . . . is infected!!
Infected copy of c:\windows\system32\setup.exe was found and disinfected
Restored copy from - c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SETUP.EXE
c:\windows\system32\setupn.exe . . . is infected!!
c:\windows\system32\sfc.exe . . . is infected!!
c:\windows\system32\shadow.exe . . . is infected!!
c:\windows\system32\shmgrate.exe . . . is infected!!
c:\windows\system32\shutdown.exe . . . is infected!!
c:\windows\system32\skeys.exe . . . is infected!!
c:\windows\system32\smbinst.exe . . . is infected!!
c:\windows\system32\smlogsvc.exe . . . is infected!!
c:\windows\system32\sort.exe . . . is infected!!
c:\windows\system32\spiisupd.exe . . . is infected!!
c:\windows\system32\spnpinst.exe . . . is infected!!
c:\windows\system32\sprestrt.exe . . . is infected!!
c:\windows\system32\subst.exe . . . is infected!!
c:\windows\system32\syskey.exe . . . is infected!!
c:\windows\system32\systeminfo.exe . . . is infected!!
c:\windows\system32\systray.exe . . . is infected!!
c:\windows\system32\taskkill.exe . . . is infected!!
c:\windows\system32\tasklist.exe . . . is infected!!
c:\windows\system32\tcmsetup.exe . . . is infected!!
c:\windows\system32\tcpsvcs.exe . . . is infected!!
c:\windows\system32\tftp.exe . . . is infected!!
c:\windows\system32\tlntadmn.exe . . . is infected!!
c:\windows\system32\tlntsess.exe . . . is infected!!
c:\windows\system32\tlntsvr.exe . . . is infected!!
c:\windows\system32\tracerpt.exe . . . is infected!!
c:\windows\system32\tracert.exe . . . is infected!!
c:\windows\system32\tracert6.exe . . . is infected!!
c:\windows\system32\tscon.exe . . . is infected!!
c:\windows\system32\tsdiscon.exe . . . is infected!!
c:\windows\system32\tskill.exe . . . is infected!!
c:\windows\system32\tsshutdn.exe . . . is infected!!
c:\windows\system32\typeperf.exe . . . is infected!!
c:\windows\system32\unlodctr.exe . . . is infected!!
c:\windows\system32\upnpcont.exe . . . is infected!!
c:\windows\system32\ups.exe . . . is infected!!
c:\windows\system32\userinit.exe . . . is infected!!
c:\windows\system32\usrmlnka.exe . . . is infected!!
c:\windows\system32\usrprbda.exe . . . is infected!!
c:\windows\system32\usrshuta.exe . . . is infected!!
c:\windows\system32\vssadmin.exe . . . is infected!!
c:\windows\system32\vssvc.exe . . . is infected!!
c:\windows\system32\w32tm.exe . . . is infected!!
c:\windows\system32\wextract.exe . . . is infected!!
c:\windows\system32\winmsd.exe . . . is infected!!
c:\windows\system32\winver.exe . . . is infected!!
c:\windows\system32\wpabaln.exe . . . is infected!!
c:\windows\system32\wpnpinst.exe . . . is infected!!
c:\windows\system32\wscntfy.exe . . . is infected!!
c:\windows\system32\wuauclt1.exe . . . is infected!!
c:\windows\system32\xcopy.exe . . . is infected!!
c:\windows\system32\Com\comrepl.exe . . . is infected!!
c:\windows\system32\Com\comrereg.exe . . . is infected!!
c:\windows\system32\npp\nppagent.exe . . . is infected!!
c:\windows\system32\oobe\msoobe.exe . . . is infected!!
c:\windows\system32\oobe\oobebaln.exe . . . is infected!!
c:\windows\system32\Restore\srdiag.exe . . . is infected!!
c:\windows\system32\usmt\migload.exe . . . is infected!!
c:\windows\system32\usmt\migwiza.exe . . . is infected!!
c:\windows\system32\wbem\mofcomp.exe . . . is infected!!
c:\windows\system32\wbem\scrcons.exe . . . is infected!!
c:\windows\system32\wbem\unsecapp.exe . . . is infected!!
c:\windows\system32\wbem\wbemtest.exe . . . is infected!!
c:\windows\system32\wbem\winmgmt.exe . . . is infected!!
c:\windows\system32\wbem\wmiadap.exe . . . is infected!!
c:\windows\system32\wbem\wmiapsrv.exe . . . is infected!!
c:\windows\system32\wbem\wmic.exe . . . is infected!!
c:\windows\system32\wbem\wmiprvse.exe . . . is infected!!
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?