Помогите удалить msvmiode.exe P.S. Я чайник

icotonev · Отправлено: **20:21, 09-09-2010** | #6

Удалите при помощи MBAM:

Код:

Зараженные параметры в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Heuristics.Shuriken) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> No action taken.

Объекты реестра заражены:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\smoc\Application Data\ltzqai.exe,explorer.exe,C:\RECYCLER\S-1-5-21-1709060085-9020522543-098097547-9816\syscr.exe,Explorer.exe) Good: (Explorer.exe) -> No action taken.

Зараженные папки:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken.

Зараженные файлы:
C:\WINDOWS\system32\msvmiode.exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\094.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\1060613.exe (Trojan.VirTool) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\185.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\258.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\281.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\437.exe (Trojan.VirTool) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\446.exe (Trojan.VirTool) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\751.exe (Trojan.VirTool) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\c57[1].exe (Trojan.VirTool) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\cfdrive30.exe (Trojan.VirTool) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\cfdrive32.exe (Trojan.VirTool) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\lbf[1].exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\lbf[1]_0.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\lbf[2].exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\ltzqai.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\ltzqai_0.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\ltzqai_1.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\DoctorWeb\Quarantine\ltzqai_2.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\smoc\Local Settings\temp\158.exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\smoc\Local Settings\temp\40961.exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\smoc\Local Settings\temp\66621.exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\smoc\Local Settings\temp\801.exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\smoc\Local Settings\Temporary Internet Files\Content.IE5\O5ENWDQR\lik[1].exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\smoc\Local Settings\Temporary Internet Files\Content.IE5\O9AB09EZ\lik[1].exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\smoc\Local Settings\Temporary Internet Files\Content.IE5\SXERK1MV\lik[1].exe (Heuristics.Shuriken) -> No action taken.
C:\RECYCLER\S-1-5-21-1709060085-9020522543-098097547-9816\syscr.exe (Worm.Autorun.B) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken.
C:\Documents and Settings\smoc\Application Data\ltzqai.exe (Worm.Palevo) -> No action taken.
C:\WINDOWS\cfdrive32.exe (Trojan.Agent) -> No action taken.

Ждем результат - quarantine.zip
Повторите логи. И не забудьте лог RSIT....!