[решено] хозяйствует нечто: исчезают аудиоустройства системы, меняется рабочий стол

thyrex · Конфигурация компьютера

Выполните скрипт в AVZ

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('WinCtrl32.dll','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winbe25.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Wineh25.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winei58.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winfi25.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winfi58.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winhk58.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winhn26.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winim36.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winps25.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winqt47.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winrv36.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winsx27.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winuy36.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winva03.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\Winwa47.sys','');
 DeleteService('Winwa47');
 DeleteService('Winva03');
 DeleteService('Winuy36');
 DeleteService('Winsx27');
 DeleteService('Winrv36');
 DeleteService('Winqt47');
 DeleteService('Winps25');
 DeleteService('Winim36');
 DeleteService('Winhn26');
 DeleteService('Winhk58');
 DeleteService('Winfi58');
 DeleteService('Winfi25');
 DeleteService('Winei58');
 DeleteService('Wineh25');
 DeleteService('Winbe25');
 DeleteService('xmlprovNVSvc');
 DeleteService('WebClientALG');
 DeleteService('TrkWksThemes');
 DeleteService('SysmonLogPolicyAgent');
 DeleteService('stisvcWebClientALG');
 DeleteService('ShellHWDetectionose');
 DeleteService('SharedAccessmnmsrvc');
 DeleteService('RasManNetDDE');
 DeleteService('MSIServerWmiApSrv');
 DeleteService('MSIServerdmadmin');
 DeleteService('MSDTCWebClient');
 DeleteService('MDMSwPrvNetDDEdsdm');
 DeleteService('MDMSwPrv');
 DeleteService('lanmanworkstationSPIDERNT');
 DeleteService('IrmonASWLSVCTrkWks');
 DeleteService('helpsvcseclogon');
 DeleteService('DhcpSSDPSRV');
 DeleteService('DcomLaunchdmadmin');
 DeleteService('BthServNetlogon');
 DeleteService('BITSClipSrv');
 DeleteService('ASWLSVCTrkWks');
 QuarantineFile('?  srv','');
 QuarantineFile('р%Ђ|x  srv','');
 DeleteFile('р%Ђ|x  srv');
 DeleteFile('?  srv');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winwa47.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winva03.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winuy36.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winsx27.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winrv36.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winqt47.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winps25.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winim36.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winhn26.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winhk58.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winfi58.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winfi25.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winei58.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Wineh25.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\Winbe25.sys');
 DeleteFile('WinCtrl32.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Компьютер перезагрузится.

Выполнить скрипт в AVZ.

Код:

begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.

quarantine.zip из папки AVZ отправьте на newvirus@kaspersky.com. Полученный ответ сообщите здесь.

Пофиксить в HiJack

Код:

 O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)

Сделайте новые логи