Помогите, одолели вирусы

iskander-k · Конфигурация компьютера

- Перетащите лог Check_Browsers_LNK.log на утилиту ClearLNK.

Отчёт о работе прикрепите.

• Скрипт AVZ.
Выполните скрипт AVZ. Меню Файл - Выполнить скрипт, вставляем написаный скрипт - кнопка Запустить, после выполнения компьютер перезагрузится.

Код:

begin
  StopService('TomorrowGames');
 SetServiceStart('tuhuqesu', 4);
 StopService('tuhuqesu');
 SetServiceStart('nezugeli', 4);
 StopService('nezugeli');
 SetServiceStart('livumuju', 4);
 StopService('livumuju');
 SetServiceStart('lenyboje', 4);
 StopService('lenyboje');
 SetServiceStart('kohupodu', 4);
 StopService('kohupodu');
 SetServiceStart('jykipixo', 4);
 StopService('jykipixo');
 SetServiceStart('duqegyro', 4);
 StopService('duqegyro');
 SetServiceStart('disymuwu', 4);
 StopService('disymuwu');
 SetServiceStart('detoviky', 4);
 StopService('detoviky');
 SetServiceStart('bopiquri', 4);
 StopService('bopiquri');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Local Settings\Application Data\SmartWeb\SmartWebHelper.exe','');
 QuarantineFile('Data\TomorrowGames\TomorrowGames32.dll','');
 QuarantineFile('C:\Documents and Settings\All Users\Application Data\TomorrowGames\TomorrowGames.exe','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsc515.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsc1C1.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsh2FD.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsy2A6.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsl5A9.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsn30D.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsb3C6.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsm3C1.tmp','');
 QuarantineFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsb14F.tmp','');
 QuarantineFile('C:\Documents and Settings\All Users\Application Data\TomorrowGames\TomorrowGames32.dll','');
 QuarantineFile('c:\documents and settings\all users\application data\tomorrowgames\tomorrowgames.exe','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsy2a6.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsn30d.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsm3c1.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsl5a9.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsh2fd.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsf573.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsc515.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsc1c1.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsb3c6.tmp','');
 QuarantineFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsb14f.tmp','');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsb14f.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsb3c6.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsc1c1.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsc515.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsf573.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsh2fd.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsl5a9.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsm3c1.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsn30d.tmp','32');
 DeleteFile('c:\documents and settings\ЗамДир\application data\ffffffff-1432025676-ffff-ffff-ffffffffffff\knsy2a6.tmp','32');
 DeleteFile('c:\documents and settings\all users\application data\tomorrowgames\tomorrowgames.exe','32');
 DeleteFile('C:\Documents and Settings\All Users\Application Data\TomorrowGames\TomorrowGames32.dll','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsb14F.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsm3C1.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsb3C6.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsn30D.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsl5A9.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsy2A6.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsh2FD.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsc1C1.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsf573.tmp','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Application Data\FFFFFFFF-1432025676-FFFF-FFFF-FFFFFFFFFFFF\knsc515.tmp','32');
 DeleteFile('C:\Documents and Settings\All Users\Application Data\TomorrowGames\TomorrowGames.exe','32');
 DeleteFile('Data\TomorrowGames\TomorrowGames32.dll','32');
 DeleteFile('C:\Documents and Settings\ЗамДир\Local Settings\Application Data\SmartWeb\SmartWebHelper.exe','32');
 DeleteFile('C:\WINDOWS\Tasks\SmartWeb Upgrade Trigger Task.job','32');
DeleteService('TomorrowGames');
 DeleteService('tuhuqesu');
 DeleteService('nezugeli');
 DeleteService('bopiquri');
 DeleteService('detoviky');
 DeleteService('disymuwu');
 DeleteService('duqegyro');
 DeleteService('jykipixo');
 DeleteService('kohupodu');
 DeleteService('lenyboje');
 DeleteService('livumuju');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

После всех процедур выполните скрипт

Код:

begin
 CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.

В результате выполнения скрипта будет сформирован карантин quarantine.zip

• HiJackThis. Нужно пофиксить эти строки в HiJackThis. Выставив галочки напротив этих пунктов и нажмите кнопку Fix Checked. Как пофиксить в HijackThis

Код:

O2 - BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O13 - DefaultPrefix: http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=1a0bf2965dc912cfd495eac86ba87d95&text=
O20 - AppInit_DLLs: C:\Documents and Settings\All Users\Application Data\TomorrowGames\TomorrowGames32.dll D:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll

• Скачайте Malwarebytes' Anti-Malware или с зеркала, установите (во время установки откажитесь от использования Пробной версии), обновите базы, подробнее здесь . Откройте лог, скопируйте в Блокнот и прикрепите его к следующему посту.
Самостоятельно ничего не удаляйте!!!
Если лог не открылся, то найти его можно в следующей папке:

Код:

%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Файл требующегося лога имеет имя mbam-log-[data] (time).txt, например: mbam-log-2012-11-09 (07-32-51).txt

Это вы добавляли эти адреса в зону надежных вебсайтов в свойствах интернет эксплорер ? Если нет - удалите их оттуда.

Цитата:

O15 - Trusted Zone: http://*.akоsta.info
O15 - Trusted Zone: http://*.alfalоt.ru
O15 - Trusted Zone: http://*.atctrаde.ru
O15 - Trusted Zone: http://*.bashzаkaz.ru
O15 - Trusted Zone: http://*.bft-tendеr.ru
O15 - Trusted Zone: http://*.bus.gоv.ru
O15 - Trusted Zone: *.cms-russiа.com
O15 - Trusted Zone: http://*.dfotendеr.ru
O15 - Trusted Zone: http://torgi.donlаnd.ru
O15 - Trusted Zone: http://etp.dvеuk.ru
O15 - Trusted Zone: http://*.el-tоrg.com
O15 - Trusted Zone: http://*.electrоntorg.ru
O15 - Trusted Zone: http://*.eltоrg.org
O15 - Trusted Zone: http://*.etp-micex.ru
O15 - Trusted Zone: http://*.etpu.ru
O15 - Trusted Zone: http://*.fabrikant.ru
O15 - Trusted Zone: http://*.fcsm.ru
O15 - Trusted Zone: http://*.fedresurs.ru
O15 - Trusted Zone: http://*.gazneftetorg.ru
O15 - Trusted Zone: http://zakupki.gov.ru
O15 - Trusted Zone: http://konkurs.gz-kuban.ru
O15 - Trusted Zone: http://*.gz-kuban.ru
O15 - Trusted Zone: http://*.kartoteka.ru
O15 - Trusted Zone: http://*.kontur-ca.ru
O15 - Trusted Zone: http://*.kontur.ru
O15 - Trusted Zone: http://*.meta-invest.ru
O15 - Trusted Zone: http://fgis.minregion.ru
O15 - Trusted Zone: http://market.zakupki.mos.ru
O15 - Trusted Zone: http://etp.mse.ru
O15 - Trusted Zone: http://*.nsso.ru
O15 - Trusted Zone: http://*.otc-agro.ru
O15 - Trusted Zone: http://*.otc-finance.ru
O15 - Trusted Zone: http://*.otc-region.ru
O15 - Trusted Zone: http://*.otc-tender.ru
O15 - Trusted Zone: http://*.otc.ru
O15 - Trusted Zone: http://*.www.otchet-online.ru/
O15 - Trusted Zone: http://*.pfotender.ru
O15 - Trusted Zone: http://etp.roseltorg.ru
O15 - Trusted Zone: http://www.roseltorg.ru
O15 - Trusted Zone: http://*.roseltorg.ru
O15 - Trusted Zone: http://*.rts-tender.ru
O15 - Trusted Zone: http://*.sberbank-ast.ru
O15 - Trusted Zone: http://*.setonline.ru
O15 - Trusted Zone: http://supply.severstal.com
O15 - Trusted Zone: http://*.sibfotender.ru
O15 - Trusted Zone: http://*.ufotender.ru
O15 - Trusted Zone: http://*.urfotender.ru
O15 - Trusted Zone: http://*.utender.ru
O15 - ESC Trusted Zone: http://*.akosta.info
O15 - ESC Trusted Zone: http://*.alfalot.ru
O15 - ESC Trusted Zone: http://*.atctrade.ru
O15 - ESC Trusted Zone: http://*.bashzakaz.ru
O15 - ESC Trusted Zone: http://*.bft-tender.ru
O15 - ESC Trusted Zone: http://*.dfotender.ru
O15 - ESC Trusted Zone: http://torgi.donland.ru
O15 - ESC Trusted Zone: http://etp.dveuk.ru
O15 - ESC Trusted Zone: http://*.el-torg.com
O15 - ESC Trusted Zone: http://*.electrontorg.ru
O15 - ESC Trusted Zone: http://*.eltorg.org
O15 - ESC Trusted Zone: http://*.etp-micex.ru
O15 - ESC Trusted Zone: http://*.etpu.ru
O15 - ESC Trusted Zone: http://*.fabrikant.ru
O15 - ESC Trusted Zone: http://*.fcsm.ru
O15 - ESC Trusted Zone: http://*.fedresurs.ru
O15 - ESC Trusted Zone: http://*.gazneftetorg.ru
O15 - ESC Trusted Zone: http://zakupki.gov.ru
O15 - ESC Trusted Zone: http://*.kartoteka.ru
O15 - ESC Trusted Zone: http://*.kontur-ca.ru
O15 - ESC Trusted Zone: http://*.meta-invest.ru
O15 - ESC Trusted Zone: http://fgis.minregion.ru
O15 - ESC Trusted Zone: http://market.zakupki.mos.ru
O15 - ESC Trusted Zone: http://etp.mse.ru
O15 - ESC Trusted Zone: http://*.nsso.ru
O15 - ESC Trusted Zone: http://*.otc-finance.ru
O15 - ESC Trusted Zone: http://*.otc-region.ru
O15 - ESC Trusted Zone: http://*.otc-tender.ru
O15 - ESC Trusted Zone: http://*.otc.ru
O15 - ESC Trusted Zone: http://*.pfotender.ru
O15 - ESC Trusted Zone: http://etp.roseltorg.ru
O15 - ESC Trusted Zone: http://*.roseltorg.ru
O15 - ESC Trusted Zone: http://*.rts-tender.ru
O15 - ESC Trusted Zone: http://*.setonline.ru
O15 - ESC Trusted Zone: http://supply.severstal.com
O15 - ESC Trusted Zone: http://*.sibfotender.ru
O15 - ESC Trusted Zone: http://*.ufotender.ru
O15 - ESC Trusted Zone: http://*.urfotender.ru
O15 - ESC Trusted Zone: http://*.utender.ru