[thyrex]

Удалите в МВАМ только указанные ниже записи

Код:

Заражённые ключи в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> No action taken.

Заражённые параметры в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> No action taken.

Объекты реестра заражены:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-7303178566-1651700290-560048715-2555\winmap32.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\usrinit.exe) Good: (Userinit.exe) -> No action taken.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Заражённые папки:
c:\documents and settings\localservice\application data\wsnpoem (Trojan.Agent) -> No action taken.
c:\documents and settings\networkservice\application data\wsnpoem (Trojan.Agent) -> No action taken.
c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0851 (Trojan.Agent) -> No action taken.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Заражённые файлы:
c:\documents and settings\Admin\local settings\application data\myvrmfcax\htmlayout.dll (Spyware.OnlineGames) -> No action taken.
c:\documents and settings\localservice\application data\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\networkservice\application data\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.