![]() |
не заходит на сайты антивирусов и go.microsoft
Ребят помогите.
вот логи из Gmer]
читать дальше »
GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-28 10:18:14 Windows 5.1.2600 Service Pack 2 Running: 252mzlqe.exe; Driver: C:\DOCUME~1\9335~1\LOCALS~1\Temp\kgxiypod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\CProCtrl.sys (Модуль драйвера контроля загрузки CSP/Компания Крипто-Про) ZwCreateSection [0xBA3193A0] SSDT \SystemRoot\system32\DRIVERS\CProCtrl.sys (Модуль драйвера контроля загрузки CSP/Компания Крипто-Про) ZwMapViewOfSection [0xBA3193C0] ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zuewgky <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4 1?2? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky@DisplayName Center Update Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky@Description ????????? Windows-?????????? ?????????, ???????? ?????? ? ???????? ?????, ?????????? ? ?????????. ???? ??? ?????? ???????????, ??? ??????? ?? ????????. ???? ??? ?????? ?????????, ????? ??????, ??????? ???? ??????? ?? ???, ?? ????? ???? ????????. Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\zuewgky\Parameters@ServiceDll C:\WINDOWS\system32\psrjewr.dll Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4 1?2? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky@DisplayName Center Update Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky@Description ????????? Windows-?????????? ?????????, ???????? ?????? ? ???????? ?????, ?????????? ? ?????????. ???? ??? ?????? ???????????, ??? ??????? ?? ????????. ???? ??? ?????? ?????????, ????? ??????, ??????? ???? ??????? ?? ???, ?? ????? ???? ????????. Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\zuewgky\Parameters@ServiceDll C:\WINDOWS\system32\psrjewr.dll ---- EOF - GMER 1.0.15 ---- из SDFix (report.txt)
читать дальше »
scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0" "\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zuewgky] "DisplayName"="Center Update" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"=">72>;O5B Windows-?@>3@0<<0< A>74020BL, ?>;CG0BL 4>ABC? 8 87<5=OBL D09;K, E@0=OI85AO 2 =B5@=5B5. A;8 MB0 A;C610 >AB0=>2;5=0, MB8 DC=:F88 =5 4>ABC?=K. A;8 MB0 A;C610 >B:;NG5=0, ;N1K5 A;C61K, :>B>@K5 O2=> 7028AOB >B =55, =5 <>3CB 1KBL 70?CI5=K." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zuewgky\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\psrjewr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0" "\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0" "\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zuewgky] "DisplayName"="Center Update" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"=">72>;O5B Windows-?@>3@0<<0< A>74020BL, ?>;CG0BL 4>ABC? 8 87<5=OBL D09;K, E@0=OI85AO 2 =B5@=5B5. A;8 MB0 A;C610 >AB0=>2;5=0, MB8 DC=:F88 =5 4>ABC?=K. A;8 MB0 A;C610 >B:;NG5=0, ;N1K5 A;C61K, :>B>@K5 O2=> 7028AOB >B =55, =5 <>3CB 1KBL 70?CI5=K." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zuewgky\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\psrjewr.dll" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes] "!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,"" "\37\4>\0044\0042\48\0046\4=\0040\4O\4 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursor s\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\size we.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,"" "\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\0045\4;\0040\4O\4"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\C ursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3 dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur, C:\WINDOWS\Cursors\3dwmove.cur,"" " \4C\4:\48\4 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C: \WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS \Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cu r,C:\WINDOWS\Cursors\hmove.cur,"" " \4C\4:\48\4 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.an i,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WIND OWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Curs ors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,"" "\24\48\4=\4>\0047\0040\0042\4@\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani ,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WIN DOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursor s\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,"" "\22\4 ?A\4B\0040\4@\4>\4<\4 ?A\4B\48\4;\0045\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors \barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani ,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS \Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"" "\24\48\4@\48\0046\0045\4@\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOW S\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Curso rs\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\W INDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,"" "#\0042\0045\4;\48\4G\0045\4=\4=\0040\4O\4"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lapp strt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C :\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Curso rs\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,"" "\22\0040\4@\48\0040\4F\48\48\4"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani, C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WIND OWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Curs ors\sizenesw.ani,"" "\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\4@\4>\4=\0047\4>\0042\0040\4O\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.an i,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WIN DOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursor s\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"" "'\0045\4@\4=\0040\4O\4 ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WI NDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cur sors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r .cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\ WINDOWS\cursors\up_r.cur" "'\0045\4@\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WIN DOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\c ursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\siz e4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_r m.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur" "'\0045\4@\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C :\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WIND OWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursor s\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\si ze1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur" "\30\4=\0042\0045\4@\4A\4=\0040\4O\4"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur, C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOW S\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\siz e4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cu r,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur" "\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WIN DOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\c ursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\siz e4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_i m.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur" "\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C :\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WIND OWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursor s\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\si ze1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur" "!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDO WS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursor s\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur ,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WIN DOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur" "!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\ WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\c ursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_ l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C :\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths] "\20\0044\4<\48\4=\48\4A\4B\4@\0040\4B\4>\4@\4"="C:\Documents and Settings\4<8=8AB@0B>@\>8 4>:C<5=BK" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups] "\30\0043\4@\4K\4"="!B0=40@B=K5\3@K" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices] "\20\0042\4B\4>\4 ?M?i?c?r?o?s?o?f?t? ?O?f?f?i?c?e? ?D?o?c?u?m?e?n?t? ?I?m?a?g?e? ?W?r?i?t?e?r? ?=\0040\4 ?P?R?O?M?"="winspool,Ne00:" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts] "\20\0042\4B\4>\4 ?M?i?c?r?o?s?o?f?t? ?O?f?f?i?c?e? ?D?o?c?u?m?e?n?t? ?I?m?a?g?e? ?W?r?i?t?e?r? ?=\0040\4 ?P?R?O?M?"="winspool,Ne00:,15,45" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Java\\jdk1.6.0_17\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_17\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser" "C:\\DOCUME~1\\9335~1\\LOCALS~1\\Temp\\svchost.exe"="C:\\DOCUME~1\\9335~1\\LOCALS~1\\Temp\\svchost.e xe:*:Enabled:Enabled" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:зTorrent" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 2 Mar 2006 161,712 A.SHR --- "C:\WINDOWS\system32\psrjewr.dll" Thu 28 Oct 2010 105,984 ..SHR --- "C:\Documents and Settings\Ђ¤¬Ё*Ёбва*в®а\Application Data\nlwyet.exe" Finished! |
Привет.
Сохраните приведённый ниже текст в файл cleanup.bat в ту же папку, где находится 252mzlqe.exe случайное имя утилиты (gmer) Код:
252mzlqe.exe -del service zuewgky Внимание: Компьютер перезагрузится! Сделайте новый лог gmer. Выполните рекомендации и прикрепите к следующему сообщению полученные логи. |
на проверку всё разблокировалось вирус тотал тоже.
Благодарю за оперативность. Ато работа вся встала. лог привожу ниже лог gmer после чистки:
читать дальше »
GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-28 12:21:21 Windows 5.1.2600 Service Pack 2 Running: 252mzlqe.exe; Driver: C:\DOCUME~1\9335~1\LOCALS~1\Temp\kgxiypod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\CProCtrl.sys (Модуль драйвера контроля загрузки CSP/Компания Крипто-Про) ZwCreateSection [0xBA1693A0] SSDT \SystemRoot\system32\DRIVERS\CProCtrl.sys (Модуль драйвера контроля загрузки CSP/Компания Крипто-Про) ZwMapViewOfSection [0xBA1693C0] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4 1?2? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4 1?2? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0) 1? |
Дайте еще логи АВЗ.
|
Время: 05:35. |
Время: 05:35.
© OSzone.net 2001-