Удаление вируса из загрузочного сектора, есть ли утилита? И можно ли ее запустить из под среды восстановления? (Windows 7 не запускается scan now не работает) - вопрос №2661852

Удаление вируса

Дополнение автора от 17.11.17 19:38:40

 Крупные программы не запускаются, такие как KVRT пишет пишет ОТсутствует подсистема необходимая для поддежки данного типа образа. Пробовал ввести sfc /scannow /OFFBOOTDIR=E:\ /OFFWINDIR=E:\windows  ответ не утешительный: Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log  scannow не работает/// блин как все это сложно / Alex предложил просканировать FRST 64 bit запустилась, вот логи: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2017
Ran by SYSTEM on MININT-AUSEGE0 (17-11-2017 19:00:36)
Running from F:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Английский (США)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VKSaver] => C:\ProgramData\VKSaver\VKSaver.exe [239616 2015-01-28] (AudioVkontakte.ru)
HKLM-x32\...\Run: [Adobe Flash Player SU] => C:\Windows\System32\cmd.exe /k start hxxp://3zz.info/ && exit
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe] => C:\Program Files\Java\Adobe Acrobat Update Service.exe
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe*******************************************************************************
HKLM-x32\...\Run: [WinCheck] => C:\Users\UserT\AppData\Local\wincheck\wincheck.exe
HKLM-x32\...\Run: [gmsd_ru_112] => [X]
AppInit_DLLs-x32: C:\PROGRA~3\VKSaver\vksaver3.dll => C:\ProgramData\VKSaver\vksaver3.dll [45056 2015-01-28] (AudioVkontakte.ru)
GroupPolicy: Restriction — Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-10-12] (Advanced Micro Devices, Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Корпорация Майкрософт)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2012-05-09] (Realtek Semiconductor Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Корпорация Майкрософт)
S2 9b6ed4d7; «C:\Windows\system32\rundll32.exe» «c:\Program Files (x86)\PragmaEngine\PragmaEngine.dll»,serv
S2 ASDR; C:\Windows\SysWOW64\ASDR.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-23] (Advanced Micro Devices)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-02-13] ()
S3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
S1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2011-10-27] (ASUSTeK Computer Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-02-13] ()
S0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Корпорация Майкрософт)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-12] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-12] (Microsoft Corporation)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org)
S1 prodrv06; C:\Windows\SysWOW64\drivers\prodrv06.sys [52128 2003-10-10] (Protection Technology)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [62720 2003-10-10] (Protection Technology)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [76152 2006-06-14] (Protection Technology (StarForce))
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77696 2006-06-14] (Protection Technology (StarForce))
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-11-24] (Duplex Secure Ltd.)
S1 storegidfilter; C:\Windows\storegidfilter.sys [47264 2014-06-25] (NetFilterSDK.com)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-05] (电脑管家)
S0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
S1 {56db9de0-c769-4563-8e82-7e39885bf1ad}w64; C:\Windows\System32\drivers\{56db9de0-c769-4563-8e82-7e39885bf1ad}w64.sys [48784 2015-01-27] (StdLib)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 ifcpozxy; \??\C:\Windows\system32\drivers\ifcpozxy.sys [X]
S1 klpudnyu; \??\C:\Windows\system32\drivers\klpudnyu.sys [X]
S1 lxgeznav; \??\C:\Windows\system32\drivers\lxgeznav.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-17 19:00 — 2017-11-17 19:00 — 000000000 ___DC C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Some files in TEMP:
2016-08-11 07:21 — 2016-08-11 07:21 — 078428992 _____ (YANDEX LLC) C:\Users\UserT\AppData\Local\Temp\Setup-yabrowser.exe
2016-08-18 06:03 — 2016-07-07 02:04 — 000501032 _____ (Yandex LLC) C:\Users\UserT\AppData\Local\Temp\yupdate-exec-yabrowser.exe

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
[2016-06-15 10:04] — [2016-04-08 21:53] — 003231232 _____ (Microsoft Corporation) 9DA3B83F80E205B6C601EEE1312FD0A0

[2016-06-15 10:04] — [2016-04-08 21:44] — 002973184 _____ (Microsoft Corporation) 3DA48EA028AD771C5B71727F0C3984E9

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2016-08-08 07:17

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4095.12 MB
Available physical RAM: 3408.77 MB
Total Virtual: 4093.27 MB
Available Virtual: 3398.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.5 GB) (Free:7.71 GB) NTFS
Drive e: (Новый том) (Fixed) (Total:872.92 GB) (Free:857.85 GB) NTFS
Drive f: () (Removable) (Total:7.19 GB) (Free:7.01 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Зарезервировано системой) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 293B293A)
Partition 1: (Active) — (Size=100 MB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=58.5 GB) — (Type=07 NTFS)
Partition 3: (Not Active) — (Size=872.9 GB) — (Type=07 NTFS)

Disk: 1 (Size: 7.2 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2016-08-08 01:40

==================== End of FRST.txt ============================

   Сейчас на сайтеAlex
2 ответа


LiveCD с сайта drweb сканировать надо как минимум

Глеб Черняк

Олег Николаевич

