Пофиксите в HiJack
Код:
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe nxxd.pio jgtgk
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [NTFS_ext_drv] \\?\globalroot\systemroot\system32\ntfs_ext7.exe
O4 - HKLM\..\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv681258717982.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [photo_id] C:\Documents and Settings\Администратор\photo_id.exe
O4 - HKCU\..\Policies\Explorer\Run: [Java Plug-in] C:\WINDOWS\system32\chknt32.exe
O4 - Startup: sysupd32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('wsctf.exe','');
QuarantineFile('\\?\globalroot\systemroot\system32\ntfs_ext7.exe','');
QuarantineFile('C:\WINDOWS\system\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\spooIsv.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('C:\WINDOWS\system32\chknt32.exe','');
QuarantineFile('C:\WINDOWS\system32\amvo.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe','');
QuarantineFile('C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Главное меню\Программы\Автозагрузка\sysupd32.exe','');
QuarantineFile('C:\WINDOWS\aekgoprn.sys','');
QuarantineFile('C:\WINDOWS\system32\nxxd.pio','');
TerminateProcessByName('c:\windows\temp\wpv681258717982.exe');
QuarantineFile('c:\windows\temp\wpv681258717982.exe','');
TerminateProcessByName('c:\windows\system32\photo_id.exe');
QuarantineFile('c:\windows\system32\photo_id.exe','');
DeleteFile('c:\windows\system32\photo_id.exe');
DeleteFile('c:\windows\temp\wpv681258717982.exe');
DeleteFile('C:\WINDOWS\aekgoprn.sys');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','photo_id');
DeleteFile('C:\Documents and Settings\Администратор\Главное меню\Программы\Автозагрузка\sysupd32.exe');
DeleteFile('C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Antivirus Pro 2010');
DeleteFile('C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','12CFG914-K641-26SF-N31P');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysgif32');
DeleteFile('C:\WINDOWS\system32\amvo.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amva');
DeleteFile('C:\WINDOWS\system32\chknt32.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Java Plug-in');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','photo_id');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
DeleteFile('C:\WINDOWS\system32\spooIsv.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Spooler SubSystem App');
DeleteFile('C:\WINDOWS\system\svchost.exe');
DeleteFile('\\?\globalroot\systemroot\system32\ntfs_ext7.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','NTFS_ext_drv');
DeleteFile('C:\WINDOWS\system32\nxxd.pio');
DeleteFile('wsctf.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wsctf.exe');
DeleteFileMask('C:\Program Files\AntivirusPro_2010', '*.*', true);
DeleteDirectory('C:\Program Files\AntivirusPro_2010');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(16);
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи + лог gmer