Проблеммы с ПО File Downloader

Здравствуйте! Появились проблемы. В автозагрузке обнаружился siszyd32.exe. Попробывал искоренить его, через день получил окно File Downloader. Откатил систему и сделал все действия по пунктам ваших правил.

1) Выполните скрипт в AVZ:
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
DeleteService('netsik');
DeleteService('ALGSwPrv');
DeleteService('AudioSrvS24EventMonitor');
DeleteService('AudioSrvWmdmPmSN');
DeleteService('CiSvcThemes');
DeleteService('dmserverdmadmin');
DeleteService('FastUserSwitchingCompatibilityMSDTC');
DeleteService('GoogleDesktopManagerMSIServer');
DeleteService('gusvcwscsvc');
DeleteService('NtLmSspSENS');
DeleteService('NVSvcEventlog');
DeleteService('RasMannavapsvc');
DeleteService('seclogonTrkWks');
DeleteService('SpoolerccEvtMgr');
QuarantineFile('C:\WINDOWS\system32\blphcgquj0eg2a.scr','');
DeleteService('Winyg64');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyg64.sys','');
DeleteService('Winyf18');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyf18.sys','');
DeleteService('Winwe53');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwe53.sys','');
DeleteService('Winvd31');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvd31.sys','');
DeleteService('Winry53');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winry53.sys','');
DeleteService('Winpa18');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpa18.sys','');
DeleteService('Winox33');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winox33.sys','');
DeleteService('Winow75');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winow75.sys','');
DeleteService('Winol10');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winol10.sys','');
DeleteService('Winnu30');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnu30.sys','');
DeleteService('Winmt42');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmt42.sys','');
DeleteService('Winls86');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winls86.sys','');
DeleteService('Winls07');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winls07.sys','');
DeleteService('Winkr41');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkr41.sys','');
DeleteService('Winiq18');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winiq18.sys','');
DeleteService('Winip86');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winip86.sys','');
DeleteService('Winhp07');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhp07.sys','');
DeleteService('Wingn86');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingn86.sys','');
DeleteService('Winfm20');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfm20.sys','');
DeleteService('Winel42');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winel42.sys','');
DeleteService('Winck18');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winck18.sys','');
DeleteService('Wincj42');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wincj42.sys','');
DeleteService('Wincj18');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wincj18.sys','');
DeleteService('Winci81');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winci81.sys','');
DeleteService('Winbi86');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbi86.sys','');
DeleteService('Winah52');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winah52.sys','');
DeleteService('Winah07');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winah07.sys','');
QuarantineFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service32.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\netsik.sys','');
DeleteFile('C:\WINDOWS\System32\Drivers\Winah07.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winah52.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbi86.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winci81.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincj18.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincj42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winck18.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winel42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfm20.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingn86.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhp07.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winip86.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winiq18.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkr41.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winls07.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winls86.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmt42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnu30.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winol10.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winow75.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winox33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpa18.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winry53.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvd31.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwe53.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyf18.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyg64.sys');
DeleteFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service32.exe');
DeleteFile('C:\WINDOWS\system32\drivers\netsik.sys');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.[/CODE]
Компьютер перезагрузится.
2) Затем выполните второй скрипт в AVZ:
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
Файл quarantine.zip из папки с AVZ закачайте по ссылке "[COLOR="Red"]прислать запрошенный карантин[/COLOR]" вверху темы.
3) Сделайте новые логи.

Здравствуйте! Все сделал.

1) Выполните скрипт в AVZ:
[CODE]Function RegKeyResetSecurityEx(ARoot, AName : string) : boolean;
var
i : integer;
KeyList : TStringList;
KeyName : string;
begin
RegKeyResetSecurity(ARoot, AName);
KeyList := TStringList.Create;
RegKeyEnumKey(ARoot, AName, KeyList);
for i := 0 to KeyList.Count-1 do
begin
KeyName := AName+'\'+KeyList[i];
RegKeyResetSecurity(ARoot, KeyName);
RegKeyResetSecurityEx(ARoot, KeyName);
end;
KeyList.Free;
end;
Function BC_ServiceKill(AServiceName : string; AIsSvcHosted : boolean = true) : byte;
var
i : integer;
KeyList : TStringList;
KeyName : string;
begin
Result := 0;
if StopService(AServiceName) then Result := Result or 1;
if DeleteService(AServiceName, not(AIsSvcHosted)) then Result := Result or 2;
KeyList := TStringList.Create;
RegKeyEnumKey('HKLM','SYSTEM', KeyList);
for i := 0 to KeyList.Count-1 do
if pos('controlset', LowerCase(KeyList[i])) > 0 then begin
KeyName := 'SYSTEM\'+KeyList[i]+'\Services\'+AServiceName;
if RegKeyExistsEx('HKLM', KeyName) then begin
Result := Result or 4;
RegKeyResetSecurityEx('HKLM', KeyName);
RegKeyDel('HKLM', KeyName);
if RegKeyExistsEx('HKLM', KeyName) then
Result := Result or 8;
end;
end;
if AIsSvcHosted then
BC_DeleteSvcReg(AServiceName)
else
BC_DeleteSvc(AServiceName);
KeyList.Free;
end;
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
BC_ServiceKill('ALGSwPrv');
BC_ServiceKill('AudioSrvS24EventMonitor');
BC_ServiceKill('AudioSrvWmdmPmSN');
BC_ServiceKill('CiSvcThemes');
BC_ServiceKill('dmserverdmadmin');
BC_ServiceKill('FastUserSwitchingCompatibilityMSDTC');
BC_ServiceKill('GoogleDesktopManagerMSIServer');
BC_ServiceKill('gusvcwscsvc');
BC_ServiceKill('NtLmSspSENS');
BC_ServiceKill('NVSvcEventlog');
BC_ServiceKill('RasMannavapsvc');
BC_ServiceKill('seclogonTrkWks');
BC_ServiceKill('SpoolerccEvtMgr');
BC_ServiceKill('WebClientAlerter');
QuarantineFile('C:\WINDOWS\system32\1031y.exe','');
DeleteFile('C:\WINDOWS\system32\1031y.exe');
DeleteFileMask('C:\Documents and Settings\Иван\Local Settings\Temp', '*.*', true);
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]
Компьютер перезагрузится.
2) Затем выполните второй скрипт в AVZ:
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
Файл quarantine.zip из папки с AVZ закачайте по ссылке "[COLOR="Red"]прислать запрошенный карантин[/COLOR]" вверху темы.
3) Сделайте новый лог virusinfo_syscure.zip + такой лог: [url]http://virusinfo.info/showthread.php?t=53070[/url]

Все сделал.

1) Выполните скрипт в AVZ:
[CODE]Function RegKeyResetSecurityEx(ARoot, AName : string) : boolean;
var
i : integer;
KeyList : TStringList;
KeyName : string;
begin
RegKeyResetSecurity(ARoot, AName);
KeyList := TStringList.Create;
RegKeyEnumKey(ARoot, AName, KeyList);
for i := 0 to KeyList.Count-1 do
begin
KeyName := AName+'\'+KeyList[i];
RegKeyResetSecurity(ARoot, KeyName);
RegKeyResetSecurityEx(ARoot, KeyName);
end;
KeyList.Free;
end;
Function BC_ServiceKill(AServiceName : string; AIsSvcHosted : boolean = true) : byte;
var
i : integer;
KeyList : TStringList;
KeyName : string;
begin
Result := 0;
if StopService(AServiceName) then Result := Result or 1;
if DeleteService(AServiceName, not(AIsSvcHosted)) then Result := Result or 2;
KeyList := TStringList.Create;
RegKeyEnumKey('HKLM','SYSTEM', KeyList);
for i := 0 to KeyList.Count-1 do
if pos('controlset', LowerCase(KeyList[i])) > 0 then begin
KeyName := 'SYSTEM\'+KeyList[i]+'\Services\'+AServiceName;
if RegKeyExistsEx('HKLM', KeyName) then begin
Result := Result or 4;
RegKeyResetSecurityEx('HKLM', KeyName);
RegKeyDel('HKLM', KeyName);
if RegKeyExistsEx('HKLM', KeyName) then
Result := Result or 8;
end;
end;
if AIsSvcHosted then
BC_DeleteSvcReg(AServiceName)
else
BC_DeleteSvc(AServiceName);
KeyList.Free;
end;
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
BC_ServiceKill('Ersvteb');
BC_ServiceKill('AudioSrvS24EventMonitoraspnet_state');
QuarantineFile('C:\WINDOWS\system32\drivers\Ersvteb.sys','');
DeleteFile('C:\WINDOWS\system32\drivers\Ersvteb.sys');
DeleteFileMask('C:\Documents and Settings\Иван\Local Settings\Temp', '*.*', true);
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]
Компьютер перезагрузится.
2) Затем выполните второй скрипт в AVZ:
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
Файл quarantine.zip из папки с AVZ закачайте по ссылке "[COLOR="Red"]прислать запрошенный карантин[/COLOR]" вверху темы.
3) Удалите в [URL="http://virusinfo.info/showpost.php?p=493584&postcount=2"][B]mbam[/B][/URL]:
[CODE]Заражено ключей реестра:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.

Заражено значений реестра:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Заражено папок:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Заражено файлов:
C:\Documents and Settings\Иван\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Иван\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.[/CODE]
4) Сделайте новый лог virusinfo_syscure.zip и mbam-log

Все сделал

Карантин отправил, было сообщение, что данный файл уже загружен. Дошел ли файл с карантином?

Выполните скрипт в AVZ
[code]begin
DeleteService('AudioSrvS24EventMonitoraspnet_state');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('AudioSrvS24EventMonitoraspnet_state');
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

Сделайте новые логи

Все сделал. Высылка карантина согласно Приложения3 не получается, пусто в поле для выбора файлов в карантин.
Сформировал файл скриптом:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end. На всякий случай добавляю.

Чисто.

+ к [B]Ingener[/B],

Прокси сервом пользуетесь ?

Спасибо большое!
Прокси-сервером не пользуюсь. С ноутбука выхожу в интернет в разных местах. В основном дома и на работе. Защищаюсь Nod 32 (ОС и Nod32 лицензия, обновляются), там есть возможность настройки и использования прокси. Советуете? Надо? Мешать сетевым подключениям не будет?

Пофиксить в HijackThis
[code]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.6.254:8080
[/code]
ПК перезагрузите.

Все сделал. Извините за долгую реакцию. Не было возможности.

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]62[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]