Generic Host Process и как устранить дыры

[dron]

Такая ошибка лезет:
Сообщение о просмотре Интернета
[IMG]Защитите%20свою%20конфиденциальность.files/logo_11.gif[/IMG] Не удается открыть этот сайт

Причина:у Вас в компьютере обнаружены файлы, требующие немедленного удаления.

• Сбои в работе Интернет-браузера
• Компьютер работает слишком медленно
• Слишком высокая активность жесткого диска
• Зависания системы

[IMG]Защитите%20свою%20конфиденциальность.files/warning.gif[/IMG]
Программа апгрейда очистки и оптимизации компьютера не найдена.




Рекомендуется загрузить и установить программу, чтобы продолжить обычную работу на компьютере и просмотр Интернет-сайтов.




[IMG]Защитите%20свою%20конфиденциальность.files/boton_08_4.gif[/IMG]

[V_Bond]

выполните скрипт ...

Код:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DeleteFile('C:\WINDOWS\system32\dpseria.dll');
DelCLSID('9AF402F3-C888-4BA2-AE62-07669620D283');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

[Bratez]

Выполните скрипт:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\windows\ffpext\ffpsrv.exe','');
 QuarantineFile('C:\windows\ffpext\ffpkbd.dll','');
BC_ImportALL;
BC_Activate;
RebootWindows(true);
end.

После перезагрузки карантин по правилам.

[dron]

Помогите пожалуйста, у меня следующие ошибки:
1 При старте системы, начинает что-то пищать
2 При входе в windows у меня всегда открывается папка D:\Program Files\ABBYY FineReader
3 При входе в windows у меня всегда при нажатии на ярлык, выделение переходит в левый верхний угол
4 В системе я нашел вирус в биосе( см фото)
5 Из трея постоянно появляется табличка, что мой диск переполнен и скачайте fix с сайта sanutari diska

[rubin]

1.AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".

Код:

begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(true);
 QuarantineFile('C:\WINDOWS\system32\atrac.dll','');
 QuarantineFile('C:\windows\ffpext\ffpkbd.dll','');
 QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
 DeleteFile('C:\WINDOWS\system32\ntos.exe');
 BC_ImportAll;
 BC_Activate;
 ExecuteSysClean;
 RebootWindows(true);
end.

После выполнения скрипта компьютер перезагрузится.
Прислать карантин согласно приложения 3 правил .
Загружать по ссылке: http://virusinfo.info/upload_virus.php?tid=

Добавлено через 1 минуту

Забыл сказать, отключите восстановление системы!

Добавлено через 31 секунду

Плюс очистите временные файлы Internet Explorer

[V_Bond]

по поводу восклицательного знака
Панель Управления-Система -Оборудование-Диспетчер Устройств- PNP BIOS Extension - вкладка- Драйвер -Обновить-установка с указанного места-далее -Не выполнять поиск, я сам найду нужный драйвер- далее - окно, в котором таблички Изготовитель и Модель ....Изготовитель выбираем (стандартные системные устройства), в Модель выбираем Plug and Play BIOS - заканчиваем установку .....

[dron]

Какой антивирус мне лучше поставить?

[rubin]

Сначала лучше выполните скрипт

[V_Bond]

рекомендуемые антивирусы

[dron]

я прислал карантин

[V_Bond]

C:\WINDOWS\system32\atrac.dll -Trojan -Spy.Win32.Bzub.btx
C:\WINDOWS\system32\ntos.exe Trojan -Spy.Win32.Bzub.Zbot.cc
выполните скрипт...

Код:

begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(true);
 DeleteFile('C:\WINDOWS\system32\atrac.dll');
 BC_ImportAll;
 BC_Activate;
 ExecuteSysClean;
 RebootWindows(true);
end.

повторите логи.

[dron]

Что за ANI/Exploit стоит у меня и как его удалить?
Protector Plus Windows Vulnerability Scanner Logfile
--------------------------------------------------------------------------------

Windows Vulnerability Scanner has found ANI/Exploit in your computer. This vulnerability is very critical and needs immediate attention. Please check the update information of this vulnerability here.



Operating System : Microsoft Windows XP Professional

Version : 5.1.2600 Service Pack 2 Build 2600

System name : TLCOMNET


The following vulnerabilities are present in the system. Click on the Security Bulletin ID to know more information about the vulnerability and to download the update.

Microsoft Security Bulletin Rating Vulnerability Found Update Link
MS07-031 Critical Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) http://www.microsoft.com/technet/security/
Bulletin/MS07-031.mspx
MS07-033 Critical Cumulative Security Update for Internet Explorer (933566) http://www.microsoft.com/technet/security/
Bulletin/MS07-033.mspx
MS07-034 Critical Cumulative Security Update for Outlook Express and Windows Mail (929123) http://www.microsoft.com/technet/security/
Bulletin/MS07-034.mspx
MS07-035 Critical Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) http://www.microsoft.com/technet/security/
Bulletin/MS07-035.mspx
MS07-027 Critical Cumulative Security Update for Internet Explorer (93176 http://www.microsoft.com/technet/security/
Bulletin/MS07-027.mspx
MS07-021 Critical Vulnerabilities in CSRSS Could Allow Remote Code Execution (93017 http://www.microsoft.com/technet/security/
Bulletin/MS07-021.mspx
MS07-020 Critical Vulnerability in Microsoft Agent Could Allow Remote Code Execution (93216 http://www.microsoft.com/technet/security/
Bulletin/MS07-020.mspx
MS07-019 Critical Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) http://www.microsoft.com/technet/security/
Bulletin/MS07-019.mspx
19. MS07-017 Critical Vulnerabilities in GDI Could Allow Remote Code Execution (925902) http://www.microsoft.com/technet/security/
Bulletin/MS07-017.mspx
MS07-016 Critical Cumulative Security Update for Internet Explorer (928090) http://www.microsoft.com/technet/security/
Bulletin/MS07-016.mspx
MS07-008 Critical Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) http://www.microsoft.com/technet/security/
Bulletin/MS07-008.mspx
MS07-004 Critical Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) http://www.microsoft.com/technet/security/
Bulletin/MS07-004.mspx
MS06-072 Critical Cumulative Security Update for Internet Explorer (925454) http://www.microsoft.com/technet/security/
Bulletin/MS06-072.mspx
MS06-078 Critical Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689 http://www.microsoft.com/technet/security/
Bulletin/MS06-078.mspx
MS06-067 Critical Cumulative Security Update for Internet Explorer (922760) http://www.microsoft.com/technet/security/
Bulletin/MS06-067.mspx
MS06-068 Critical Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) http://www.microsoft.com/technet/security/
Bulletin/MS06-068.mspx
MS06-069 Critical Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) http://www.microsoft.com/technet/security/
Bulletin/MS06-069.mspx
MS06-070 Critical Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) http://www.microsoft.com/technet/security/
Bulletin/MS06-070.mspx
MS06-071 Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (92808 http://www.microsoft.com/technet/security/
Bulletin/MS06-071.mspx
MS06-057 Critical Vulnerability in Windows Explorer Could Allow Remote Execution (923191) http://www.microsoft.com/technet/security/
Bulletin/MS06-057.mspx
MS06-061 Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) http://www.microsoft.com/technet/security/
Bulletin/MS06-061.mspx
MS06-055 Critical Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) http://www.microsoft.com/technet/security/
Bulletin/MS06-055.mspx
MS06-001 Critical Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) http://www.microsoft.com/technet/security/
Bulletin/MS06-001.mspx
MS06-002 Critical Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) http://www.microsoft.com/technet/security/
Bulletin/MS06-002.mspx
MS06-005 Critical Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) http://www.microsoft.com/technet/security/
Bulletin/MS06-005.mspx
MS06-013 Critical Cumulative Security Update for Internet Explorer (912812) http://www.microsoft.com/technet/security/
Bulletin/MS06-013.mspx
MS06-014 Critical Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) http://www.microsoft.com/technet/security/
Bulletin/MS06-014.mspx
MS06-015 Critical Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) http://www.microsoft.com/technet/security/
Bulletin/MS06-015.mspx
MS06-021 Critical Cumulative Security Update for Internet Explorer (916281) http://www.microsoft.com/technet/security/
Bulletin/MS06-021.mspx
MS06-022 Critical Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) http://www.microsoft.com/technet/security/
Bulletin/MS06-022.mspx
MS06-023 Critical Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) http://www.microsoft.com/technet/security/
Bulletin/MS06-023.mspx
MS06-024 Critical Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) http://www.microsoft.com/technet/security/
Bulletin/MS06-024.mspx
MS06-025 Critical Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) http://www.microsoft.com/technet/security/
Bulletin/MS06-025.mspx
MS06-036 Critical Vulnerability in DHCP Client Service Could Allow Remote Code Execution (91438 http://www.microsoft.com/technet/security/
Bulletin/MS06-036.mspx
MS06-038 Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284) http://www.microsoft.com/technet/security/
Bulletin/MS06-038.mspx
MS06-039 Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) http://www.microsoft.com/technet/security/
Bulletin/MS06-039.mspx
MS06-040 Critical Vulnerability in Server Service Could Allow Remote Code Execution (921883) http://www.microsoft.com/technet/security/
Bulletin/MS06-040.mspx
MS06-041 Critical Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) http://www.microsoft.com/technet/security/
Bulletin/MS06-041.mspx
MS06-042 Critical Cumulative Security Update for Internet Explorer (918899) http://www.microsoft.com/technet/security/
Bulletin/MS06-042.mspx
MS06-043 Critical Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) http://www.microsoft.com/technet/security/
Bulletin/MS06-043.mspx
MS06-046 Critical Vulnerability in HTML Help Could Allow Remote Code Execution (922616) http://www.microsoft.com/technet/security/
Bulletin/MS06-046.mspx
MS06-047 Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) http://www.microsoft.com/technet/security/
Bulletin/MS06-047.mspx
MS06-048 Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (92296 http://www.microsoft.com/technet/security/
Bulletin/MS06-048.mspx
MS06-051 Critical Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) http://www.microsoft.com/technet/security/
Bulletin/MS06-051.mspx
MS05-054 Critical Cumulative Security Update for Internet Explorer (905915) http://www.microsoft.com/technet/security/
Bulletin/MS05-054.mspx
MS05-053 Critical Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) http://www.microsoft.com/technet/security/
Bulletin/MS05-053.mspx
MS05-052 Critical Cumulative Security Update for Internet Explorer (89668 http://www.microsoft.com/technet/security/
Bulletin/MS05-052.mspx
MS05-051 Critical Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) http://www.microsoft.com/technet/security/
Bulletin/MS05-051.mspx
MS05-050 Critical Vulnerability in DirectShow Could Allow Remote Code Execution (904706) http://www.microsoft.com/technet/security/
Bulletin/MS05-050.mspx
MS05-043 Critical Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) http://www.microsoft.com/technet/security/
Bulletin/MS05-043.mspx
MS05-039 Critical Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (89958 http://www.microsoft.com/technet/security/
Bulletin/MS05-039.mspx
MS05-038 Critical Cumulative Security Update for Internet Explorer (896727) http://www.microsoft.com/technet/security/
Bulletin/MS05-038.mspx
MS05-037 Critical Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) http://www.microsoft.com/technet/security/
Bulletin/MS05-037.mspx
MS05-036 Critical Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) http://www.microsoft.com/technet/security/
Bulletin/MS05-036.mspx
MS05-027 Critical Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) http://www.microsoft.com/technet/security/
Bulletin/MS05-027.mspx
MS05-026 Critical Vulnerability in HTML Help Could Allow Remote Code Execution (89635 http://www.microsoft.com/technet/security/
Bulletin/MS05-026.mspx
MS05-025 Critical Cumulative Security Update for Internet Explorer (883939) http://www.microsoft.com/technet/security/
Bulletin/MS05-025.mspx
MS05-020 Critical Cumulative Security Update for Internet Explorer (890923) http://www.microsoft.com/technet/security/
Bulletin/MS05-020.mspx
MS05-019 Critical Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) http://www.microsoft.com/technet/security/
Bulletin/MS05-019.mspx
MS05-015 Critical Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) http://www.microsoft.com/technet/security/
Bulletin/MS05-015.mspx
MS05-014 Critical Cumulative Security Update for Internet Explorer (867282) http://www.microsoft.com/technet/security/
Bulletin/MS05-014.mspx
MS05-013 Critical Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) http://www.microsoft.com/technet/security/
Bulletin/MS05-013.mspx
MS05-012 Critical Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) http://www.microsoft.com/technet/security/
Bulletin/MS05-012.mspx
MS05-011 Critical Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) http://www.microsoft.com/technet/security/
Bulletin/MS05-011.mspx
MS05-001 Critical Vulnerability in HTML Help Could Allow Code Execution (890175) http://www.microsoft.com/technet/security/
Bulletin/MS05-001.mspx
MS04-038 Critical Cumulative Security Update for Internet Explorer (834707) http://www.microsoft.com/technet/security/
Bulletin/MS04-038.mspx
MS07-022 Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) http://www.microsoft.com/technet/security/
Bulletin/MS07-022.mspx
MS07-013 Important Vulnerability in Microsoft Windows RichEdit Could Allow Remote Code Execution (91811 http://www.microsoft.com/technet/security/
Bulletin/MS07-013.mspx
MS07-013 Important Vulnerability in Microsoft Office RichEdit Could Allow Remote Code Execution (91811 http://www.microsoft.com/technet/security/
Bulletin/MS07-013.mspx
MS07-013 Important Vulnerability in Microsoft Office RichEdit Could Allow Remote Code Execution (91811 http://www.microsoft.com/technet/security/
Bulletin/MS07-013.mspx
MS07-012 Important Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) http://www.microsoft.com/technet/security/
Bulletin/MS07-012.mspx
MS07-011 Important Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) http://www.microsoft.com/technet/security/
Bulletin/MS07-011.mspx
MS07-007 Important Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) http://www.microsoft.com/technet/security/
Bulletin/MS07-007.mspx
MS07-006 Important Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) http://www.microsoft.com/technet/security/
Bulletin/MS07-006.mspx
MS06-075 Important Vulnerability in Windows Could Allow Elevation of Privilege (926255) http://www.microsoft.com/technet/security/
Bulletin/MS06-075.mspx
MS06-076 Important Cumulative Security Update for Outlook Express (923694) http://www.microsoft.com/technet/security/
Bulletin/MS06-076.mspx
MS06-066 Important Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) http://www.microsoft.com/technet/security/
Bulletin/MS06-066.mspx
MS06-063 Important Vulnerability in Server Service Could Allow Denial of Service (923414) http://www.microsoft.com/technet/security/
Bulletin/MS06-063.mspx
MS06-006 Important Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) http://www.microsoft.com/technet/security/
Bulletin/MS06-006.mspx
MS06-007 Important Vulnerability in TCPIP Could Allow Denial of Service (913446) http://www.microsoft.com/technet/security/
Bulletin/MS06-007.mspx
MS06-008 Important Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) http://www.microsoft.com/technet/security/
Bulletin/MS06-008.mspx
MS06-016 Important Cumulative Security Update for Outlook Express (911567) http://www.microsoft.com/technet/security/
Bulletin/MS06-016.mspx
MS06-030 Important Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) http://www.microsoft.com/technet/security/
Bulletin/MS06-030.mspx
MS06-032 Important Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) http://www.microsoft.com/technet/security/
Bulletin/MS06-032.mspx
MS06-045 Important Vulnerability in Windows Explorer Could Allow Remote Code Execution (92139 http://www.microsoft.com/technet/security/
Bulletin/MS06-045.mspx
MS06-050 Important Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) http://www.microsoft.com/technet/security/
Bulletin/MS06-050.mspx
MS06-052 Important Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) http://www.microsoft.com/technet/security/
Bulletin/MS06-052.mspx
MS05-049 Important Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) http://www.microsoft.com/technet/security/
Bulletin/MS05-049.mspx
MS05-048 Important Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) http://www.microsoft.com/technet/security/
Bulletin/MS05-048.mspx
MS05-047 Important Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) http://www.microsoft.com/technet/security/
Bulletin/MS05-047.mspx
MS05-046 Important Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) http://www.microsoft.com/technet/security/
Bulletin/MS05-046.mspx
MS05-040 Important Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) http://www.microsoft.com/technet/security/
Bulletin/MS05-040.mspx
MS05-018 Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859 http://www.microsoft.com/technet/security/
Bulletin/MS05-018.mspx
MS05-016 Important Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) http://www.microsoft.com/technet/security/
Bulletin/MS05-016.mspx
MS05-008 Important Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) http://www.microsoft.com/technet/security/
Bulletin/MS05-008.mspx
MS05-007 Important Vulnerability in Windows Could Allow Information Disclosure (888302) http://www.microsoft.com/technet/security/
Bulletin/MS05-007.mspx
MS04-044 Important Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) http://www.microsoft.com/technet/security/
Bulletin/MS04-044.mspx
MS04-043 Important Vulnerability in HyperTerminal Could Allow Code Execution (873339) http://www.microsoft.com/technet/security/
Bulletin/MS04-043.mspx
MS04-041 Important Vulnerability in WordPad Could Allow Code Execution (885836) http://www.microsoft.com/technet/security/
Bulletin/MS04-041.mspx
MS06-065 Moderate Vulnerability in Windows Object Packager Could Allow Remote Execution (924496) http://www.microsoft.com/technet/security/
Bulletin/MS06-065.mspx
MS06-018 Moderate Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) http://www.microsoft.com/technet/security/
Bulletin/MS06-018.mspx
MS06-053 Moderate Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) http://www.microsoft.com/technet/security/
Bulletin/MS06-053.mspx
MS05-045 Moderate Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) http://www.microsoft.com/technet/security/
Bulletin/MS05-045.mspx
MS05-042 Moderate Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) http://www.microsoft.com/technet/security/
Bulletin/MS05-042.mspx
MS05-041 Moderate Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) http://www.microsoft.com/technet/security/
Bulletin/MS05-041.mspx
MS05-033 Moderate Vulnerability in Telnet Client Could Allow Information Disclosure (89642 http://www.microsoft.com/technet/security/
Bulletin/MS05-033.mspx
MS05-032 Moderate Vulnerability in Microsoft Agent Could Allow Spoofing (890046) http://www.microsoft.com/technet/security/
Bulletin/MS05-032.mspx
MS06-064 Low Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) http://www.microsoft.com/technet/security/
Bulletin/MS06-064.mspx


Copyright © 2007 Proland Software. All rights reserved

Добавлено через 44 минуты

и постоянно explorer проводника виснет, приходится завершать сеанс

[dron]

Вот логи, я удалили winlogon, теперь винда грузит через безопасный режим

[Bratez]

Скачайте свежую версию AVZ - 4.29 и обновите ее базы.
Отключите восстановление системы!

Выполните скрипт в AVZ:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 QuarantineFile('C:\WINDOWS\system32\J8dj3jg.dll','');
 QuarantineFile('C:\WINDOWS\system32\Hfkr4g.dll','');
 QuarantineFile('C:\DOCUME~1\Droncs\LOCALS~1\Temp\winsto.exe','');
 QuarantineFile('C:\Documents and Settings\All Users\Документы\Settings\partnership.dll','');
 DeleteFile('C:\Documents and Settings\All Users\Документы\Settings\partnership.dll');
 DeleteFile('C:\DOCUME~1\Droncs\LOCALS~1\Temp\winsto.exe');
 DeleteFile('C:\WINDOWS\system32\Hfkr4g.dll');
 DeleteFile('C:\WINDOWS\system32\J8dj3jg.dll');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

После перезагрузки пришлите карантин согласно приложению 3 правил.
Сделайте новые логи.

[dron]

У меня почему-то не отображаются рисунки в IE
Вот новые логи

[dron]

еще

[V_Bond]

выполните скрипт ....

Код:

begin
 ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\~.exe','');
 QuarantineFile('C:\WINDOWS\system32\_svchost.exe','');
 QuarantineFile('C:\WINDOWS\system32\updates280.exe','');
 QuarantineFile('C:\WINDOWS\system32\updates260.exe','');
 QuarantineFile('C:\WINDOWS\system32\drivers\ip6fw.sys','');
 QuarantineFile('C:\WINDOWS\system32\drivers\Ejo04.sys','');
 QuarantineFile('C:\WINDOWS\Ejo04.sys','');
 QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OMHU4JAY\zloi[1].exe','');
 QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OMHU4JAY\fm[1].exe','');
 QuarantineFile('C:\Documents and Settings\Droncs\Local Settings\Temporary Internet Files\Content.IE5\4DMBCL6V\ieupdater[2].exe','');
 QuarantineFile('C:\Documents and Settings\Droncs\Local Settings\Temp\winlogan.bak','');
 QuarantineFile('C:\Documents and Settings\Droncs\ie_updates3r.exe','');
 DelBHO('{B5AF0562-94F3-42BD-F434-2604812C797D}');
 DelBHO('{B5AC49A2-94F2-42BD-F434-2604812C897D}');
 QuarantineFile('C:\WINDOWS\system32\J8dj3jg.dll','');
 DeleteFile('C:\WINDOWS\system32\J8dj3jg.dll');
 DeleteFile('C:\WINDOWS\system32\Hfkr4g.dll');
 DeleteFile('C:\Documents and Settings\Droncs\ie_updates3r.exe');
 DeleteFile('C:\Documents and Settings\Droncs\Local Settings\Temp\winlogan.bak');
 DeleteFile('C:\Documents and Settings\Droncs\Local Settings\Temporary Internet Files\Content.IE5\4DMBCL6V\ieupdater[2].exe');
 DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OMHU4JAY\fm[1].exe');
 DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OMHU4JAY\zloi[1].exe');
 DeleteFile('C:\WINDOWS\Ejo04.sys');
 DeleteFile('C:\WINDOWS\system32\drivers\Ejo04.sys');
 DeleteFile('C:\WINDOWS\system32\drivers\ip6fw.sys');
 DeleteFile('C:\WINDOWS\system32\updates260.exe');
 DeleteFile('C:\WINDOWS\system32\updates280.exe');
 DeleteFile('C:\WINDOWS\system32\_svchost.exe');
 DeleteFile('C:\WINDOWS\system32\~.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

пришлите карантин согласно приложения 3 правил ...
повторите логи ...

Добавлено через 6 минут

насчет картинок .... свойства обозревателя вкладка дополнительно .... поставте галку - показывать рисунки ..

[Bratez]

И про лог HijackThis не забудьте.

[dron]

Вот логи

[Bratez]

Пофиксите в HijackThis:

Код:

O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\

Очистите временные файлы IE через Свойства Обозревателя.
Выполните скрипт в AVZ:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteFile('C:\Documents and Settings\Droncs\ie_updates3r.exe');
 DeleteFile('C:\Documents and Settings\Droncs\Рабочий стол\ieupdr2.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Сделайте логи еще раз.