remote manipulator system сами устанавливали?
CinemaPro-1.5cV07.01 удалите через Установку программ
Выполните скрипт в AVZ
Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Val\AppData\Roaming\Dorrible\Ribble\d.exe','');
QuarantineFile('C:\Users\Val\AppData\Roaming\FEJM.exe','');
QuarantineFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-7.exe','');
QuarantineFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-6.exe','');
QuarantineFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-5.exe','');
QuarantineFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-3.exe','');
QuarantineFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-2.exe','');
QuarantineFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-11.exe','');
QuarantineFile('C:\Program Files\CinemaPro-1.5cV07.01\CinemaPro-1.5cV07.01-codedownloader.exe','');
QuarantineFile('C:\Program Files\Kino-Filmov.Net\tbKino.dll','');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Program Files\Google\chrome.bat','');
QuarantineFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','');
QuarantineFile('C:\Program Files\Brass Search\bin\utilBrassSearch.exe','');
QuarantineFile('C:\Program Files\Media Saver\Basement\ExtensionUpdaterService.exe','');
QuarantineFile('C:\Program Files\Brass Search\updateBrassSearch.exe','');
QuarantineFile('C:\ProgramData\IePluginServices\PluginService.exe','');
DeleteService('WindowsMangerProtect');
DeleteService('Util Brass Search');
DeleteService('Update Service for Media Saver');
DeleteService('Update Brass Search');
DeleteService('IePluginServices');
DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
DeleteFile('C:\Program Files\Brass Search\updateBrassSearch.exe','32');
DeleteFile('C:\Program Files\Media Saver\Basement\ExtensionUpdaterService.exe','32');
DeleteFile('C:\Program Files\Brass Search\bin\utilBrassSearch.exe','32');
DeleteFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','32');
DeleteFile('C:\Program Files\Google\chrome.bat','32');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Program Files\CinemaPro-1.5cV07.01\CinemaPro-1.5cV07.01-codedownloader.exe','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-1.job','32');
DeleteFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-11.exe','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-11.job','32');
DeleteFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-2.exe','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-2.job','32');
DeleteFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-3.exe','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-3.job','32');
DeleteFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-5.exe','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-5.job','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-5_user.job','32');
DeleteFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-6.exe','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-6.job','32');
DeleteFile('C:\Program Files\CinemaPro-1.5cV07.01\18c8d546-1806-451c-882e-61fd1f085965-7.exe','32');
DeleteFile('C:\Windows\Tasks\18c8d546-1806-451c-882e-61fd1f085965-7.job','32');
DeleteFile('C:\Users\Val\AppData\Roaming\FEJM.exe','32');
DeleteFile('C:\Windows\Tasks\FEJM.job','32');
DeleteFile('C:\Windows\system32\Tasks\18c8d546-1806-451c-882e-61fd1f085965-1','32');
DeleteFile('C:\Windows\system32\Tasks\18c8d546-1806-451c-882e-61fd1f085965-11','32');
DeleteFile('C:\Windows\system32\Tasks\18c8d546-1806-451c-882e-61fd1f085965-2','32');
DeleteFile('C:\Windows\system32\Tasks\18c8d546-1806-451c-882e-61fd1f085965-3','32');
DeleteFile('C:\Windows\system32\Tasks\18c8d546-1806-451c-882e-61fd1f085965-5','32');
DeleteFile('C:\Windows\system32\Tasks\18c8d546-1806-451c-882e-61fd1f085965-6','32');
DeleteFile('C:\Windows\system32\Tasks\18c8d546-1806-451c-882e-61fd1f085965-7','32');
DeleteFile('C:\Windows\system32\Tasks\Ribble','32');
DeleteFile('C:\Users\Val\AppData\Roaming\Dorrible\Ribble\d.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин вверху темы
Пофиксите в HiJack
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419459285&from=cor&uid=ST500DM002-1BD142_Z2ATXPRMXXXXZ2ATXPRM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=e0f684fcd6e54a932703cafaed1df59f&text={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hi.ru/search/?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hi.ru/?10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419459285&from=cor&uid=ST500DM002-1BD142_Z2ATXPRMXXXXZ2ATXPRM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419459285&from=cor&uid=ST500DM002-1BD142_Z2ATXPRMXXXXZ2ATXPRM&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1419459285&from=cor&uid=ST500DM002-1BD142_Z2ATXPRMXXXXZ2ATXPRM&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1419459285&from=cor&uid=ST500DM002-1BD142_Z2ATXPRMXXXXZ2ATXPRM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=e0f684fcd6e54a932703cafaed1df59f&text=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=e0f684fcd6e54a932703cafaed1df59f&text=
O2 - BHO: Kino-Filmov.Net Toolbar - {1a894269-562d-459e-b17e-efd8de428e41} - C:\Program Files\Kino-Filmov.Net\tbKino.dll (file missing)
O2 - BHO: Shopping App by Ask BHO - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" (file missing)
O3 - Toolbar: Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" (file missing)
O3 - Toolbar: Kino-Filmov.Net Toolbar - {1a894269-562d-459e-b17e-efd8de428e41} - C:\Program Files\Kino-Filmov.Net\tbKino.dll (file missing)
O13 - DefaultPrefix: http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=e0f684fcd6e54a932703cafaed1df59f&text=
Сделайте новые логи
Сделайте логи RSIT
Сделайте лог CheckBrowserLnk