Spybot - Search - деинсталировать ..
віполните скрипт ...
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{F50B3F5E-856E-4757-9BB1-B35D46CA7719}');
DelBHO('{2D8690F9-F499-467E-8B98-B427129D76B2}');
DelBHO('{11C937CA-203D-4DA4-B06C-524C0F3FAAF8}');
QuarantineFile('C:\WINDOWS\system32\wvUoOIYQ.dll','');
QuarantineFile('C:\WINDOWS\system32\svch152.dll','');
QuarantineFile('C:\WINDOWS\system32\lksdjd.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\spools.exe','');
QuarantineFile('C:\WINDOWS\kavir.exe','');
QuarantineFile('C:\WINDOWS\TEMP\682D.tmp.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\cftmon.exe','');
BC_DeleteSvc('Xvl11');
QuarantineFile('C:\WINDOWS\System32\Drivers\Xvl11.sys','');
BC_DeleteSvc('Whg11');
QuarantineFile('C:\WINDOWS\System32\Drivers\Whg11.sys','');
BC_DeleteSvc('Way44');
QuarantineFile('C:\WINDOWS\System32\Drivers\Way44.sys','');
BC_DeleteSvc('Uxg55');
QuarantineFile('C:\WINDOWS\System32\Drivers\Uxg55.sys','');
BC_DeleteSvc('Uow66');
QuarantineFile('C:\WINDOWS\System32\Drivers\Uow66.sys','');
BC_DeleteSvc('Uhw88');
QuarantineFile('C:\WINDOWS\System32\Drivers\Uhw88.sys','');
BC_DeleteSvc('Tgv77');
QuarantineFile('C:\WINDOWS\System32\Drivers\Tgv77.sys','');
BC_DeleteSvc('Rwf77');
QuarantineFile('C:\WINDOWS\System32\Drivers\Rwf77.sys','');
BC_DeleteSvc('Pcb66');
QuarantineFile('C:\WINDOWS\System32\Drivers\Pcb66.sys','');
BC_DeleteSvc('ntio922');
QuarantineFile('C:\WINDOWS\system32\Drivers\ntio922.sys','');
BC_DeleteSvc('msoft98');
QuarantineFile('C:\WINDOWS\system32\drivers\msoft98.sys','');
BC_DeleteSvc('lrito757-6a83');
QuarantineFile('C:\WINDOWS\system32\lrito757-6a83.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys','');
BC_DeleteSvc('Lfe33');
QuarantineFile('C:\WINDOWS\System32\Drivers\Lfe33.sys','');
BC_DeleteSvc('Icr77');
QuarantineFile('C:\WINDOWS\System32\Drivers\Icr77.sys','');
BC_DeleteSvc('Ick11');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ick11.sys','');
BC_DeleteSvc('Ggc55');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ggc55.sys','');
BC_DeleteSvc('Evu11');
QuarantineFile('C:\WINDOWS\System32\Drivers\Evu11.sys','');
BC_DeleteSvc('Eqg00');
QuarantineFile('C:\WINDOWS\System32\Drivers\Eqg00.sys','');
BC_DeleteSvc('Dgv33');
QuarantineFile('C:\WINDOWS\System32\Drivers\Dgv33.sys','');
BC_DeleteSvc('Chw11');
QuarantineFile('C:\WINDOWS\System32\Drivers\Chw11.sys','');
BC_DeleteSvc('Atj88');
QuarantineFile('C:\WINDOWS\System32\Drivers\Atj88.sys','');
BC_DeleteSvc('asc3550f');
QuarantineFile('asc3550f.sys','');
BC_DeleteSvc('WZCSVCupnphost');
BC_DeleteSvc('SamSsdmserver');
BC_DeleteSvc('ProtectedStorage I Service');
BC_DeleteSvc('Microsoft I Service');
BC_DeleteSvc('ImapiServiceRasAuto');
BC_DeleteSvc('Google Online Services');
BC_DeleteSvc('ClipSrvFastUserSwitchingCompatibility');
QuarantineFile('C:\WINDOWS\system32\2052m.exe','');
QuarantineFile('C:\WINDOWS\system32\cbtf522.exe','');
QuarantineFile('C:\WINDOWS\system32\_svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\adsldpi.exe','');
QuarantineFile('C:\Documents and Settings\Татьяна\ie_updates3r.exe','');
QuarantineFile('C:\WINDOWS\system32\ALSndMgrk.exe','');
QuarantineFile('C:\WINDOWS\system32\ddcBTKDt.dll','');
QuarantineFile('C:\WINDOWS\system32\WLCtrl32.dll','');
QuarantineFile('c:\autoex.dll','');
DeleteFile('c:\autoex.dll');
DeleteFile('C:\WINDOWS\system32\WLCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\ddcBTKDt.dll');
DeleteFile('C:\WINDOWS\system32\ALSndMgrk.exe');
DeleteFile('C:\Documents and Settings\Татьяна\ie_updates3r.exe');
DeleteFile('C:\WINDOWS\system32\adsldpi.exe');
DeleteFile('C:\WINDOWS\system32\_svchost.exe');
DeleteFile('C:\WINDOWS\system32\cbtf522.exe');
DeleteFile('C:\WINDOWS\system32\2052m.exe');
DeleteFile('asc3550f.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Atj88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Chw11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Dgv33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Eqg00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Evu11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ggc55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ick11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Icr77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Lfe33.sys');
DeleteFile('C:\WINDOWS\system32\lrito757-6a83.sys');
DeleteFile('C:\WINDOWS\system32\drivers\msoft98.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\ntio922.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Pcb66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Rwf77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Tgv77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Uhw88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Uow66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Uxg55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Way44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Whg11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Xvl11.sys');
DeleteFile('C:\Documents and Settings\LocalService\cftmon.exe');
DeleteFile('C:\WINDOWS\TEMP\682D.tmp.exe');
DeleteFile('C:\WINDOWS\kavir.exe');
DeleteFile('C:\WINDOWS\system32\drivers\spools.exe');
DeleteFile('C:\WINDOWS\system32\lksdjd.dll');
DeleteFile('C:\WINDOWS\system32\svch152.dll');
DeleteFile('WLCtrl32.dll');
DeleteFile('ddcBTKDt.dll');
DeleteFile('C:\WINDOWS\system32\wvUoOIYQ.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
пришлите карантин согласно приложения 3 правил ...
повторте логи ...