Нда... знатный зверинец, давненько такого не видел
Пофиксите в HijackThis то что указано в сообщении #3.
Выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\drivers\Winrx38.sys','');
QuarantineFile('C:\WINDOWS\system32\dllgh8jkd1q6.exe','');
QuarantineFile('C:\WINDOWS\system32\dllgh8jkd1q5.exe','');
QuarantineFile('C:\WINDOWS\system32\dllgh8jkd1q2.exe','');
QuarantineFile('C:\WINDOWS\system32\dllgh8jkd1q1.exe','');
QuarantineFile('c:\windows\system32\win_66.dll','');
QuarantineFile('c:\autoex.dll','');
QuarantineFile('C:\WINDOWS\nldfmtappdm.dll','');
QuarantineFile('C:\WINDOWS\system32\158117\158117.dll','');
QuarantineFile('C:\WINDOWS\system32\ipv6monl.dll','');
QuarantineFile('C:\Program Files\Common Files\Microsoft Shared\syscts.exe','');
QuarantineFile('C:\WINDOWS\winlogon.exe','');
QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
QuarantineFile('C:\WINDOWS\system32\amvo.exe','');
QuarantineFile('C:\WINDOWS\pxgdslro.dll','');
QuarantineFile('C:\WINDOWS\herjek.exe','');
QuarantineFile('C:\Program Files\Common Files\System\soundmgr.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\cftmon.exe','');
QuarantineFile('C:\Documents and Settings\Admin\cftmon.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrx38.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\lqV51.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxd38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Dim72.sys','');
QuarantineFile('c:\windows\system32\mbdis.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\spools.exe','');
QuarantineFile('C:\WINDOWS\system32\Drivers\Winxd38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ocke34.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\khlkki.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\Dim72.sys','');
QuarantineFile('C:\WINDOWS\system32\win_66.dll','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\System32\drivers\svchost.exe','');
QuarantineFile('C:\WINDOWS\gnowmebk.dll','');
QuarantineFile('C:\Documents and Settings\Admin\ie_updates3r.exe','');
DeleteFile('C:\Documents and Settings\Admin\ie_updates3r.exe');
DeleteFile('C:\WINDOWS\gnowmebk.dll');
DeleteFile('C:\WINDOWS\System32\drivers\svchost.exe');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\win_66.dll');
DeleteFile('C:\WINDOWS\system32\Drivers\Dim72.sys');
DeleteFile('C:\WINDOWS\system32\drivers\khlkki.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ocke34.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\Winxd38.sys');
DeleteFile('C:\WINDOWS\system32\drivers\spools.exe');
DeleteFile('c:\windows\system32\mbdis.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Dim72.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxd38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\lqV51.sys');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrx38.sys');
DeleteFile('C:\Documents and Settings\Admin\cftmon.exe');
DeleteFile('C:\Documents and Settings\LocalService\cftmon.exe');
DeleteFile('C:\Program Files\Common Files\System\soundmgr.exe');
DeleteFile('C:\WINDOWS\herjek.exe');
DeleteFile('C:\WINDOWS\pxgdslro.dll');
DeleteFile('C:\WINDOWS\system32\amvo.exe');
DeleteFile('C:\WINDOWS\system32\ntos.exe');
DeleteFile('C:\WINDOWS\winlogon.exe');
DeleteFile('C:\Program Files\Common Files\Microsoft Shared\syscts.exe');
DeleteFile('C:\WINDOWS\system32\ipv6monl.dll');
DeleteFile('C:\WINDOWS\system32\158117\158117.dll');
DeleteFile('C:\WINDOWS\nldfmtappdm.dll');
DeleteFile('c:\autoex.dll');
DeleteFile('c:\windows\system32\win_66.dll');
DeleteFile('C:\WINDOWS\system32\dllgh8jkd1q1.exe');
DeleteFile('C:\WINDOWS\system32\dllgh8jkd1q2.exe');
DeleteFile('C:\WINDOWS\system32\dllgh8jkd1q5.exe');
DeleteFile('C:\WINDOWS\system32\dllgh8jkd1q6.exe');
DeleteFile('C:\WINDOWS\system32\drivers\Winrx38.sys');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('Google Online Services');
BC_DeleteSvc('mnmsrvcwmiapsrv');
BC_DeleteSvc('Schedule');
BC_DeleteSvc('windows internet security');
BC_DeleteSvc('aic32p');
BC_DeleteSvc('dim72');
BC_DeleteSvc('Winxd38');
BC_DeleteSvc('asc3550p');
BC_DeleteSvc('bdfdll');
BC_DeleteSvc('lqv51');
BC_DeleteSvc('tcpsr');
BC_DeleteSvc('Winrx38');
BC_DeleteSvc('ocke34');
BC_Activate;
DelBHO('{F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2}');
DelBHO('{81dbab16-ca34-c433-be80-11e6692428a8}');
DelBHO('{72976A08-625C-41C1-AD59-780F96CC2473}');
DelBHO('{427B1FD8-2123-4334-A7D8-7A497363914B}');
DelBHO('{36DBC179-A19F-48F2-B16A-6A3E19B42A87}');
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил
(загружать тут: http://virusinfo.info/upload_virus.php?tid=24965).
Сделайте новые логи, начиная с п.10 правил.