Why you didn't read carefully our rules?
Don't attach quarantine to your posts!
Here the files that you should attach: virusinfo_syscure.zip, virusinfo_syscheck.zip, hijackthis.log
In Vista, always remember lunching all investigation tools with right click- please choose run as administrator.
Добавлено через 11 минут
For your information: Ask bar is adware.
Please execute this script in avz http://virusinfo.info/showthread.php?t=9207) (Do remember before execution scripts to exit antivirus and disconnect from internet, disable System Restore ) Lunch avz with right click every time!
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\System32\pmxscrll.dll','');
QuarantineFile('C:\Windows\system32\btmmhook.dll','');
DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
DelBHO('{3041d03e-fd4b-44e0-b742-2d9b88305f98}');
DelBHO('{201f27d4-3704-41d6-89c1-aa35e39143ed}');
DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
QuarantineFile('C:\Program Files\AskBarDis\bar\bin\askBar.dll','');
QuarantineFile('C:\Windows\system32\ICO.EXE','');
QuarantineFile('C:\Windows\system32\APOMngr.dll','');
DeleteFile('C:\Windows\system32\APOMngr.dll');
DeleteFile('C:\Program Files\AskBarDis\bar\bin\askBar.dll');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(9);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(14);
ExecuteRepair(16);
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.
After restart lunch hijack this and scan system. If you will find this lines:
Код:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC21A25-C3DC-4D38-A471-79B1A409C707}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DC1F48-2DAA-43C0-99DA-E90DA26C0AF8}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
Fix them
Please upload quarantine according to Appendix# 3 of rules by link:http://virusinfo.info/upload_virus_eng.php?tid=40437
Make a new set of logs, make sure to read carefully http://virusinfo.info/showthread.php?t=9184