Пофиксите в Hijackthis:
Код:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
Отключите компьютер от интернета, а также антивирус и/или файрвол.
Закройте все программы, выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\sdra64.exe','');
QuarantineFile('C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyf84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winye38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvb84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winua16.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winty05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrx84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqw73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpv38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winms40.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkq73.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjp84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfl38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfk62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfk27.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winch38.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ati7yexx.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ati7rwxx.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ati5uaxx.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ati5nsxx.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ati4fkxx.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ati3bgxx.sys','');
QuarantineFile('c:\windows\system32\mssrv32.exe','');
DeleteService('Winyf84');
DeleteService('Winye38');
DeleteService('Winvb84');
DeleteService('Winua16');
DeleteService('Winty05');
DeleteService('Winrx84');
DeleteService('Winqw73');
DeleteService('Winpv38');
DeleteService('Winms40');
DeleteService('Winmr05');
DeleteService('Winkq73');
DeleteService('Winjp84');
DeleteService('Winjo84');
DeleteService('Winfl38');
DeleteService('Winfk62');
DeleteService('Winfk27');
DeleteService('Winch38');
DeleteService('tcpsr');
DeleteService('ati7yexx');
DeleteService('ati7rwxx');
DeleteService('ati5uaxx');
DeleteService('ati5nsxx');
DeleteService('ati4fkxx');
DeleteService('ati3bgxx');
DeleteService('msupdate');
DeleteFile('c:\windows\system32\mssrv32.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\ati3bgxx.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ati4fkxx.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ati5nsxx.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ati5uaxx.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ati7rwxx.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ati7yexx.sys');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winch38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfk27.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfk62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfl38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjo84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjp84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkq73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winms40.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpv38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqw73.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrx84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winty05.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winua16.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvb84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winye38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyf84.sys');
DeleteFile('C:\WINDOWS\system32\sdra64.exe');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run-','XP Antispyware 2009');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32','DLLName');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(11);
ExecuteRepair(16);
ExecuteRepair(17);
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится!!!
Пришлите карантин по ссылке согласно правил Прислать запрошенный карантин вверху темы. Сделайте новые логи по правилам