Пофиксите в HijackThis:
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {0C41C22F-3F2A-4052-9F24-270F805E4A6B} - (no file)
Выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\61845vB7.exe','');
QuarantineFile('C:\WINDOWS\services32.exe','');
QuarantineFile('C:\WINDOWS\sysdriver32_.exe','');
QuarantineFile('C:\Documents and Settings\Ксюша_2\Application Data\jzwmgw.exe,explorer.exe,C:\Documents and Settings\Ксюша_2\vpyu.exe','');
QuarantineFile('C:\Documents and Settings\Ксюша_2\Application Data\jzwmgw.exe','');
QuarantineFile('C:\DOCUME~1\_29820~1\LOCALS~1\Temp\8492456.exe','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\hgxqctpp.sys','');
QuarantineFile('C:\WINDOWS\sysdriver32.exe','');
QuarantineFile('C:\WINDOWS\update.1\svchost.exe','');
QuarantineFile('C:\WINDOWS\update.2\svchost.exe','');
QuarantineFile('c:\windows\sysdriver32_.exe','');
QuarantineFile('c:\windows\update.1\svchost.exe','');
QuarantineFile('c:\windows\update.2\svchost.exe','');
QuarantineFile('c:\windows\samsung\panelmgr\ssmmgr.exe','');
QuarantineFile('c:\windows\l1rezerv.exe','');
DeleteFile('c:\windows\l1rezerv.exe');
DeleteFile('c:\windows\samsung\panelmgr\ssmmgr.exe');
DeleteFile('c:\windows\update.2\svchost.exe');
DeleteFile('c:\windows\update.1\svchost.exe');
DeleteFile('c:\windows\sysdriver32_.exe');
DeleteFile('C:\WINDOWS\update.2\svchost.exe');
DeleteFile('C:\WINDOWS\update.1\svchost.exe');
DeleteFile('C:\WINDOWS\sysdriver32.exe');
DeleteFile('C:\WINDOWS\system32\drivers\hgxqctpp.sys');
DeleteFile('C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys');
DeleteFile('C:\DOCUME~1\_29820~1\LOCALS~1\Temp\8492456.exe');
DeleteFile('C:\Documents and Settings\Ксюша_2\Application Data\jzwmgw.exe');
DeleteFile('C:\Documents and Settings\Ксюша_2\Application Data\jzwmgw.exe,explorer.exe,C:\Documents and Settings\Ксюша_2\vpyu.exe');
DeleteFile('C:\WINDOWS\sysdriver32_.exe');
DeleteFile('C:\WINDOWS\services32.exe');
DeleteFile('C:\WINDOWS\system32\61845vB7.exe');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(13);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил
(загружать тут: http://virusinfo.info/upload_virus.php?tid=103480).
Сделайте новые логи.