Отключите антивирус и интернет!
Пофиксить
Код:
O2 - BHO: QXK Rhythm - {2AB0CA27-95E4-437A-8093-FADF3A2FAC42} - C:\WINDOWS\nldfmtapnvb.dll
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\system32\ipv6monl.dll
O2 - BHO: C:\WINDOWS\system32\hdxjd4g.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\hdxjd4g.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\djki397g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\djki397g.dll (file missing)
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O21 - SSODL: gnowmebk - {01309571-D74D-497D-AB2C-9EF2D6EE0A78} - C:\WINDOWS\gnowmebk.dll
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\hdxjd4g.dll (file missing)
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\djki397g.dll (file missing)
Скачать,меню,File,появится аналог проводника,найти:WinNt32.dll,tcpsr.sys,правая кнопка мыши Force Delete на запрос о перезагрузке ответьте положительно.
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('WinNt32.dll','');
QuarantineFile('C:\WINDOWS\system32\hdxjd4g.dll','');
QuarantineFile('C:\WINDOWS\system32\djki397g.dll','');
QuarantineFile('C:\Documents and Settings\LocalService\cftmon.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ylt44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ygx22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Xml33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wjr66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\vrQ44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Uow33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ujk44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Rem66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Pcb11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ove55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Nst00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Nqy22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Mkj33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ljr55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Jcb66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Iwv77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Htl00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Gsb77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\glT44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ejr55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Eai22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Dpx88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Cji11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Cck33.sys','');
QuarantineFile('C:\Documents and Settings\Администратор\ie_updates3r.exe','');
QuarantineFile('c:\windows\system32\mssrv32.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\spools.exe','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\system32\WinNt32.dll','');
QuarantineFile('C:\WINDOWS\system32\ipv6monl.dll','');
QuarantineFile('C:\WINDOWS\nldfmtapnvb.dll','');
QuarantineFile('C:\WINDOWS\gnowmebk.dll','');
DeleteService('Ylt44');
DeleteService('Ygx22');
DeleteService('Xml33');
DeleteService('Wjr66');
DeleteService('vrQ44');
DeleteService('Uow33');
DeleteService('Ujk44');
DeleteService('Rem66');
DeleteService('Pcb11');
DeleteService('Ove55');
DeleteService('Nst00');
DeleteService('Nqy22');
DeleteService('Mkj33');
DeleteService('Jcb66');
DeleteService('Iwv77');
DeleteService('Htl00');
DeleteService('Gsb77');
DeleteService('glT44');
DeleteService('Ejr55');
DeleteService('Eai22');
DeleteService('Cck33');
DeleteService('Schedule');
DeleteService('tcpsr');
DeleteService('Google Online Services');
DeleteService('msupdate');
DeleteService('Dpx88');
DeleteService('Cji11');
DeleteFile('C:\WINDOWS\gnowmebk.dll');
DeleteFile('C:\WINDOWS\nldfmtapnvb.dll');
DeleteFile('C:\WINDOWS\system32\ipv6monl.dll');
DeleteFile('C:\WINDOWS\system32\WinNt32.dll');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\system32\drivers\spools.exe');
DeleteFile('c:\windows\system32\mssrv32.exe');
DeleteFile('C:\Documents and Settings\Администратор\ie_updates3r.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Cck33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Cji11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Dpx88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Eai22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ejr55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\glT44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Gsb77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Htl00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Iwv77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Jcb66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ljr55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Mkj33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Nqy22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Nst00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ove55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Pcb11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Rem66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ujk44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Uow33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\vrQ44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wjr66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Xml33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ygx22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ylt44.sys');
DeleteFile('C:\Documents and Settings\LocalService\cftmon.exe');
DeleteFile('C:\WINDOWS\system32\djki397g.dll');
DeleteFile('C:\WINDOWS\system32\hdxjd4g.dll');
DeleteFile('WinNt32.dll');
DelBHO('{B5AF0562-94F3-42BD-F434-2604812C797D}');
DelBHO('{B5AC49A2-94F2-42BD-F434-2604812C897D}');
DelBHO('{36DBC179-A19F-48F2-B16A-6A3E19B42A87}');
DelBHO('{2AB0CA27-95E4-437A-8093-FADF3A2FAC42}');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('Ylt44');
BC_DeleteSvc('Ygx22');
BC_DeleteSvc('Xml33');
BC_DeleteSvc('Wjr66');
BC_DeleteSvc('vrQ44');
BC_DeleteSvc('Uow33');
BC_DeleteSvc('Ujk44');
BC_DeleteSvc('Rem66');
BC_DeleteSvc('Pcb11');
BC_DeleteSvc('Ove55');
BC_DeleteSvc('Nst00');
BC_DeleteSvc('Nqy22');
BC_DeleteSvc('Mkj33');
BC_DeleteSvc('Jcb66');
BC_DeleteSvc('Iwv77');
BC_DeleteSvc('Htl00');
BC_DeleteSvc('Gsb77');
BC_DeleteSvc('glT44');
BC_DeleteSvc('Ejr55');
BC_DeleteSvc('Eai22');
BC_DeleteSvc('Cck33');
BC_DeleteSvc('Schedule');
BC_DeleteSvc('tcpsr');
BC_DeleteSvc('Google Online Services');
BC_DeleteSvc('msupdate');
BC_DeleteSvc('Dpx88');
BC_DeleteSvc('Cji11');
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.
Прислать карантин согласно приложения 3 правил .
Загружать по ссылке:http://virusinfo.info/upload_virus.php?tid=23306
Повторите логи.