Логи тут,на форуме Касперского тему закрою...
Отключите свою защиту(Ad-Aware удалите толку от нее нет,если есть Касперский) и интернет!
Пофиксить
Код:
O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - swin32.dll (file missing)
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{42593915-80CE-4172-95D0-E93401D0703D}: NameServer = 85.255.115.58,85.255.112.224
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28F58CB-0F3C-4E28-8D6E-FA8CB251AFED}: NameServer = 85.255.115.58,85.255.112.224
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.224
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.224
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.22
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
DelBHO('{FFFFFFFF-85A3-452b-B7A8-759AD9B42162}');
QuarantineFile('swin32.dll','');
QuarantineFile('Ufk27.sys','');
QuarantineFile('kdyaq.exe','');
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\spools.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrw22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winky66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingc77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfr88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winaf33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\weM00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\vrQ44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Uji88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\tuK88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Svu22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Rcb77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\plK88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\otS88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\miQ55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Ipo55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\fdC88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Eon33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\dwV77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Dka33.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Cvu44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\cqP77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Chg11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Byx77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\aoE77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ajR44.sys','');
QuarantineFile('C:\Documents and Settings\SHER\Мои документы\Моя работа\полезно\Белые каталоги\BASES\ie_updates3r.exe','');
DeleteService('Winrw22');
DeleteService('Winky66');
DeleteService('Google Online Services');
DeleteService('Wingc77');
DeleteService('Winfr88');
DeleteService('Winaf33');
DeleteService('weM00');
DeleteService('vrQ44');
DeleteService('Uji88');
DeleteService('Ufk27');
DeleteService('tuK88');
DeleteService('Svu22');
DeleteService('ql1280');
DeleteService('plK88');
DeleteService('otS88');
DeleteService('miQ55');
DeleteService('Ipo55');
DeleteService('fdC88');
DeleteService('Eon33');
DeleteService('dwV77');
DeleteService('Dka33');
DeleteService('Cvu44');
DeleteService('cqP77');
DeleteService('Chg11');
DeleteService('Byx77');
DeleteService('aoE77');
DeleteService('ajR44');
DeleteFile('C:\Documents and Settings\SHER\Мои документы\Моя работа\полезно\Белые каталоги\BASES\ie_updates3r.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\ajR44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\aoE77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Byx77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Chg11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\cqP77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Cvu44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Dka33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\dwV77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Eon33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\fdC88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Ipo55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\miQ55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\otS88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\plK88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Rcb77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Svu22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\tuK88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Uji88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\vrQ44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\weM00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winaf33.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfr88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingc77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winky66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrw22.sys');
DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe');
DeleteFile('C:\WINDOWS\system32\drivers\spools.exe');
DeleteFile('C:\WINDOWS\system32\kdyaq.exe');
DeleteFile('WinCtrl32.dll');
DeleteFile('kdyaq.exe');
DeleteFile('swin32.dll');
DeleteFile('Ufk27.sys');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Пришлите карантин по правилам и повторите логи...