после лечение прислать файлы (искать из программы AVZ):
c:\windows\cxfx\command.exe
C:\WINDOWS\cXFx\asappsrv.dll
c:\program files\network monitor\netmon.exe
C:\WINDOWS\system32\drivers\i386p.sys
C:\WINDOWS\TEMP\mc21.tmp
msctl32.dll
C:\windows\winsysupd3.exe
C:\WINDOWS\system32\paytime.exe
C:\windows\winsysban3.exe
c:\windows\myupdates.exe
C:\WINDOWS\system32\mvp6l97s1.dll
C:\WINDOWS\system32\mpicda.dll
C:\WINDOWS\system32\kldukx.dll
C:\WINDOWS\system32\nqmarta.dll
c:\secure32.html
из программы HijackThis пофиксить строки:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cXFx\command.exe