Деинсталлируйте PC-Cleaner, отключите восстановление системы, перед выполнением скрипта отключите антивирус,
выполните скрипт
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('Schedule');
SetServiceStart('Schedule', 4);
StopService('Google Online Services');
SetServiceStart('Google Online Services', 4);
StopService('LPTRDCsrv');
SetServiceStart('LPTRDCsrv', 4);
QuarantineFile('D:\WINNT\system32\vbsys2.dll','');
QuarantineFile('D:\WINNT\system32\SKHOOKS.dll','');
QuarantineFile('D:\WINNT\Temp\BFE.tmp','');
QuarantineFile('D:\WINNT\Temp\7945.tmp','');
QuarantineFile('D:\WINNT\system32\xjbbeyev.dll','');
QuarantineFile('D:\WINNT\system32\ezeh251.exe','');
QuarantineFile('D:\Documents and Settings\x\Local Settings\Temp\950bf97e.exe','');
QuarantineFile('D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KLAZ0P2R\loader[1].exe','');
QuarantineFile('c:\autoex.dll','');
QuarantineFile('D:\WINNT\system32\hmlphl.dll','');
QuarantineFile('D:\WINNT\system32\vtUooPgg.dll','');
QuarantineFile('D:\WINNT\system32\userinit.exe','');
QuarantineFile('D:\WINNT\system32\qpgzyxop.exe','');
QuarantineFile('D:\WINNT\system32\ntos.exe','');
QuarantineFile('D:\WINNT\system32\lsetup.exe','');
QuarantineFile('D:\WINNT\system32\iderelml.exe','');
QuarantineFile('D:\Program Files\PC-Cleaner\PC-Cleaner.exe','');
QuarantineFile('D:\Documents and Settings\Default User\cftmon.exe','');
QuarantineFile('D:\Documents and Settings\All Users\Документы\Settings\partnership.dll','');
QuarantineFile('D:\Documents and Settings\All Users\Application Data\itkhufsx\mxqrsnof.exe','');
QuarantineFile('D:\WINNT\system32\drivers\Beep.sys','');
QuarantineFile('D:\WINNT\system32\drivers\deckzpsx.sys','');
QuarantineFile('D:\WINNT\system32\drivers\ami0nt.sys','');
QuarantineFile('D:\WINNT\system32\drivers\spools.exe','');
QuarantineFile('D:\WINNT\System32\ATMsrvc.exe','');
QuarantineFile('D:\Documents and Settings\x\ie_updates3r.exe','');
QuarantineFile('D:\WINNT\ctfmon.exe','');
QuarantineFile('D:\WINNT\system32\opnkhiii.dll','');
DeleteService('Schedule');
DeleteService('Google Online Services');
DeleteService('LPTRDCsrv');
DeleteFile('D:\WINNT\system32\opnkhiii.dll');
DeleteFile('D:\Program Files\PC-Cleaner\PC-Cleaner.exe');
DeleteFile('D:\Program Files\PC-Cleaner\com\pcsd.dll');
DeleteFile('D:\WINNT\ctfmon.exe');
DeleteFile('D:\Documents and Settings\x\ie_updates3r.exe');
DeleteFile('D:\WINNT\system32\drivers\spools.exe');
DeleteFile('D:\Documents and Settings\All Users\Application Data\itkhufsx\mxqrsnof.exe');
DeleteFile('D:\Documents and Settings\All Users\Документы\Settings\partnership.dll');
DeleteFile('D:\Documents and Settings\Default User\cftmon.exe');
DeleteFile('D:\WINNT\system32\iderelml.exe');
DeleteFile('D:\WINNT\system32\lsetup.exe');
DeleteFile('D:\WINNT\system32\ntos.exe');
DeleteFile('D:\WINNT\system32\qpgzyxop.exe');
DeleteFile('D:\WINNT\system32\vtUooPgg.dll');
DeleteFile('D:\WINNT\system32\hmlphl.dll');
DeleteFile('c:\autoex.dll');
DeleteFile('D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KLAZ0P2R\loader[1].exe');
DeleteFile('D:\Documents and Settings\x\Local Settings\Temp\950bf97e.exe');
DeleteFile('D:\WINNT\system32\ezeh251.exe');
DeleteFile('D:\WINNT\system32\xjbbeyev.dll');
DeleteFile('D:\WINNT\Temp\7945.tmp');
DeleteFile('D:\WINNT\Temp\BFE.tmp');
DeleteFile('D:\WINNT\system32\vbsys2.dll');
DelBHO('{F50B3F5E-856E-4757-9BB1-B35D46CA7719}');
DelBHO('{F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2}');
DelBHO('{AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B}');
DelBHO('{83BFE9E1-5A8F-43DB-97D3-D34852ECCC32}');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(5);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(11);
ExecuteRepair(16);
RebootWindows(true);
end.
Компьютер перезагрузится. После перезагрузки выполнить ещё скрипт
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Файл quarantine.zip выслать на user15802[at]mail.ru, в теле письма указать ссылку на тему, или выложить файл на ifolder.ru или другой файлообменник и дать ссылку на него в ПМ (личку).
пофиксите в hijackthis строчки
Код:
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,D:\WINNT\system32\ntos.exe,D:\WINNT\system32\lsetup.exe,
O2 - BHO: (no name) - {83BFE9E1-5A8F-43DB-97D3-D34852ECCC32} - D:\WINNT\system32\opnkhiii.dll
O2 - BHO: BhoApp Class - {AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B} - D:\WINNT\system32\hmlphl.dll (file missing)
O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll (file missing)
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - D:\WINNT\system32\vtUooPgg.dll (file missing)
O4 - HKCU\..\Run: [czbltobn] D:\WINNT\system32\qpgzyxop.exe
O4 - HKCU\..\Run: [PC-Cleaner] "D:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
O4 - HKLM\..\Policies\Explorer\Run: [HIpha09YbC] D:\Documents and Settings\All Users\Application Data\itkhufsx\mxqrsnof.exe
O4 - HKUS\.DEFAULT\..\Run: [userinit] D:\WINNT\system32\ntos.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] D:\WINNT\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] D:\Documents and Settings\Default User\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [hxtfrjzj] D:\WINNT\system32\iderelml.exe (User 'Default user')
O20 - AppInit_DLLs:
O20 - Winlogon Notify: partnershipreg - D:\Documents and Settings\All Users\Документы\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: vtUooPgg - vtUooPgg.dll (file missing)
Вы антивирусом проверялись напр. cureit и AVPTool?
повторите логи и сделайте ещё логи DSS по правилам
