ОТКЛЮЧИТЕ ВОСТАНОВЛЕНИЕ СИСТЕМЫ!
ну у вас и гадюшник
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
SetServiceStart('kcp', 4);
SetServiceStart('Microsoft PS Service', 4);
SetServiceStart('PolicyAgent', 4);
SetServiceStart('WinSecurServ05', 4);
StopService('kcp');
StopService('PolicyAgent');
StopService('Microsoft PS Service');
StopService('WinSecurServ05');
QuarantineFile('C:\WINDOWS\system32\Fsd9mk4g.dll','');
QuarantineFile('C:\System Volume Information\_restore{DFF9D3A3-CB8C-4911-9B46-236D8F95DBCD}\RP160\A0139054.exe','');
QuarantineFile('C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL','');
QuarantineFile('C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL','');
QuarantineFile('sysfldr.dll','');
QuarantineFile('ibutu.dll','');
QuarantineFile('WLCtrl32.dll','');
QuarantineFile('LogCrypt.dll','');
QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
QuarantineFile('C:\WINDOWS\system32\NvMcTray.dll','');
QuarantineFile('C:\WINDOWS\mmhren1.exe','');
QuarantineFile('C:\WINDOWS\TEMP\winlogan.exe','');
QuarantineFile('C:\WINDOWS\TEMP\lsass.exe','');
QuarantineFile('C:\PROGRA~1\SCREEN~1\Timati.scr','');
QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Sye51.sys','');
QuarantineFile('C:\WINDOWS\system32\itcom.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\kcp.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\spool.exe','');
QuarantineFile('C:\WINDOWS\system32\Microsoft\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\UAService7.exe','');
QuarantineFile('C:\DOCUME~1\1\LOCALS~1\Temp\svc32_1.exe','');
QuarantineFile('C:\WINDOWS\system32\mnmsrvc.exe','');
QuarantineFile('C:\WINDOWS\system32\_svchost.exe','');
QuarantineFile('C:\WINDOWS\AcroIEHelper.dll','');
DeleteFile('C:\WINDOWS\system32\_svchost.exe');
DeleteFile('C:\WINDOWS\AcroIEHelper.dll');
DeleteFile('C:\DOCUME~1\1\LOCALS~1\Temp\svc32_1.exe');
DeleteFile('C:\WINDOWS\system32\Microsoft\svchost.exe');
DeleteFile('C:\WINDOWS\system32\drivers\spool.exe');
DeleteFile('C:\WINDOWS\system32\drivers\kcp.sys');
DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe');
DeleteFile('C:\WINDOWS\TEMP\lsass.exe');
DeleteFile('C:\WINDOWS\TEMP\winlogan.exe');
DeleteFile('C:\WINDOWS\mmhren1.exe');
DeleteFile('C:\WINDOWS\system32\NvMcTray.dll');
DeleteFile('C:\WINDOWS\system32\ntos.exe');
DeleteFile('LogCrypt.dll');
DeleteFile('WLCtrl32.dll');
DeleteFile('sysfldr.dll');
DeleteFile('C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL');
DeleteFile('C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL');
DeleteFile('C:\WINDOWS\system32\Fsd9mk4g.dll');
DeleteFile('C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL');
DeleteFile('ibutu.dll');
DeleteFile('C:\System Volume Information\_restore{DFF9D3A3-CB8C-4911-9B46-236D8F95DBCD}\RP160\A0139054.exe');
DelBHO('{07B18EA9-A523-4961-B6BB-170DE4475CCA}');
DelBHO('{B5AF0562-94F3-42BD-F434-2604812C797D}');
DelBHO('{07B18EA1-A523-4961-B6BB-170DE4475CCA}');
DelBHO('{00A6FAF1-072E-44cf-8957-5838F569A31D}');
DelBHO('{44970071-468F-432F-8F5E-429B2414619A}');
DeleteService('kcp');
DeleteService('Microsoft PS Service');
DeleteService('PolicyAgent');
DeleteService('WinSecurServ05');
BC_ImportALL;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.
Прислать карантин согласно приложения 3 правил .
Загружать по ссылке: http://virusinfo.info/upload_virus.php?tid=18491
Добавлено через 1 минуту
Пофиксить в HijackThis следующие строчки ( http://virusinfo.info/showthread.php?t=4491 )
Код:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\ntos. exe,
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
O20 - Winlogon Notify: ibutu - ibutu.dll (file missing)
O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)
O20 - Winlogon Notify: sysfldr - sysfldr.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
Повторите логи