Let it run: http://support.kaspersky.com/faq/?qid=208280684
Close/disable all the applications excluded AVZ and Internet Explorer.
- Disconnect your PC from network (internet/intranet)
- Disable antivirus, firewall and other memory resident security tools
- Disable System Restore
-Fix with Hijackthis
Код:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
- Execute following script
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\WINDOWS\system32\f3b2.sys','');
QuarantineFile('C:\WINDOWS\system32\e938.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\vdi3ndu1.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\fdd94.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\e5a9.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\6418.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\3bd9.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\1fa95.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\08e8.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\02693.SYS','');
QuarantineFile('C:\WINDOWS\system32\drivers\0267.SYS','');
QuarantineFile('C:\WINDOWS\system32\b024.sys','');
QuarantineFile('C:\WINDOWS\system32\8ea4.sys','');
QuarantineFile('C:\WINDOWS\system32\6342.sys','');
QuarantineFile('C:\WINDOWS\system32\3cd3.sys','');
QuarantineFile('C:\WINDOWS\system32\3609.sys','');
QuarantineFile('C:\WINDOWS\system32\1b53.sys','');
QuarantineFile('C:\WINDOWS\system32\02a7.sys','');
QuarantineFile('C:\DOCUME~1\issathi\LOCALS~1\Temp\sfareca00001.dll','');
QuarantineFile('C:\DOCUME~1\issathi\LOCALS~1\Temp\sfamcc00001.dll','');
DeleteService('f3b2');
DeleteService('e938');
DeleteService('e5a9');
DeleteService('b024');
DeleteService('8ea4');
DeleteService('6418');
DeleteService('6342');
DeleteService('3cd3');
DeleteService('3bd9');
DeleteService('3609');
DeleteService('1fa95');
DeleteService('1b53');
DeleteService('08e8');
DeleteService('02a7');
DeleteService('02693');
DeleteService('0267');
DeleteFile('C:\WINDOWS\system32\f3b2.sys');
DeleteFile('C:\WINDOWS\system32\e938.sys');
DeleteFile('C:\WINDOWS\system32\drivers\vdi3ndu1.sys');
DeleteFile('C:\WINDOWS\system32\drivers\fdd94.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\e5a9.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\6418.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\3bd9.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\1fa95.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\08e8.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\02693.SYS');
DeleteFile('C:\WINDOWS\system32\drivers\0267.SYS');
DeleteFile('C:\WINDOWS\system32\b024.sys');
DeleteFile('C:\WINDOWS\system32\8ea4.sys');
DeleteFile('C:\WINDOWS\system32\6342.sys');
DeleteFile('C:\WINDOWS\system32\3cd3.sys');
DeleteFile('C:\WINDOWS\system32\3609.sys');
DeleteFile('C:\WINDOWS\system32\1b53.sys');
DeleteFile('C:\WINDOWS\system32\02a7.sys');
DeleteFile('C:\WINDOWS\system32\drivers\vdi3ndu1.sys');
DeleteFile('C:\DOCUME~1\issathi\LOCALS~1\Temp\sfareca00001.dll');
DeleteFile('C:\DOCUME~1\issathi\LOCALS~1\Temp\sfamcc00001.dll');
BC_DeleteSvc('f3b2');
BC_DeleteSvc('e938');
BC_DeleteSvc('e5a9');
BC_DeleteSvc('b024');
BC_DeleteSvc('8ea4');
BC_DeleteSvc('6418');
BC_DeleteSvc('6342');
BC_DeleteSvc('3cd3');
BC_DeleteSvc('3bd9');
BC_DeleteSvc('3609');
BC_DeleteSvc('1fa95');
BC_DeleteSvc('1b53');
BC_DeleteSvc('08e8');
BC_DeleteSvc('02a7');
BC_DeleteSvc('02693');
BC_DeleteSvc('0267');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
If the system after reboot would try to install any unknown hardware, abort the installtion and remove unknown hardware over hardware manager
After reboot:
execute following script
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make new logs and attach them to the new posting.
PS: You have a russian system. Why did you open your thread in English forum?