Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\MicrSoft.exe','');
DeleteFile('C:\WINDOWS\system32\MicrSoft.exe');
TerminateProcessByName('c:\windows\system32\poukyquoozek.exe');
QuarantineFile('c:\windows\system32\poukyquoozek.exe','');
QuarantineFile('C:\WINDOWS\system32\sime.exe','');
QuarantineFile('C:\WINDOWS\system32\poukyquoozek.exe','');
QuarantineFile('C:\WINDOWS\system32\isass.exe','');
DeleteService('nojahyoiyef');
DeleteService('e4e4ixcv8o');
DeleteService('CSNetManagerXp');
QuarantineFile('C:\WINDOWS\system32\drivers\sdido.sys','');
DeleteService('ihhdbnarff');
QuarantineFile('C:\WINDOWS\system32\drivers\pyjvypwex.sys','');
DeleteService('qvhwzfvfu');
QuarantineFile('C:\WINDOWS\system32\quyruj.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\044.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\047.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\067.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\071.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\088.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\099.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\179.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\181.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\189.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\233.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\314.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\402.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\453.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\488.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\494.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\521.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\536.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\557.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\803.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\874.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\946.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\957.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\974.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Temp\992.exe','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('C:\WINDOWS\system32\umdmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\vyre32.exe','');
DeleteFile('C:\WINDOWS\system32\vyre32.exe');
DeleteFile('C:\WINDOWS\system32\umdmgr.exe');
DeleteFile('F:\autorun.inf');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\992.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\974.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\957.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\946.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\874.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\803.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\557.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\536.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\521.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\494.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\488.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\453.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\402.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\314.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\233.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\189.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\181.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\179.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\099.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\088.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\071.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\067.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\047.exe');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Temp\044.exe');
DeleteFile('C:\WINDOWS\system32\quyruj.exe');
DeleteFile('C:\WINDOWS\system32\drivers\pyjvypwex.sys');
DeleteFile('C:\WINDOWS\system32\drivers\sdido.sys');
DeleteFile('C:\WINDOWS\system32\isass.exe');
DeleteFile('C:\WINDOWS\system32\poukyquoozek.exe');
DeleteFile('C:\WINDOWS\system32\sime.exe');
DeleteFile('c:\windows\system32\poukyquoozek.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(9);
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Скачайте http://support.kaspersky.ru/faq/?qid=208639606
1. При обнаружении C:\WINDOWS\system32\Drivers\movnkpi.sys выберите Карантин
Найдите папку карантина на диске C, запакуйте с паролем virus и пришлите по красной ссылке Прислать запрошенный карантин вверху темы
2. Еще раз запустите TDSSkiller и выберите Лечить
Файлы логов TDSSkiller прикрепите к сообщению
Сделайте новые логи
Сделайте лог gmer