Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\TEMP\Wly.exe','');
QuarantineFile('C:\WINDOWS\TEMP\Wlw.exe','');
QuarantineFile('C:\WINDOWS\TEMP\Wlx.exe','');
QuarantineFile('C:\WINDOWS\svchost.exe','');
QuarantineFile('C:\WINDOWS\smss.exe','');
QuarantineFile('C:\WINDOWS\setup.exe','');
QuarantineFile('C:\WINDOWS\install.exe','');
QuarantineFile('C:\WINDOWS\iguqazefij.dll','');
QuarantineFile('C:\WINDOWS\csrss.exe','');
QuarantineFile('C:\WINDOWS\cmd.exe','');
DeleteFile('C:\WINDOWS\cmd.exe');
DeleteFile('C:\WINDOWS\csrss.exe');
DeleteFile('C:\WINDOWS\iguqazefij.dll');
DeleteFile('C:\WINDOWS\install.exe');
DeleteFile('C:\WINDOWS\setup.exe');
DeleteFile('C:\WINDOWS\smss.exe');
DeleteFile('C:\WINDOWS\svchost.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MKese');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MKese');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MKeg');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MKevc');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MKbta');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Ehanorecewekif');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MKayc');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MKaZ');
DeleteFile('C:\WINDOWS\TEMP\Wlx.exe');
DeleteFile('C:\WINDOWS\TEMP\Wlw.exe');
DeleteFile('C:\WINDOWS\TEMP\Wly.exe');
DeleteFile('%windir%\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job');
DeleteFile('%windir%\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job');
DeleteFile('%windir%\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
RegKeyIntParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum', '{BDEADF00-C265-11D0-BCED-00A0C90AB50F}', 1);
ExecuteRepair(8);
ExecuteRepair(11);
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи