Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelCLSID('{23KLN5J0-4OPM-11WE-AAX5-24EF1D187332}');
DelCLSID('{23KLN5J0-4OPM-11WE-AAX5-24EF1F187332}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-34CX1C987132}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}');
DelCLSID('{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87}');
QuarantineFile('C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe','');
QuarantineFile('C:\RECYCLE\D-0-060-0000000000-1111111-2222222\fix.exe','');
QuarantineFile('C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe','');
QuarantineFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe','');
QuarantineFile('C:\RESTORE\k-1-3542-4232123213-7676767-8888886\X0R.exe','');
DelBHO('{e5b5d545-0177-4d13-aee6-0a85122b21ad}');
DelBHO('{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}');
DelBHO('{6D125299-C2A9-4DBC-BEC3-6F7124E39A41}');
QuarantineFile('c:\progra~1\thunmail\testabd.dll','');
QuarantineFile('c:\program Files\ThunMail\testabd.exe','');
QuarantineFile('D:\WINDOWS\System32\lmsxsltsso.dll','');
QuarantineFile('D:\WINDOWS\system32\tuvvWmLC','');
QuarantineFile('D:\WINDOWS\system32\svshost.dll','');
QuarantineFile('D:\WINDOWS\system32\sdra64.exe','');
QuarantineFile('D:\WINDOWS\system32\fxyske.exe','');
QuarantineFile('D:\WINDOWS\system32\cssrss.exe','');
QuarantineFile('D:\WINDOWS\system32\3ee8063a.exe','');
QuarantineFile('D:\WINDOWS\apppatch\yfwsqhz.dat','');
QuarantineFile('D:\WINDOWS\apppatch\edyoysk.dat','');
QuarantineFile('D:\RECYCLER\S-1-5-21-6487626890-9830194311-029074431-1622\yv8g67.exe','');
DeleteFile('D:\RECYCLER\S-1-5-21-6487626890-9830194311-029074431-1622\yv8g67.exe');
DeleteFile('D:\RECYCLER\S-1-5-21-6487626890-9830194311-029074431-1622\yv8g67.exe,D:\Documents and Settings\John\Application Data\nsvb.exe,explorer.exe,D:\Documents and Settings\John\Application Data\juzjf.exe');
DeleteFile('D:\WINDOWS\apppatch\edyoysk.dat');
DeleteFile('D:\WINDOWS\apppatch\yfwsqhz.dat');
DeleteFile('D:\WINDOWS\system32\3ee8063a.exe');
DeleteFile('D:\WINDOWS\system32\cssrss.exe');
DeleteFile('D:\WINDOWS\system32\fxyske.exe');
DeleteFile('D:\WINDOWS\system32\sdra64.exe');
DeleteFile('D:\WINDOWS\system32\svshost.dll');
DeleteFile('D:\WINDOWS\system32\tuvvWmLC');
DeleteFile('D:\WINDOWS\System32\lmsxsltsso.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','LGootkitSSO');
DeleteFile('c:\program Files\ThunMail\testabd.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','svc');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','svc');
DeleteFile('c:\progra~1\thunmail\testabd.dll');
DeleteFile('musmuyrx.dll');
DeleteFile('service.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WinDLL (service.exe)');
DeleteFile('D:\DOCUME~1\John\APPLIC~1\FieryAds\FieryAds.dll');
DeleteFile('D:\PROGRA~1\FieryAds\FieryAds.dll');
DeleteFile('D:\WINDOWS\system32\ffnylq.dll');
DeleteFile('C:\RESTORE\k-1-3542-4232123213-7676767-8888886\X0R.exe');
DeleteFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe');
DeleteFile('C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe');
DeleteFile('C:\RECYCLE\D-0-060-0000000000-1111111-2222222\fix.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe');
DeleteFile('C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RegKeyStrParamWrite('HKLM','system\currentcontrolset\control\securityproviders','SecurityProviders', 'msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll');
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи
Сделайте лог gmer
Сделайте лог полного сканирования МВАМ