Выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\seodmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\seedmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\pmnmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\njmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\morgmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\flagmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\ezangmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\edsmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\dadv2mgr.exe','');
QuarantineFile('C:\WINDOWS\system32\cpcpmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\cjppmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\c9mgr.exe','');
QuarantineFile('C:\WINDOWS\system32\aplexmgr.exe','');
QuarantineFile('C:\WINDOWS\jodrive32.exe','');
QuarantineFile('C:\WINDOWS\aadrive32.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe','');
QuarantineFile('C:\Documents and Settings\User\cbzvl.exe','');
QuarantineFile('C:\Documents and Settings\User\mscdcx.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\wsprintsrv.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\umxsys32.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\dadvmgr32.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\aon32.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\aftnc32.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\addoon32.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\add-on32.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\Osgmga.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\Iqgmgu.exe','');
QuarantineFile('C:\DOCUME~1\User\LOCALS~1\Temp\ctfmon.exe','');
DeleteFile('C:\DOCUME~1\User\LOCALS~1\Temp\ctfmon.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\Iqgmgu.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\Osgmga.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\add-on32.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\addoon32.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\aftnc32.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\aon32.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\dadvmgr32.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\umxsys32.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\wsprintsrv.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
DeleteFile('C:\Documents and Settings\User\cbzvl.exe');
DeleteFile('C:\Documents and Settings\User\mscdcx.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe');
DeleteFile('C:\WINDOWS\aadrive32.exe');
DeleteFile('C:\WINDOWS\jodrive32.exe');
DeleteFile('C:\WINDOWS\system32\aplexmgr.exe');
DeleteFile('C:\WINDOWS\system32\c9mgr.exe');
DeleteFile('C:\WINDOWS\system32\cjppmgr.exe');
DeleteFile('C:\WINDOWS\system32\cpcpmgr.exe');
DeleteFile('C:\WINDOWS\system32\dadv2mgr.exe');
DeleteFile('C:\WINDOWS\system32\edsmgr.exe');
DeleteFile('C:\WINDOWS\system32\ezangmgr.exe');
DeleteFile('C:\WINDOWS\system32\flagmgr.exe');
DeleteFile('C:\WINDOWS\system32\morgmgr.exe');
DeleteFile('C:\WINDOWS\system32\njmgr.exe');
DeleteFile('C:\WINDOWS\system32\pmnmgr.exe');
DeleteFile('C:\WINDOWS\system32\seedmgr.exe');
DeleteFile('C:\WINDOWS\system32\seodmgr.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DeleteSvc('drllvbcfsfyr');
BC_DeleteSvc('rukawpemydyrav');
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
RegKeyIntParamWrite( 'HKLM', 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum', '{BDEADF00-C265-11D0-BCED-00A0C90AB50F}', 1);
RegKeyParamDel('HKLM', 'Software\Microsoft\Windows NT\CurrentVersion\Winlogon', 'Taskman');
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил, если окажется не пуст
(загружать тут: http://virusinfo.info/upload_virus.php?tid=115570).
Сделайте новые логи.