Выполните скрипт в AVZ
Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('E:\NAPULJ\sicilija.exe','');
QuarantineFile('C:\WINDOWS\system32\fsokz.dll','');
DeleteService('zqyrq');
DeleteService('zonjfm');
DeleteService('zmznzjjc');
DeleteService('yxpdd');
DeleteService('ywaqip');
DeleteService('ynfriawy');
DeleteService('yjkcrhb');
DeleteService('xyjdrcuek');
DeleteService('xwvyifbv');
DeleteService('xthqlbnr');
DeleteService('xjhufozkk');
DeleteService('xixwbg');
DeleteService('xeaimp');
DeleteService('wyncjlxob');
DeleteService('wthnawmg');
DeleteService('wswlkfrfw');
DeleteService('wsbmh');
DeleteService('wpnccgmov');
DeleteService('wdvomn');
DeleteService('wbnjy');
DeleteService('voepepm');
DeleteService('vhsxrtww');
DeleteService('vgslh');
DeleteService('usjffx');
DeleteService('uscbdhwup');
DeleteService('urlxhbmm');
DeleteService('uiyktioiv');
DeleteService('uiqxmeubi');
DeleteService('tuanwzpzp');
QuarantineFile('C:\WINDOWS\system32\drivers\tStLib.sys','');
DeleteService('tpkazntv');
DeleteService('tfbuaivw');
DeleteService('sxmecbxck');
DeleteService('svditdmbc');
DeleteService('sdgcazyx');
DeleteService('ruwdabgb');
DeleteService('rlstm');
DeleteService('rgudyt');
DeleteService('qhuezlpy');
DeleteService('qgzyxmq');
DeleteService('qehnva');
DeleteService('qdycscbfe');
DeleteService('pwniyoxzp');
DeleteService('ppcexs');
DeleteService('pdptt');
DeleteService('oyeiqsdv');
DeleteService('ovkylk');
DeleteService('omvza');
DeleteService('oilmxs');
DeleteService('ohbzkibc');
DeleteService('nprba');
QuarantineFile('C:\WINDOWS\system32\06.tmp','');
DeleteService('nojxn');
DeleteService('nmwoq');
DeleteService('ngotfvc');
DeleteService('ngmaj');
DeleteService('nfngl');
DeleteService('mzgje');
QuarantineFile('C:\WINDOWS\system32\05.tmp','');
DeleteService('mixpvdag');
DeleteService('lucxzuqgt');
DeleteService('lonaflf');
DeleteService('lktyvgcox');
DeleteService('kwvjsp');
DeleteService('knzdfur');
DeleteService('kadimqtt');
DeleteService('jxxvxf');
DeleteService('jwwopjl');
DeleteService('jotthf');
DeleteService('jaquvpwms');
DeleteService('isjcxqbc');
DeleteService('iropo');
DeleteService('igmkbvw');
DeleteService('iegob');
DeleteService('icvlrb');
DeleteService('icaecod');
DeleteService('iaedxzl');
DeleteService('hykhykjq');
QuarantineFile('C:\WINDOWS\system32\0C.tmp','');
DeleteService('hldadzkfm');
DeleteService('hgkvzel');
DeleteService('hewba');
DeleteService('hdcwbmbw');
DeleteService('gvfnszvwr');
DeleteService('grxwoxpwc');
DeleteService('grexmgioi');
DeleteService('gbqgdxel');
DeleteService('fzwouuw');
DeleteService('fqpxoj');
DeleteService('fphip');
DeleteService('fkhjlro');
DeleteService('emxjxdfd');
DeleteService('elxnkrti');
DeleteService('dtarg');
DeleteService('dmqim');
DeleteService('dmgqsl');
DeleteService('dbjfhr');
QuarantineFile('C:\WINDOWS\system32\01.tmp','');
DeleteService('cyhmyzya');
DeleteService('cxkkmk');
DeleteService('cvipjzrv');
DeleteService('ctewrxoc');
DeleteService('csvipvo');
DeleteService('cnytky');
DeleteService('cjfpn');
QuarantineFile('C:\WINDOWS\system32\0A4.tmp','');
DeleteService('cdncgn');
DeleteService('bnbjnqn');
DeleteService('aydqdy');
DeleteService('awkpsijq');
DeleteService('avnjsnth');
QuarantineFile('C:\WINDOWS\system32\02.tmp','');
DeleteService('asujxmx');
SetServiceStart('asc3350p', 4);
DeleteService('apqtnvp');
QuarantineFile('C:\WINDOWS\system32\04.tmp','');
QuarantineFile('C:\WINDOWS\system32\03.tmp','');
DeleteService('aajdu');
DeleteFile('C:\WINDOWS\system32\03.tmp','32');
DeleteFile('C:\WINDOWS\system32\04.tmp','32');
DeleteFile('C:\WINDOWS\system32\02.tmp','32');
DeleteFile('C:\WINDOWS\system32\0A4.tmp','32');
DeleteFile('C:\WINDOWS\system32\01.tmp','32');
DeleteFile('C:\WINDOWS\system32\0C.tmp','32');
DeleteFile('C:\WINDOWS\system32\05.tmp','32');
DeleteFile('C:\WINDOWS\system32\06.tmp','32');
DeleteFile('C:\WINDOWS\system32\fsokz.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\svobib\Parameters','ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\rxqhdbwz\Parameters','ServiceDll');
DeleteFile('E:\NAPULJ\sicilija.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RebootWindows(false);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи
ProxyServer="192.168.48.101 сами прописали?