Пофиксите
Код:
O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
Выполните скрипт
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('Winys23');
DeleteService('Winyr20');
DeleteService('Winyo22');
DeleteService('Winwh11');
DeleteService('Winvn55');
DeleteService('Winuk26');
DeleteService('Winty63');
DeleteService('Winss22');
DeleteService('Winrj06');
DeleteService('Winqd66');
DeleteService('Winov45');
DeleteService('Winoo65');
DeleteService('Winog60');
DeleteService('Winnx47');
DeleteService('Winmm84');
DeleteService('Winmh23');
DeleteService('Winlx88');
DeleteService('Winlo63');
DeleteService('Winld46');
DeleteService('Winkp71');
DeleteService('Winiq36');
DeleteService('Winik83');
DeleteService('Winid66');
DeleteService('Winhm52');
DeleteService('Winhj12');
DeleteService('Wingx12');
DeleteService('Wingv47');
DeleteService('Wingv14');
DeleteService('Wingl63');
DeleteService('Winfs82');
DeleteService('Winej60');
DeleteService('Windp08');
DeleteService('Wincp21');
DeleteService('Winaf41');
DeleteService('Vxi43');
DeleteService('Vbj82');
DeleteService('tcpsr');
DeleteService('Lgo03');
DeleteService('Iau81');
DeleteService('Hwq41');
DeleteService('Ffk83');
DeleteService('Bet65');
DeleteService('msupdate');
QuarantineFile('C:\WINDOWS\svchost.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Vxi43.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winaf41.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wincp21.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Windp08.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winej60.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfs82.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingl63.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingv14.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingv47.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingx12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhm52.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winid66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winik83.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winiq36.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkp71.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winld46.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlo63.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlx88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmh23.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmm84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnx47.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winog60.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winoo65.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winov45.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqd66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrj06.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winss22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winty63.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winuk26.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvn55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwh11.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyo22.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyr20.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winys23.sys','');
QuarantineFile('c:\windows\system32\..\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\wm3dap.dll','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('C:\WINDOWS\system32\wm3dap.dll');
DeleteFile('c:\windows\system32\..\svchost.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\Winys23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyr20.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyo22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwh11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvn55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winuk26.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winty63.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winss22.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrj06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqd66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winov45.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winoo65.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winog60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnx47.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmm84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmh23.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlx88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlo63.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winld46.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkp71.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winiq36.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winik83.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winid66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhm52.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhj12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingx12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingv47.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingv14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingl63.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winej60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Windp08.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincp21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winaf41.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Vxi43.sys');
DeleteFile('C:\WINDOWS\svchost.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
После перезагрузки закачайте карантин по правилам.
Повторите логи.