Отключите антивирус и интернет!
AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\braviax.exe','');
DeleteService('Winyc35');
DeleteService('Winyc13');
DeleteService('Winxc14');
DeleteService('Winxb82');
DeleteService('Winwb85');
DeleteService('Winwa58');
DeleteService('Winwa03');
DeleteService('Winva82');
DeleteService('Winux36');
DeleteService('Wintw62');
DeleteService('Wintb71');
DeleteService('Winsv36');
DeleteService('Winqu85');
DeleteService('Winpw47');
DeleteService('Winpt02');
DeleteService('Winow58');
DeleteService('Winmt03');
DeleteService('Winms82');
DeleteService('Winkn85');
DeleteService('Winin82');
DeleteService('Winhl41');
DeleteService('Winhk81');
DeleteService('Wingl84');
DeleteService('Wingj24');
DeleteService('Winfm03');
DeleteService('Winem81');
DeleteService('Winbi02');
DeleteService('Winbe40');
DeleteService('Winad57');
DeleteService('Winad36');
DeleteService('Winac52');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyc35.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winyc13.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winxc14.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winxb82.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwb85.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwa58.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winwa03.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winva82.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winux36.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wintw62.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wintb71.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winsv36.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winsv35.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winqu85.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winpw47.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winpt02.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winow58.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winmt03.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winms82.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winkn85.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winjm60.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winin82.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhl41.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winhk81.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wingl84.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wingj24.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winfm03.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winem81.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Wincf60.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winbi02.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winbe40.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winad57.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winad36.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\Winac52.sys','');
DeleteService('wuauservWmiApSrv');
DeleteService('wscsvcPctspk');
DeleteService('WmiShellHWDetection');
DeleteService('WmiRDSessMgr');
DeleteService('UPSAlerter');
DeleteService('TlntSvrsrserviceFastUserSwitchingCompatibilityxmlprov');
DeleteService('TlntSvrsrservice');
DeleteService('SysmonLogClipSrv');
DeleteService('stisvcOutpostFirewallAlerter');
DeleteService('stisvcOutpostFirewall');
DeleteService('SSDPSRVSSDPSRV');
DeleteService('Spoolerseclogon');
DeleteService('ScheduleBrowser');
DeleteService('RSVPSwPrv');
DeleteService('RpcSsLmHosts');
DeleteService('RasAutoAlerter');
DeleteService('RasAutoaawservice');
DeleteService('OutpostFirewallImapiService');
DeleteService('NetmanShellHWDetectionW32Time');
DeleteService('NetmanShellHWDetection');
DeleteService('MSIServerwuauserv');
DeleteService('MSIServerNla');
DeleteService('MSDTCRemoteRegistry');
DeleteService('lanmanworkstationUPS');
DeleteService('lanmanworkstationhelpsvc');
DeleteService('lanmanworkstationFastUserSwitchingCompatibilitylanmanserver');
DeleteService('FastUserSwitchingCompatibilityxmlprov');
DeleteService('DcomLaunchUPS');
DeleteService('CiSvcWebClient');
QuarantineFile('srv.exe','');
DeleteFile('srv.exe');
DeleteFile('C:\WINDOWS\System32\drivers\Winac52.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winad36.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winad57.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbe40.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winbi02.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wincf60.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winem81.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winfm03.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingj24.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wingl84.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhk81.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winhl41.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winin82.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winjm60.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winkn85.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winms82.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winmt03.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winow58.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpt02.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winpw47.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winqu85.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsv35.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winsv36.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wintb71.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Wintw62.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winux36.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winva82.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwa03.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwa58.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winwb85.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winxb82.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winxc14.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyc13.sys');
DeleteFile('C:\WINDOWS\System32\drivers\Winyc35.sys');
DeleteFile('C:\WINDOWS\system32\braviax.exe');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Пришлите карантин по правилам и повторите логи...