1. Отключите восстановление системы и антивирус.
2. Выполните скрипт в AVZ:
Код:
begin
ClearQuarantine;
SetAVZGuardStatus(True);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
DelBHO('{F7303337-2AC6-4C19-9F8F-278ED8DB780E}');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\oallib.dll','');
DelBHO('{0140DF95-9128-4053-AE72-F43F0CFCA062}');
QuarantineFile('C:\WINDOWS\system32\SiKernel.dll','');
QuarantineFile('mncpmgr.exe','');
QuarantineFile('C:\WINDOWS\system32\stisvc.exe','');
QuarantineFile('C:\WINDOWS\system32\psxss.exe','');
QuarantineFile('C:\WINDOWS\System32\tssdis.exe','');
QuarantineFile('C:\WINDOWS\System32\PrintFilterPipelineSvc.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-4874927500-0262974081-787662380-2021\sysdate.exe','');
QuarantineFile('C:\Program Files\Microsoft ActiveSync\wcescomm.exe','');
QuarantineFile('C:\Program Files\Java\jre6\bin\jusched.exe','');
QuarantineFile('C:\Program Files\Java\jre6\bin\jqs.exe','');
QuarantineFile('C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe','');
QuarantineFile('C:\Program Files\Eset\nod32kui.exe','');
QuarantineFile('C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE','');
QuarantineFile('C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe','');
QuarantineFile('C:\Program Files\ATK Hotkey\Hcontrol.exe','');
QuarantineFile('C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE','');
QuarantineFile('C:\Documents and Settings\Sergey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe','');
QuarantineFile('0.exe','');
DeleteService('xkffrluw');
DeleteService('WINIO');
QuarantineFile('C:\WINDOWS\system32\winio.sys','');
DeleteService('rwyjitzf');
DeleteService('rthfwbko');
DeleteService('ropfjjpl');
DeleteService('qxymvkun');
DeleteService('psbujazx');
DeleteService('pglfdpwk');
DeleteService('lqneufjb');
DeleteService('lhmljaln');
DeleteService('kwhbuyyw');
DeleteService('jvpeqjlu');
DeleteService('jkuohdyd');
DeleteService('iqufwvhs');
DeleteService('gdzfthdh');
DeleteService('epjflbuy');
DeleteService('egmjkdch');
DeleteService('bzymthds');
DeleteService('btjobmqa');
DeleteService('axlzkryk');
DeleteService('agosqmpo');
DeleteService('Mxqs Service');
QuarantineFile('Mxqs Service.sys','');
QuarantineFile('C:\Documents and Settings\Sergey\Application Data\drivers\wfsintwq.sys','');
DeleteFile('C:\Documents and Settings\Sergey\Application Data\drivers\wfsintwq.sys');
DeleteFile('Mxqs Service.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\agosqmpo.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\axlzkryk.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\btjobmqa.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\bzymthds.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\egmjkdch.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\epjflbuy.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\gdzfthdh.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\iqufwvhs.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\jkuohdyd.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\jvpeqjlu.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\kwhbuyyw.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\lhmljaln.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\lqneufjb.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\pglfdpwk.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\psbujazx.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\qxymvkun.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ropfjjpl.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\rthfwbko.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\rwyjitzf.sys');
DeleteFile('C:\WINDOWS\system32\winio.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\xkffrluw.sys');
DeleteFile('0.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-4874927500-0262974081-787662380-2021\sysdate.exe');
DeleteFile('mncpmgr.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SoftwareMicrosoftWindowsCurrentVersionRun','Microsoft Network DHCP Manager');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SoftwareMicrosoftWindowsCurrentVersionRunServices','Microsoft Network DHCP Manager');
RegKeyParamDel('HKEY_CURRENT_USER','SoftwareMicrosoftWindowsCurrentVersionRun','Microsoft Network DHCP Manager');
DeleteFile('C:\WINDOWS\system32\SiKernel.dll');
DeleteFile('C:\Documents and Settings\All Users\Application Data\oallib.dll');
DeleteFile('F:\autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW', 3, 3, true);
ExecuteWizard('SCU', 3, 3, true);
BC_Activate;
CreateQurantineArchive('C:\quarantine.zip');
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится!
Загрузите файл C:\quarantine.zip, используя ссылку http://virusinfo.info/upload_virus.php?tid=58620
3. Повторите лог virusinfo_syscheck.