Пофиксите в HiJack
Код:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\1\LOCALS~1\Temp\bldjad.exe
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\DOCUME~1\1\LOCALS~1\Temp\bldjad.exe','');
DeleteFile('C:\DOCUME~1\1\LOCALS~1\Temp\bldjad.exe');
QuarantineFile('C:\DATA\FILES\BEAST.exe','');
QuarantineFile('c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\LucK.exe','');
QuarantineFile('C:\ROM\P-43553JIYW-8374322329-0909090987-120\sys32s.exe','');
QuarantineFile('C:\QUICKTIME\Q-43234FDHJ-0234567123-887321236-432\FEB2.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winde32.exe','');
QuarantineFile('C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe','');
DeleteFile('C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winde32.exe');
DeleteFile('C:\QUICKTIME\Q-43234FDHJ-0234567123-887321236-432\FEB2.exe');
DeleteFile('C:\ROM\P-43553JIYW-8374322329-0909090987-120\sys32s.exe');
DeleteFile('c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\LucK.exe');
DeleteFile('C:\DATA\FILES\BEAST.exe');
DelCLSID('{67KLN5J0-4OPM-01WE-AAX5-314CCA322142}');
DelCLSID('{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87}');
DelCLSID('{64KLC5K0-4OPM-00WE-AAX8-17EF1D187666}');
DelCLSID('{64KLC5K0-4OPM-00WE-AAX8-17EF1D187263}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-81CX1C735612}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-21CX3C644141}');
DeleteFileMask('C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013', '*.*', true);
DeleteDirectory('C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013');
DeleteFileMask('C:\CONFIG', '*.*', true);
DeleteDirectory('C:\CONFIG');
DeleteFileMask('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013', '*.*', true);
DeleteDirectory('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013');
DeleteFileMask('C:\RECYCLER', '*.*', true);
DeleteDirectory('C:\RECYCLER');
DeleteFileMask('C:\QUICKTIME\Q-43234FDHJ-0234567123-887321236-432', '*.*', true);
DeleteDirectory('C:\QUICKTIME\Q-43234FDHJ-0234567123-887321236-432');
DeleteFileMask('C:\QUICKTIME', '*.*', true);
DeleteDirectory('C:\QUICKTIME');
DeleteFileMask('C:\ROM\P-43553JIYW-8374322329-0909090987-120', '*.*', true);
DeleteDirectory('C:\ROM\P-43553JIYW-8374322329-0909090987-120');
DeleteFileMask('C:\ROM', '*.*', true);
DeleteDirectory('C:\ROM');
DeleteFileMask('c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013', '*.*', true);
DeleteDirectory('c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013');
DeleteFileMask('c:\RESTORE', '*.*', true);
DeleteDirectory('c:\RESTORE');
DeleteFileMask('C:\DATA\FILES', '*.*', true);
DeleteDirectory('C:\DATA\FILES');
DeleteFileMask('C:\DATA', '*.*', true);
DeleteDirectory('C:\DATA');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи