Отключите компьютер от интернета, а также отключите антивирус и/или файрвол.
Закройте все программы, выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('E:\autorun.inf','');
QuarantineFile('E:\MiniNT\system32\rasman.dll','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0014100.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013572.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013567.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013528.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013515.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0012385.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011250.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011245.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011244.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011227.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011223.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011198.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011187.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010980.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010968.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010965.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010963.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010958.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010928.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010925.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010909.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010904.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010903.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010853.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010884.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010880.exe','');
QuarantineFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010846.exe','');
QuarantineFile('C:\Documents and Settings\HP Compaq\Application Data\netprotocol.exe','');
QuarantineFile('C:\WINDOWS\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\tclsvc\tclsvc82.dll','');
QuarantineFile('C:\WINDOWS\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\sentcl\sentcl82.dll','');
QuarantineFile('C:\WINDOWS\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\reg1.0\tclreg82.dll','');
QuarantineFile('C:\WINDOWS\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\nvdtcl\nvdtcl82.dll','');
QuarantineFile('C:\WINDOWS\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\bin\itcl31.dll','');
QuarantineFile('C:\WINDOWS\TEMP\.nvdkit\4cbb1f5137265e7d\737d992b6837ba4c\bin\win32\iphelper.dll','');
QuarantineFile('C:\WINDOWS\SMINST\naspp.dll','');
DeleteFile('C:\Documents and Settings\HP Compaq\Application Data\netprotocol.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010846.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010853.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010880.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010884.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010903.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010904.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010909.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010925.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010928.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010958.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010963.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010965.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010968.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0010980.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011187.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011198.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011223.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011227.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011244.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011245.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0011250.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0012385.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013515.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013528.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013567.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0013572.exe');
DeleteFile('C:\System Volume Information\_restore{851AA5A1-1AC4-4400-A4DE-434AC122BE82}\RP65\A0014100.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Netprotocol');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится! Пришлите карантин по ссылке согласно правил Прислать запрошенный карантин вверху темы. Сделайте новые логи по правилам
E:\ - это флэшка?