Закройте/выгрузите все программы кроме AVZ и Internet Explorer.
- Отключите ПК от интернета/локалки
- Отключите Антивирус и Файрвол.
- Отключите Системное восстановление.
В AVZ выполните скрипт:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\RECYCLER\S-1-5-21-8591210154-2788203155-043923980-6941\yv8g67.exe,C:\Documents and Settings\wery\Application Data\lbisov.exe,explorer.exe,C:\Documents and Settings\wery\Application Data\ozzfhv.exe','');
QuarantineFile('SwPrv.sys','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8591210154-2788203155-043923980-6941\yv8g67.exe','');
QuarantineFile('C:\Documents and Settings\wery\Application Data\lbisov.exe,explorer.exe','');
QuarantineFile('C:\Documents and Settings\wery\Application Data\ozzfhv.exe','');
QuarantineFile('C:\Documents and Settings\wery\Application Data\lbisov.exe','');
DeleteService('srservice');
QuarantineFile('srservice.sys','');
StopService('COMSysApp');
QuarantineFile('COMSysApp.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys','');
QuarantineFile('c:\windows\temp\wpv111283850910.exe','');
TerminateProcessByName('c:\windows\temp\wpv111283850910.exe');
QuarantineFile('c:\windows\system32\userini.exe','');
TerminateProcessByName('c:\windows\system32\userini.exe');
QuarantineFile('C:\WINDOWS\system32\userini.exe','');
QuarantineFile('C:\WINDOWS\explorer.exe:userini.exe:$DATA','');
QuarantineFile('c:\windows\explorer.exe:userini.exe:$DATA','');
DeleteFile('c:\windows\explorer.exe:userini.exe:$DATA');
DeleteFile('C:\WINDOWS\explorer.exe:userini.exe:$DATA');
DeleteFile('C:\WINDOWS\system32\userini.exe');
DeleteFile('c:\windows\system32\userini.exe');
DeleteFile('c:\windows\temp\wpv111283850910.exe');
DeleteFile('srservice.sys');
BC_DeleteSvc('srservice');
DeleteFile('SwPrv.sys');
BC_DeleteSvc('SwPrv');
DeleteFile('C:\RECYCLER\S-1-5-21-8591210154-2788203155-043923980-6941\yv8g67.exe');
DeleteFile('C:\Documents and Settings\wery\Application Data\lbisov.exe');
DeleteFile('C:\Documents and Settings\wery\Application Data\lbisov.exe,explorer.exe');
DeleteFile('C:\Documents and Settings\wery\Application Data\ozzfhv.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-8591210154-2788203155-043923980-6941\yv8g67.exe,C:\Documents and Settings\wery\Application Data\lbisov.exe,explorer.exe,C:\Documents and Settings\wery\Application Data\ozzfhv.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','userini');
QuarantineFileF('%system32%', '*.exe', false,'', 0, 0, '10.07.2010', '10.09.2010');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',3,3,true);
BC_Activate;
ExecuteRepair(16);
ExecuteRepair(8);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
SetAVZPMStatus(True);
RebootWindows(true);
end.
После перезагрузки
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Пришлите карантин quarantine.zip по красной ссылке Прислать запрошенный карантин вверху темы.
Логи повторите.