Скачайте "OSAM" (Online Solutions Autorun Manager). В меню драйверов правой кнопкой по rvflclp и выберите "Turn Run Off", потом подтвердите перезагрузку.
Сохраните html-лог работы утилиты, заархивируйте его и прикрепите к своему сообщению
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\sfcfiles.dll','');
QuarantineFile('C:\WINDOWS\system32\mssfc.dll','');
QuarantineFile('C:\WINDOWS\system32\e85a067b.exe','');
QuarantineFile('C:\WINDOWS\TEMP\103606b40f2de','');
QuarantineFile('C:\WINDOWS\TEMP\10320681ae45c','');
QuarantineFile('C:\WINDOWS\TEMP\10280da4ba134','');
QuarantineFile('C:\WINDOWS\TEMP\10360a4bf815c','');
DeleteService('fa59b9aac0959325');
DeleteService('f9dbbcf83415b52b');
DeleteService('ea9836e378560ecd');
DeleteService('e937c40bad033c79');
QuarantineFile('C:\WINDOWS\TEMP\10320833f114e','');
QuarantineFile('C:\WINDOWS\TEMP\10320c4393f28','');
DeleteService('df0cd6a2b59fc7d7');
DeleteService('dd08049fa07ed77a');
QuarantineFile('C:\WINDOWS\TEMP\102802aeded0','');
QuarantineFile('C:\WINDOWS\TEMP\10400c036aaa8','');
QuarantineFile('C:\WINDOWS\TEMP\1028072c3c426','');
DeleteService('ca078d1915325027');
DeleteService('bf24fe836104642b');
DeleteService('b6f578d9065e66e6');
QuarantineFile('C:\WINDOWS\TEMP\102808bcbffbd','');
QuarantineFile('C:\WINDOWS\TEMP\10360fe5525f8','');
QuarantineFile('C:\WINDOWS\TEMP\10240296d93ed','');
QuarantineFile('C:\WINDOWS\TEMP\102806f184b72','');
QuarantineFile('C:\WINDOWS\TEMP\1028015538b1e','');
QuarantineFile('C:\WINDOWS\TEMP\102803bb3e96f','');
QuarantineFile('C:\WINDOWS\TEMP\10280a51c68a7','');
QuarantineFile('C:\WINDOWS\TEMP\1032081b4a154','');
QuarantineFile('C:\WINDOWS\TEMP\10320e3c684b2','');
QuarantineFile('C:\WINDOWS\TEMP\103204e102010','');
QuarantineFile('C:\WINDOWS\TEMP\10320177cff5a','');
QuarantineFile('C:\WINDOWS\TEMP\103607c63ac4e','');
QuarantineFile('C:\WINDOWS\TEMP\10280305d6a73','');
QuarantineFile('C:\WINDOWS\TEMP\10320e523ea07','');
QuarantineFile('C:\WINDOWS\TEMP\10320dc569e68','');
QuarantineFile('C:\WINDOWS\TEMP\10280200c5978','');
QuarantineFile('C:\WINDOWS\TEMP\103604ae030fd','');
QuarantineFile('C:\WINDOWS\TEMP\10320c60ba061','');
QuarantineFile('C:\WINDOWS\TEMP\10320b0a435b2','');
QuarantineFile('C:\WINDOWS\TEMP\10280d61fcd36','');
QuarantineFile('C:\WINDOWS\TEMP\10320b18e51b6','');
QuarantineFile('C:\WINDOWS\TEMP\10320cc97a493','');
DeleteService('ab659cd9551f8efb');
DeleteService('aa38f52fae450eeb');
DeleteService('a7f4d5e929232c0f');
DeleteService('9db3ef860bf6dda6');
DeleteService('93396a2cb6365ec3');
DeleteService('78a441749c240705');
DeleteService('7748adf1202864df');
DeleteService('7105e7325920e26f');
DeleteService('6a3b83c518f3fdeb');
DeleteService('68d0aab837f09add');
DeleteService('679a4d03233d9ee2');
DeleteService('61ed0b4a344f1cd2');
DeleteService('4ec31ac3def4e29e');
DeleteService('4d136e9415f3e285');
DeleteService('4a7bbde0f4b2c209');
DeleteService('46a9ea6c9d8dff4f');
DeleteService('3a76260234c31de8');
DeleteService('35a3231553ca3cdc');
DeleteService('34cbcb1be40fb418');
DeleteService('277f561c7f06d0c5');
DeleteService('1f0cf7309e1cc1f4');
DeleteService('05357e7c1ef3d14d');
QuarantineFile('C:\WINDOWS\System32\Drivers\Sfloppy.SYS','');
QuarantineFile('C:\WINDOWS\system32\Drivers\rvflclp.sys','');
DeleteFile('C:\WINDOWS\system32\Drivers\rvflclp.sys');
DeleteFile('C:\WINDOWS\TEMP\10320cc97a493');
DeleteFile('C:\WINDOWS\TEMP\10320b18e51b6');
DeleteFile('C:\WINDOWS\TEMP\10280d61fcd36');
DeleteFile('C:\WINDOWS\TEMP\10320b0a435b2');
DeleteFile('C:\WINDOWS\TEMP\10320c60ba061');
DeleteFile('C:\WINDOWS\TEMP\103604ae030fd');
DeleteFile('C:\WINDOWS\TEMP\10280200c5978');
DeleteFile('C:\WINDOWS\TEMP\10320dc569e68');
DeleteFile('C:\WINDOWS\TEMP\10320e523ea07');
DeleteFile('C:\WINDOWS\TEMP\10280305d6a73');
DeleteFile('C:\WINDOWS\TEMP\103607c63ac4e');
DeleteFile('C:\WINDOWS\TEMP\10320177cff5a');
DeleteFile('C:\WINDOWS\TEMP\103204e102010');
DeleteFile('C:\WINDOWS\TEMP\10320e3c684b2');
DeleteFile('C:\WINDOWS\TEMP\1032081b4a154');
DeleteFile('C:\WINDOWS\TEMP\10280a51c68a7');
DeleteFile('C:\WINDOWS\TEMP\102803bb3e96f');
DeleteFile('C:\WINDOWS\TEMP\1028015538b1e');
DeleteFile('C:\WINDOWS\TEMP\102806f184b72');
DeleteFile('C:\WINDOWS\TEMP\10240296d93ed');
DeleteFile('C:\WINDOWS\TEMP\10360fe5525f8');
DeleteFile('C:\WINDOWS\TEMP\102808bcbffbd');
DeleteFile('C:\WINDOWS\TEMP\1028072c3c426');
DeleteFile('C:\WINDOWS\TEMP\10400c036aaa8');
DeleteFile('C:\WINDOWS\TEMP\102802aeded0');
DeleteFile('C:\WINDOWS\TEMP\10320c4393f28');
DeleteFile('C:\WINDOWS\TEMP\10320833f114e');
DeleteFile('C:\WINDOWS\TEMP\10360a4bf815c');
DeleteFile('C:\WINDOWS\TEMP\10280da4ba134');
DeleteFile('C:\WINDOWS\TEMP\10320681ae45c');
DeleteFile('C:\WINDOWS\TEMP\103606b40f2de');
DeleteFile('C:\WINDOWS\system32\e85a067b.exe');
DeleteFile('C:\WINDOWS\system32\mssfc.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Скачайте AVZ 4.35, обновите его базы
Сделайте новые логи
Сделайте лог ComboFix