Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UK28SVMF\1[2].exe','');
QuarantineFile('C:\WINDOWS\Temp\tmpFBE2.tmp','');
QuarantineFile('C:\WINDOWS\system32\wininet.exe','');
QuarantineFile('C:\WINDOWS\systemup.exe','');
QuarantineFile('C:\WINDOWS\system32\svshost.dll','');
QuarantineFile('C:\WINDOWS\system32\msxslt3.exe','');
QuarantineFile('C:\WINDOWS\TEMP\3888778.exe','');
QuarantineFile('C:\WINDOWS\system32\XDva349.sys','');
DeleteService('XDva349');
DeleteService('srvsysdriver32');
QuarantineFile('C:\WINDOWS\system32\drivers\svajnager.exe','');
SetServiceStart('svajnag', 4);
DeleteService('svajnag');
SetServiceStart('srviecheck', 4);
DeleteService('srviecheck');
TerminateProcessByName('c:\windows\w_distrib.exe');
QuarantineFile('c:\windows\w_distrib.exe','');
TerminateProcessByName('c:\windows\tray_tmp.exe');
QuarantineFile('c:\windows\tray_tmp.exe','');
TerminateProcessByName('c:\windows\sysdriver32_.exe');
QuarantineFile('c:\windows\sysdriver32_.exe','');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\startup\svchost.exe');
QuarantineFile('c:\docume~1\admin\locals~1\temp\startup\svchost.exe','');
TerminateProcessByName('c:\windows\l1rezerv.exe');
QuarantineFile('c:\windows\l1rezerv.exe','');
TerminateProcessByName('c:\windows\iecheck.exe');
QuarantineFile('c:\windows\iecheck.exe','');
DeleteFile('c:\windows\iecheck.exe');
DeleteFile('c:\windows\l1rezerv.exe');
DeleteFile('c:\docume~1\admin\locals~1\temp\startup\svchost.exe');
DeleteFile('c:\windows\sysdriver32_.exe');
DeleteFile('c:\windows\tray_tmp.exe');
DeleteFile('c:\windows\w_distrib.exe');
DeleteFile('C:\WINDOWS\system32\drivers\svajnager.exe');
DeleteFile('C:\WINDOWS\system32\XDva349.sys');
DeleteFile('C:\WINDOWS\TEMP\3888778.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','delzipdrivers');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','l1rezerv.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32_.exe');
DeleteFile('C:\WINDOWS\system32\msxslt3.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MsXSLT');
DeleteFile('C:\WINDOWS\system32\svshost.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','SysRun');
DeleteFile('C:\WINDOWS\systemup.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','systemup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','w_distrib.exe');
DeleteFile('C:\WINDOWS\Temp\tmpFBE2.tmp');
DeleteFile('C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UK28SVMF\1[2].exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Скачайте AVZ 4.35, обновите базы
Сделайте новые логи