Подцепил заразу на экран

Здраствуйте!
В принципе в логах все симптомы описаны: картинка с сообщением о вирусе на экране, невозможность ее снять, постоянно всплывающие синие экраны с сообшениеями об ошибках и предстоящей перезагрузке, но при Esc все возвращается и работает.

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
[/URL]

[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('F:\autorun.wsh','');
QuarantineFile('E:\autorun.wsh','');
QuarantineFile('C:\autorun.wsh','');
QuarantineFile('C:\autorun.exe','');
QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
QuarantineFile('C:\WINDOWS\system32\lphc5wqj0eg5n.exe','');
QuarantineFile('C:\DOCUME~1\Palya\LOCALS~1\Temp\winlogon.exe','');
QuarantineFile('C:\DOCUME~1\Palya\LOCALS~1\Temp\loader.exe','');
DeleteService('Winyt75');
DeleteService('Winxv70');
DeleteService('Winxv06');
DeleteService('Winxl70');
DeleteService('Winwr06');
DeleteService('Winwm25');
DeleteService('Winwf66');
DeleteService('Winvl85');
DeleteService('Winuw63');
DeleteService('Winus42');
DeleteService('Winuh00');
DeleteService('Winte47');
DeleteService('Winss21');
DeleteService('Winrw15');
DeleteService('Winrm83');
DeleteService('Winpp20');
DeleteService('Winnx03');
DeleteService('Winnp62');
DeleteService('Winnk44');
DeleteService('Winnf43');
DeleteService('Winmr66');
DeleteService('Winmo38');
DeleteService('Winlt16');
DeleteService('Winkm15');
DeleteService('Winkf77');
DeleteService('Winkf71');
DeleteService('Winjy36');
DeleteService('Winjj87');
DeleteService('Winjc70');
DeleteService('Winiu63');
DeleteService('Winid84');
DeleteService('Winhy17');
DeleteService('Winhc04');
DeleteService('Wings16');
DeleteService('Wingg62');
DeleteService('Winfn06');
DeleteService('Winfi75');
DeleteService('Winfi74');
DeleteService('Winfc34');
DeleteService('Winec88');
DeleteService('Windi12');
DeleteService('Winda30');
DeleteService('Winch62');
DeleteService('Winbx66');
DeleteService('Winaw34');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winyt75.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxv70.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxv06.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxl70.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwr06.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwm25.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwf66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvl85.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winuw63.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winus42.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winuh00.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winte47.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winss21.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrw15.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winrm83.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winpp20.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnx03.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnp62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnk44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winnf43.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmr66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmo38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winlt16.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkm15.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkf77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkf71.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjy36.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjj87.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjc70.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winiu63.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winid84.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhy17.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhc04.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wings16.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingg62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfn06.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfi75.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfi74.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfc34.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winec88.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Windi12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winda30.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winch62.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbx66.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winaw34.sys','');
DeleteService('apcsvra');
QuarantineFile('C:\Program Files\Common Files\System\apcsvra.dll','');
DeleteService('wscsvcNla');
DeleteService('WmiWmdmPmSNERSvc');
DeleteService('WmdmPmSNRasMan');
DeleteService('WmdmPmSNERSvc');
DeleteService('winmgmtSSDPSRVlanmanworkstationNetman');
DeleteService('VSShelpsvcSharedAccessWmdmPmSNERSvc');
DeleteService('VSShelpsvcSharedAccess');
DeleteService('UPSxmlprov');
DeleteService('upnphostSpooler');
DeleteService('upnphostRSVP');
DeleteService('TermServiceALG');
DeleteService('TapiSrvxmlprov');
DeleteService('SSDPSRVlanmanworkstationNetman');
DeleteService('SSDPSRVgusvcNtmsSvc');
DeleteService('SpoolerMSDTC');
DeleteService('SPIDERNTTapiSrvxmlprov');
DeleteService('SPIDERNTNetDDE');
DeleteService('SENSlanmanworkstation');
DeleteService('SamSsAlerter');
DeleteService('NetDDENetDDE');
DeleteService('MessengerHidServ');
DeleteService('lanmanworkstationNetman');
DeleteService('lanmanworkstation Service');
DeleteService('ImapiServiceNtLmSsp');
DeleteService('HTTPFilterUPS');
DeleteService('HTTPFilterupnphost');
DeleteService('helpsvcSharedAccess');
DeleteService('gusvcNtmsSvc');
DeleteService('EventlogSysmonLog');
DeleteService('dmadminAppMgmtNlaRpcSs');
DeleteService('dmadminAppMgmtNla');
DeleteService('dmadminAppMgmt');
DeleteService('COMSysAppUPSW32Time');
DeleteService('COMSysAppUPS');
DeleteService('AudioSrvAudioSrv');
DeleteService('AppMgmtPlugPlay');
QuarantineFile('srv.exe','');
DeleteFile('srv.exe');
DeleteFile('C:\Program Files\Common Files\System\apcsvra.dll');
DeleteFile('C:\WINDOWS\System32\Drivers\Winaw34.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbx66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winch62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winda30.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Windi12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winec88.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfc34.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfi74.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfi75.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfn06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingg62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wings16.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhc04.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhy17.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winid84.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winiu63.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjc70.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjj87.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjy36.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkf71.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkf77.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkm15.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winlt16.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmo38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmr66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnf43.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnk44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnp62.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winnx03.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winpp20.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrm83.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winrw15.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winss21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winte47.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winuh00.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winus42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winuw63.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvl85.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwf66.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwm25.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwr06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxl70.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxv06.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxv70.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winyt75.sys');
DeleteFile('C:\DOCUME~1\Palya\LOCALS~1\Temp\loader.exe');
DeleteFile('C:\DOCUME~1\Palya\LOCALS~1\Temp\winlogon.exe');
DeleteFile('C:\WINDOWS\system32\blphc5wqj0eg5n.scr');
DeleteFile('C:\WINDOWS\system32\lphc5wqj0eg5n.exe');
DeleteFile('C:\WINDOWS\system32\ntos.exe');
DeleteFile('C:\autorun.exe');
DeleteFile('C:\autorun.wsh');
DeleteFile('E:\autorun.wsh');
DeleteFile('F:\autorun.wsh');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(5 );
ExecuteRepair(6 );
RegKeyStrParamWrite('HKEY_USERS','.DEFAULT\Control Panel\Desktop','Wallpaper','');
RebootWindows(true);
end.
[/CODE]

Пришлите карантин по правилам и повторите логи...

Все сделал

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".[/URL]

[CODE]begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('apcsvra32');
QuarantineFile('C:\Program Files\Common Files\System\apcsvra.exe','');
DeleteFile('C:\Program Files\Common Files\System\apcsvra.exe');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('apcsvra32');
BC_Activate;
RebootWindows(true);
end.[/CODE]

Пришлите карантин по правилам и повторите логи...

Помогает

В логах чисто, жалобы есть?

Все ОК

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]116[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]