Помогите вылечить ПК. Вирус Win32/Kryptik.QW троян, JS/TrojanDonloader.HackLoad.AA. Обнаружил Nod32.

День добрый. Просьба помочь вылечить ПК.
Nod32 нашел Win32/Kryptik.QW троян, JS/TrojanDonloader.HackLoad.AA.

Логи AVZ, hijackthis прилагаются.

Заранее огромное спасибо! :)

[QUOTE='forever;689755']Логи AVZ, hijackthis прилагаются.[/QUOTE]
А куда?

Исправил. Проблема актуальна.

[QUOTE=pig;689758]А куда?[/QUOTE]
Закончилась квота. Исправил.
Просьба помочь!

Закройте все открытые приложения, кроме АVZ и Internet Explorer.
Отключите
- ПК от интернета/локалки
- [B][COLOR="Red"]Обязательно!!! Системное восстановление!!![/COLOR][/B][URL="http://virusinfo.info/pravila_old.html"] как- посмотреть можно тут[/URL]
- Выгрузите антивирус и/или Файрвол
- Закройте все программы
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\sysrest.sys','');
DeleteService('sysrest.sys');
QuarantineFile('C:\WINDOWS\system32\adsnwd.exe','');
DeleteService('WZCSVCTapiSrvlanmanserverdmserver');
DeleteService('WZCSVCLmHostsSwPrvSysmonLogdmserveroseMessengermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler');
DeleteService('WZCSVCLmHostsSwPrvSysmonLog');
DeleteService('wuauservSamSs');
DeleteService('wuauservImapiServiceWebaltaControllerTrkWksTrkWks');
DeleteService('wuauservImapiService');
DeleteService('WmiVSSUPSNetman');
DeleteService('WmiVSSUPS');
DeleteService('WmiProtectedStorageHTTPFilterSwPrvSysmonLog');
DeleteService('WmiProtectedStorageHTTPFilter');
DeleteService('WmiProtectedStorage');
DeleteService('WmiApSrvSCardSvrHidServWmdmPmSNNetDDEdsdmWmdmPmSN');
DeleteService('WmiApSrvosedmserverhelpsvcMDM');
DeleteService('WmiApSrvAVPoseWmiProtectedStorage');
DeleteService('WmiApSrvAVPose');
DeleteService('WmdmPmSNImapiServiceMessengermnmsrvcwuauservstisvc');
DeleteService('WmdmPmSNImapiServiceMessengermnmsrvcwuauservoseAlerter');
DeleteService('winmgmtSSDPSRVSCardSvrHidServstisvc');
DeleteService('winmgmtSSDPSRV');
DeleteService('WebClientwinmgmtSysmonLog');
DeleteService('WebClientwinmgmtSamSsTapiSrvlanmanserver');
DeleteService('WebClientwinmgmtAlerterTlntSvrNlaEventSystemBrowser');
DeleteService('WebaltaControllerTrkWks');
DeleteService('WebaltaController');
DeleteService('W32TimeHidServwinmgmt');
DeleteService('W32TimeAudioSrvwscsvc');
DeleteService('W32TimeAudioSrvFastUserSwitchingCompatibilitySCardSvrHidServWmdmPmSNTapiSrvSharedAccess');
DeleteService('W32TimeAudioSrv');
DeleteService('VSSUPSVSSsrserviceosemnmsrvcwuauserv');
DeleteService('VSSUPS');
DeleteService('upnphostAudioSrvEventlogHTTPFilterwuauservTlntSvrNlaEventSystemBrowser');
DeleteService('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserverhelpsvcSharedAccessHTTPFilterBrowserMessenger');
DeleteService('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserver');
DeleteService('TlntSvrSCardSvrHidServThemes');
DeleteService('TlntSvrSCardSvrHidServRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc');
DeleteService('TlntSvrSCardSvrHidServLmHosts');
DeleteService('TlntSvrSCardSvrHidServ Web Scanner');
DeleteService('TlntSvrSCardSvrHidServ');
DeleteService('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSspMessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP');
DeleteService('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSsp');
DeleteService('TlntSvrRpcSsSharedAccessdmserverBITS');
DeleteService('TlntSvrRpcSsSharedAccess');
DeleteService('TlntSvrFastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ');
DeleteService('TapiSrvSharedAccess');
DeleteService('TapiSrvRpcSs');
DeleteService('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauservAtiRpcSsSharedAccess');
DeleteService('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv');
DeleteService('TapiSrvlanmanserverNetDDEdsdmWmdmPmSN');
DeleteService('TapiSrvlanmanserver');
DeleteService('TapiSrvDcomLaunchTlntSvrSCardSvrHidServLmHosts');
DeleteService('TapiSrvDcomLaunch');
DeleteService('SysmonLogSharedAccessWmiApSrvWmdmPmSN');
DeleteService('SysmonLogSharedAccessWmiApSrv');
DeleteService('SysmonLogSharedAccessWebClientwinmgmtAlerter');
DeleteService('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservTapiSrvlanmanserverdmserver');
DeleteService('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservAlerterProtectedStorageRemoteAccess');
DeleteService('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauserv');
DeleteService('SysmonLogSharedAccess');
DeleteService('SysmonLogmnmsrvcProtectedStorageRemoteAccess');
DeleteService('SysmonLogmnmsrvc');
DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPSoseAlerter');
DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPSAudioSrvEventlogVSSVSSUPSVSS');
DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPSAudioSrvEventlogVSS');
DeleteService('SwPrvSysmonLogSSDPSRVWmiVSSUPS');
DeleteService('SwPrvSysmonLog');
DeleteService('SwPrvhelpsvcWmdmPmSN');
DeleteService('SwPrvhelpsvc');
DeleteService('StarWindServiceAE');
DeleteService('SSDPSRVWmiVSSUPS');
DeleteService('srserviceRasManHTTPFilterShellHWDetectionAVP');
DeleteService('SpoolerShellHWDetectionLmHostsosehelpsvc');
DeleteService('SpoolermnmsrvcwuauservwuauservSamSs');
DeleteService('SpoolermnmsrvcwuauservSwPrvAVPoseDhcpAVPSCardSvrHidServstisvc');
DeleteService('SpoolermnmsrvcwuauservSpoolerEventSystemNlaEventSystemFastUserSwitchingCompatibility');
DeleteService('Spoolermnmsrvcwuauserv');
DeleteService('SpoolerHTTPFilterShellHWDetectionAVPmnmsrvc');
DeleteService('SpoolerHTTPFilterShellHWDetectionAVPAdobemnmsrvc');
DeleteService('SpoolerHTTPFilterShellHWDetectionAVP');
DeleteService('SpoolerEventSystemNlaEventSystem');
DeleteService('Spooler Web Scanner');
DeleteService('ShellHWDetectionLmHostsoseWmiApSrv');
DeleteService('ShellHWDetectionLmHostsoseSwPrvSysmonLogSSDPSRVWmiVSSUPS');
DeleteService('ShellHWDetectionLmHostsose');
DeleteService('ShellHWDetectionHTTPFilterBrowserRasMan');
DeleteService('ShellHWDetectionHTTPFilterBrowser');
DeleteService('ShellHWDetectionAVP');
DeleteService('seclogonRemoteRegistrySharedAccess');
DeleteService('seclogonRemoteRegistry');
DeleteService('ScheduleUMWdfNetDDE');
DeleteService('ScheduleUMWdf');
DeleteService('ScheduleHidServSpooler');
DeleteService('SCardSvrHidServWmdmPmSNTapiSrvSharedAccess');
DeleteService('SCardSvrHidServWmdmPmSNNetDDEdsdmWmdmPmSN');
DeleteService('SCardSvrHidServstisvc');
DeleteService('SCardSvrHidServHidServ');
DeleteService('SCardSvrHidServ');
DeleteService('SCardSvrdmadmin');
DeleteService('SamSsWmiVSSUPS');
DeleteService('SamSsTapiSrvlanmanserver');
DeleteService('SamSsRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
DeleteService('SamSslanmanserver');
DeleteService('RpcSsSharedAccessThemes');
DeleteService('RpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS');
DeleteService('RpcSsSharedAccesslanmanworkstation');
DeleteService('RpcSsSharedAccessAudioSrvPolicyAgentupnphost');
DeleteService('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccessRpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS');
DeleteService('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccess');
DeleteService('RpcSsSharedAccess');
DeleteService('RpcLocatorHidServSpoolerMessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN');
DeleteService('RpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv');
DeleteService('RpcLocatorHidServSpooler');
DeleteService('RemoteRegistryosemnmsrvcwuauserv');
DeleteService('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc');
DeleteService('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
DeleteService('RemoteRegistryCOMSysApp');
DeleteService('RemoteAccessTapiSrvlanmanserverNetDDEdsdmWmdmPmSN');
DeleteService('RemoteAccessBITSW32TimeCryptSvcAppMgmt');
DeleteService('RDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
DeleteService('RDSessMgrmnmsrvcwuauservEventSystemNlaEventSystem');
DeleteService('RDSessMgrmnmsrvcwuauserv');
DeleteService('RasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler');
DeleteService('RasManHTTPFilterShellHWDetectionAVP');
DeleteService('RasMandmserverBITS');
DeleteService('RasManCryptSvcSCardSvrVSSUPS');
DeleteService('RasManCryptSvcSCardSvr');
DeleteService('RasManCryptSvcmnmsrvcwuauservNetlogon');
DeleteService('RasManCryptSvc');
DeleteService('RasMan HotKey Poller');
DeleteService('ProtectedStorageRemoteAccessNetlogonNtmsSvc LM Service');
DeleteService('ProtectedStorageRemoteAccessNetlogonNtmsSvc');
DeleteService('ProtectedStorageRemoteAccess');
DeleteService('ProtectedStorageERSvc');
DeleteService('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVP');
DeleteService('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
DeleteService('PolicyAgentHidServSpoolerAudioSrvEventlogHTTPFilterwuauserv');
DeleteService('PolicyAgentHidServSpooler');
DeleteService('PlugPlayHidServSpooler');
DeleteService('oseosedmserver');
DeleteService('osedmserverhelpsvcMDMDhcpAVPSCardSvrHidServstisvc');
DeleteService('osedmserverhelpsvcMDM');
DeleteService('osedmserverhelpsvc');
DeleteService('osedmserver');
DeleteService('NtmsSvcose');
DeleteService('NtLmSspShellHWDetectionAVPTapiSrvlanmanserverNetDDEdsdmWmdmPmSN');
DeleteService('NtLmSspShellHWDetectionAVP');
DeleteService('NtLmSsposemnmsrvcwuauservNlaEventSystemBITSWebClientwinmgmtSamSsTapiSrvlanmanserver');
DeleteService('NtLmSsposemnmsrvcwuauservNlaEventSystemBITS');
DeleteService('NtLmSsposemnmsrvcwuauserv');
DeleteService('NtLmSsp HotKey Poller');
DeleteService('NlaEventSystemBrowserPolicyAgent');
DeleteService('NlaEventSystemBrowser');
DeleteService('NlaEventSystemBITS');
DeleteService('NlaEventSystem');
DeleteService('NetlogonNtmsSvcSharedAccessHTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauserv');
DeleteService('NetlogonNtmsSvcSharedAccess');
DeleteService('NetlogonNtmsSvcRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler');
DeleteService('NetlogonNtmsSvc');
DeleteService('NetDDEdsdmWmdmPmSN');
DeleteService('NetDDEdsdmSpoolermnmsrvcwuauserv');
DeleteService('MSIServerSCardSvrdmadmin');
DeleteService('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSNetDDEdsdm');
DeleteService('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS');
DeleteService('MSDTCSSDPSRVWmiVSSUPS');
DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpRasMandmserverBITS');
DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpmnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter');
DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcp');
DeleteService('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS');
DeleteService('mnmsrvcwuauservNetlogon');
DeleteService('mnmsrvcwuauservCryptSvcRasMandmserverBITS');
DeleteService('mnmsrvcwuauservCryptSvc');
DeleteService('mnmsrvcwuauserv');
DeleteService('mnmsrvcFastUserSwitchingCompatibilityUMWdfwuauservImapiService');
DeleteService('mnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter');
DeleteService('mnmsrvcFastUserSwitchingCompatibilityUMWdf');
DeleteService('mnmsrvcFastUserSwitchingCompatibilitySpoolermnmsrvcwuauservwuauservSamSs');
DeleteService('mnmsrvcFastUserSwitchingCompatibility');
DeleteService('MessengerRasMan');
DeleteService('MessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN');
DeleteService('MessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP');
DeleteService('MessengermnmsrvcwuauservMSIServer');
DeleteService('Messengermnmsrvcwuauserv');
DeleteService('MDMRasAutoSCardSvrHidServWmdmPmSNTapiSrvSharedAccess');
DeleteService('MDMRasAutoNetlogon');
DeleteService('MDMRasAuto');
DeleteService('LmHostsSwPrvSysmonLog');
DeleteService('LmHostsose');
DeleteService('lanmanworkstationRasManCryptSvcSCardSvr');
DeleteService('ImapiServiceMessengerRasManwinmgmtSSDPSRV');
DeleteService('ImapiServiceMessengerRasMan');
DeleteService('ImapiServiceMessengermnmsrvcwuauservTermService');
DeleteService('ImapiServiceMessengermnmsrvcwuauserv');
DeleteService('ImapiService LM Service');
DeleteService('HTTPFilterwuauservSamSs');
DeleteService('HTTPFilterWmiProtectedStorageHTTPFilter');
DeleteService('HTTPFilterVSSUPSVSSsrserviceosemnmsrvcwuauserv');
DeleteService('HTTPFilterShellHWDetectionAVPWmiVSSUPS');
DeleteService('HTTPFilterShellHWDetectionAVP');
DeleteService('HTTPFilterBrowserWebClientSchedule');
DeleteService('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauservsrservice');
DeleteService('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauserv');
DeleteService('HTTPFilterBrowserMessengerDnscacheWebaltaControllerTrkWksNetlogonNtmsSvcSharedAccess');
DeleteService('HTTPFilterBrowserMessengerDnscacheSENS');
DeleteService('HTTPFilterBrowserMessengerDnscacheFastUserSwitchingCompatibilityseclogon');
DeleteService('HTTPFilterBrowserMessengerDnscache');
DeleteService('HTTPFilterBrowser');
DeleteService('HidServSpoolerVSSUPSwuauservwuauservThemes');
DeleteService('HidServSpoolerVSSUPSwuauservThemesCryptSvc');
DeleteService('HidServSpoolerVSSUPSwuauservThemes');
DeleteService('HidServSpoolerVSSUPSwuauserv');
DeleteService('HidServSpoolerVSSUPS');
DeleteService('HidServSpoolerseclogon');
DeleteService('HidServSpoolerScheduleUMWdfdmserveroseMessengermnmsrvcwuauservwinmgmt');
DeleteService('HidServSpoolerScheduleUMWdf');
DeleteService('HidServSpoolerSchedule');
DeleteService('HidServSpoolermnmsrvcwuauservAVPoseTapiSrvlanmanserverdmserverdmadmin');
DeleteService('HidServSpoolermnmsrvcwuauserv');
DeleteService('HidServSpoolerCryptSvcTlntSvr');
DeleteService('HidServSpooler');
DeleteService('HidServ Web Scanner');
DeleteService('helpsvcSharedAccessProtectedStorageRemoteAccessEventlog');
DeleteService('helpsvcSharedAccessProtectedStorageRemoteAccess');
DeleteService('helpsvcSharedAccessHTTPFilterBrowserMessenger');
DeleteService('helpsvcSharedAccess');
DeleteService('FastUserSwitchingCompatibilitySpoolerHTTPFilterShellHWDetectionAVPhelpsvcSharedAccessProtectedStorageRemoteAccessEventlog');
DeleteService('FastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ');
DeleteService('FastUserSwitchingCompatibilityseclogon');
DeleteService('FastUserSwitchingCompatibilitySCardSvrHidServWmdmPmSNTapiSrvSharedAccess');
DeleteService('EventSystemNtLmSsp');
DeleteService('EventSystemNlaEventSystemSpoolerEventSystemNlaEventSystem');
DeleteService('EventSystemNlaEventSystemRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc');
DeleteService('EventSystemNlaEventSystemBITS');
DeleteService('EventSystemNlaEventSystem');
DeleteService('dmserveroseMessengermnmsrvcwuauservwinmgmt');
DeleteService('dmserveroseMessengermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler');
DeleteService('dmserveroseMessengermnmsrvcwuauservClipSrvNetlogon');
DeleteService('dmserveroseMessengermnmsrvcwuauserv');
DeleteService('dmserverBITSwuauservSamSswinmgmt');
DeleteService('dmserverBITSwuauservSamSs');
DeleteService('dmserverBITS');
DeleteService('dmadminmnmsrvc');
DeleteService('DhcpWebaltaControllerCiSvc');
DeleteService('DhcpWebaltaController');
DeleteService('DhcpAVPSCardSvrHidServstisvc');
DeleteService('DcomLaunchThemesAdobemnmsrvcwuauservSamSs');
DeleteService('DcomLaunchThemes');
DeleteService('DcomLaunchHidServSpoolerScheduleMSDTC');
DeleteService('DcomLaunchHidServSpoolerScheduleAudioSrv');
DeleteService('DcomLaunchHidServSpoolerSchedule');
DeleteService('CryptSvcW32TimeAudioSrvwscsvc');
DeleteService('CryptSvcTlntSvr');
DeleteService('CryptSvcFastUserSwitchingCompatibility');
DeleteService('CryptSvcAppMgmtNlaEventSystemwinmgmt');
DeleteService('CryptSvcAppMgmtNlaEventSystem');
DeleteService('CryptSvcAppMgmtHidServSpoolerVSSUPSwuauserv');
DeleteService('CryptSvcAppMgmtHidServ');
DeleteService('CryptSvcAppMgmt');
DeleteService('COMSysAppRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
DeleteService('ClipSrvNetlogon');
DeleteService('ClipSrv HotKey Poller');
DeleteService('BrowserRpcSsSharedAccessMessengermnmsrvcwuauservMSIServer');
DeleteService('BrowserRpcSsSharedAccess');
DeleteService('BITSW32TimeCryptSvcAppMgmt');
DeleteService('BITSW32Time HotKey Poller');
DeleteService('BITSW32Time');
DeleteService('BITSPolicyAgentDhcpWebaltaControllerShellHWDetectionLmHostsose');
DeleteService('BITSPolicyAgentDhcpWebaltaController');
DeleteService('BITSPolicyAgent');
DeleteService('AVPScheduleHidServSpooler');
DeleteService('AVPSCardSvrHidServstisvc');
DeleteService('AVPoseWmiApSrvAVPose');
DeleteService('AVPoseTapiSrvlanmanserverdmserverdmadmin');
DeleteService('AVPoseTapiSrvlanmanserverdmserverClipSrvNetlogon');
DeleteService('AVPoseTapiSrvlanmanserverdmserver');
DeleteService('AVPoseDhcpAVPSCardSvrHidServstisvcImapiServiceNlaEventSystemBrowsermnmsrvcwuauserv');
DeleteService('AVPoseDhcpAVPSCardSvrHidServstisvcImapiService');
DeleteService('AVPoseDhcpAVPSCardSvrHidServstisvc');
DeleteService('AVPose');
DeleteService('AudioSrvSCardSvr');
DeleteService('AudioSrvlanmanserver');
DeleteService('AudioSrvEventlogVSSW32Time');
DeleteService('AudioSrvEventlogVSSSSDPSRVWmiVSSUPS');
DeleteService('AudioSrvEventlogVSSHTTPFilterShellHWDetectionAVP');
DeleteService('AudioSrvEventlogVSS');
DeleteService('AudioSrvEventlogHTTPFilterwuauserv');
DeleteService('AudioSrvEventlog');
DeleteService('AtiRpcSsSharedAccess');
DeleteService('Atidmserver');
DeleteService('AtiDcomLaunchlanmanworkstationRasManCryptSvcSCardSvr');
DeleteService('AtiDcomLaunch');
DeleteService('ALGTlntSvrSCardSvrHidServ');
DeleteService('ALG Web Scanner');
DeleteService('Alerterwuauserv');
DeleteService('AlerterProtectedStorageRemoteAccess');
DeleteService('AlerterNtLmSsposemnmsrvcwuauservNlaEventSystemBITSHidServSpoolerseclogon');
DeleteService('AlerterAdobemnmsrvc');
DeleteService('AdobeRDSessMgrmnmsrvcwuauserv');
DeleteService('AdobemnmsrvcwuauservSamSs');
DeleteService('AdobemnmsrvcHidServSpoolermnmsrvcwuauserv');
DeleteService('AdobemnmsrvcAppMgmtAudioSrvEventlog');
DeleteService('Adobemnmsrvc');
DeleteFile('C:\WINDOWS\system32\adsnwd.exe');
DeleteFile('C:\WINDOWS\system32\sysrest.sys');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Win32Update');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','Win32Update'); BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_DeleteSvc('Adobemnmsrvc');
BC_DeleteSvc('sysrest.sys');
BC_DeleteSvc('AdobemnmsrvcAppMgmt');
BC_DeleteSvc('AdobemnmsrvcAppMgmtAudioSrvEventlog');
BC_DeleteSvc('AdobemnmsrvcHidServSpoolermnmsrvcwuauserv');
BC_DeleteSvc('AdobemnmsrvcwuauservSamSs');
BC_DeleteSvc('AdobeRDSessMgrmnmsrvcwuauserv');
BC_DeleteSvc('AlerterNtLmSsposemnmsrvcwuauservNlaEventSystemBITSHidServSpoolerseclogon');
BC_DeleteSvc('AlerterProtectedStorageRemoteAccess');
BC_DeleteSvc('Alerterwuauserv');
BC_DeleteSvc('ALG Web Scanner');
BC_DeleteSvc('ALGTlntSvrSCardSvrHidServ');
BC_DeleteSvc('AtiDcomLaunch');
BC_DeleteSvc('AtiDcomLaunchlanmanworkstationRasManCryptSvcSCardSvr');
BC_DeleteSvc('Atidmserver');
BC_DeleteSvc('AtiRpcSsSharedAccess');
BC_DeleteSvc('AudioSrvEventlog');
BC_DeleteSvc('AudioSrvEventlogHTTPFilterwuauserv');
BC_DeleteSvc('AudioSrvEventlogVSS');
BC_DeleteSvc('AudioSrvEventlogVSSHTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('AudioSrvEventlogVSSSSDPSRVWmiVSSUPS');
BC_DeleteSvc('AudioSrvlanmanserver');
BC_DeleteSvc('AudioSrvSCardSvr');
BC_DeleteSvc('AVPose');
BC_DeleteSvc('AVPoseDhcpAVPSCardSvrHidServstisvc');
BC_DeleteSvc('AVPoseDhcpAVPSCardSvrHidServstisvcImapiService');
BC_DeleteSvc('AVPoseTapiSrvlanmanserverdmserver');
BC_DeleteSvc('AVPoseTapiSrvlanmanserverdmserverClipSrvNetlogon');
BC_DeleteSvc('AVPoseTapiSrvlanmanserverdmserverdmadmin');
BC_DeleteSvc('AVPoseWmiApSrvAVPose');
BC_DeleteSvc('AVPSCardSvrHidServstisvc');
BC_DeleteSvc('AVPScheduleHidServSpooler');
BC_DeleteSvc('BITSPolicyAgent');
BC_DeleteSvc('BITSPolicyAgentDhcpWebaltaController');
BC_DeleteSvc('BITSPolicyAgentDhcpWebaltaControllerShellHWDetectionLmHostsose');
BC_DeleteSvc('BITSW32Time');
BC_DeleteSvc('BITSW32Time HotKey Poller');
BC_DeleteSvc('BITSW32TimeCryptSvcAppMgmt');
BC_DeleteSvc('BrowserRpcSsSharedAccess');
BC_DeleteSvc('BrowserRpcSsSharedAccessMessengermnmsrvcwuauservMSIServer');
BC_DeleteSvc('ClipSrv HotKey Poller');
BC_DeleteSvc('ClipSrvNetlogon');
BC_DeleteSvc('COMSysAppRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
BC_DeleteSvc('CryptSvcAppMgmt');
BC_DeleteSvc('CryptSvcAppMgmtHidServ');
BC_DeleteSvc('CryptSvcAppMgmtHidServSpoolerVSSUPSwuauserv');
BC_DeleteSvc('CryptSvcAppMgmtNlaEventSystem');
BC_DeleteSvc('CryptSvcAppMgmtNlaEventSystemwinmgmt');
BC_DeleteSvc('CryptSvcFastUserSwitchingCompatibility');
BC_DeleteSvc('CryptSvcTlntSvr');
BC_DeleteSvc('CryptSvcW32TimeAudioSrvwscsvc');
BC_DeleteSvc('DcomLaunchHidServSpoolerSchedule');
BC_DeleteSvc('DcomLaunchHidServSpoolerScheduleAudioSrv');
BC_DeleteSvc('DcomLaunchHidServSpoolerScheduleMSDTC');
BC_DeleteSvc('DcomLaunchThemes');
BC_DeleteSvc('DcomLaunchThemesAdobemnmsrvcwuauservSamSs');
BC_DeleteSvc('DhcpAVPSCardSvrHidServstisvc');
BC_DeleteSvc('DhcpWebaltaController');
BC_DeleteSvc('DhcpWebaltaControllerCiSvc');
BC_DeleteSvc('dmadminmnmsrvc');
BC_DeleteSvc('dmserverBITS');
BC_DeleteSvc('dmserverBITSwuauservSamSs');
BC_DeleteSvc('dmserverBITSwuauservSamSswinmgmt');
BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauserv');
BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauservClipSrvNetlogon');
BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler');
BC_DeleteSvc('dmserveroseMessengermnmsrvcwuauservwinmgmt');
BC_DeleteSvc('EventSystemNlaEventSystem');
BC_DeleteSvc('EventSystemNlaEventSystemRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
BC_DeleteSvc('EventSystemNlaEventSystemRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc');
BC_DeleteSvc('EventSystemNlaEventSystemSpoolerEventSystemNlaEventSystem');
BC_DeleteSvc('EventSystemNtLmSsp');
BC_DeleteSvc('FastUserSwitchingCompatibilityseclogon');
BC_DeleteSvc('FastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ');
BC_DeleteSvc('helpsvcSharedAccess');
BC_DeleteSvc('helpsvcSharedAccessProtectedStorageRemoteAccess');
BC_DeleteSvc('helpsvcSharedAccessProtectedStorageRemoteAccessEventlog');
BC_DeleteSvc('HidServ Web Scanner');
BC_DeleteSvc('HidServSpooler');
BC_DeleteSvc('HidServSpoolerCryptSvcTlntSvr');
BC_DeleteSvc('HidServSpoolermnmsrvcwuauserv');
BC_DeleteSvc('HidServSpoolermnmsrvcwuauservAVPoseTapiSrvlanmanserverdmserverdmadmin');
BC_DeleteSvc('HidServSpoolerSchedule');
BC_DeleteSvc('HidServSpoolerScheduleUMWdf');
BC_DeleteSvc('HidServSpoolerScheduleUMWdfdmserveroseMessengermnmsrvcwuauservwinmgmt');
BC_DeleteSvc('HidServSpoolerseclogon');
BC_DeleteSvc('HidServSpoolerVSSUPS');
BC_DeleteSvc('HidServSpoolerVSSUPSwuauserv');
BC_DeleteSvc('HidServSpoolerVSSUPSwuauservThemes');
BC_DeleteSvc('HidServSpoolerVSSUPSwuauservThemesCryptSvc');
BC_DeleteSvc('HidServSpoolerVSSUPSwuauservwuauserv');
BC_DeleteSvc('HidServSpoolerVSSUPSwuauservwuauservThemes');
BC_DeleteSvc('HTTPFilterBrowser');
BC_DeleteSvc('HTTPFilterBrowserMessenger');
BC_DeleteSvc('HTTPFilterBrowserMessengerDnscacheFastUserSwitchingCompatibilityseclogon');
BC_DeleteSvc('HTTPFilterBrowserMessengerDnscacheSENS');
BC_DeleteSvc('HTTPFilterBrowserMessengerDnscacheWebaltaControllerTrkWks');
BC_DeleteSvc('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauserv');
BC_DeleteSvc('HTTPFilterBrowserMessengerVSSUPSVSSsrserviceosemnmsrvcwuauservsrservice');
BC_DeleteSvc('HTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('HTTPFilterShellHWDetectionAVPWmiVSSUPS');
BC_DeleteSvc('HTTPFilterwuauserv');
BC_DeleteSvc('HTTPFilterwuauservSamSs');
BC_DeleteSvc('ImapiService LM Service');
BC_DeleteSvc('ImapiServiceMessengermnmsrvcwuauservTermService');
BC_DeleteSvc('ImapiServiceMessengerRasMan');
BC_DeleteSvc('ImapiServiceMessengerRasManwinmgmtSSDPSRV');
BC_DeleteSvc('lanmanworkstationRasManCryptSvcSCardSvr');
BC_DeleteSvc('MDMRasAuto');
BC_DeleteSvc('MDMRasAutoNetlogon');
BC_DeleteSvc('MDMRasAutoSCardSvrHidServWmdmPmSNTapiSrvSharedAccess');
BC_DeleteSvc('Messengermnmsrvcwuauserv');
BC_DeleteSvc('MessengermnmsrvcwuauservMSIServer');
BC_DeleteSvc('MessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('MessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN');
BC_DeleteSvc('MessengerRasMan');
BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilitySpoolermnmsrvcwuauservwuauservSamSs');
BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilityUMWdf');
BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter');
BC_DeleteSvc('mnmsrvcFastUserSwitchingCompatibilityUMWdfwuauservImapiService');
BC_DeleteSvc('mnmsrvcwuauserv');
BC_DeleteSvc('mnmsrvcwuauservCryptSvc');
BC_DeleteSvc('mnmsrvcwuauservCryptSvcRasMandmserverBITS');
BC_DeleteSvc('mnmsrvcwuauservNetlogon');
BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS');
BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcp');
BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpmnmsrvcFastUserSwitchingCompatibilityUMWdfAlerter');
BC_DeleteSvc('MSDTCMSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSDhcpRasMandmserverBITS');
BC_DeleteSvc('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPS');
BC_DeleteSvc('MSDTCSSDPSRVWmiVSSUPSMSDTCSSDPSRVWmiVSSUPSNetDDEdsdm');
BC_DeleteSvc('MSIServerSCardSvrdmadmin');
BC_DeleteSvc('NetDDEdsdmSpoolermnmsrvcwuauserv');
BC_DeleteSvc('NetDDEdsdmWmdmPmSN');
BC_DeleteSvc('NetlogonNtmsSvc');
BC_DeleteSvc('NetlogonNtmsSvcRasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler');
BC_DeleteSvc('NetlogonNtmsSvcSharedAccess');
BC_DeleteSvc('NlaEventSystem');
BC_DeleteSvc('NlaEventSystemBITS');
BC_DeleteSvc('NlaEventSystemBrowser');
BC_DeleteSvc('NlaEventSystemBrowsermnmsrvcwuauserv');
BC_DeleteSvc('NlaEventSystemBrowserPolicyAgent');
BC_DeleteSvc('NtLmSsp HotKey Poller');
BC_DeleteSvc('NtLmSsposemnmsrvcwuauserv');
BC_DeleteSvc('NtLmSsposemnmsrvcwuauservBITSW32TimeCryptSvcAppMgmt');
BC_DeleteSvc('NtLmSsposemnmsrvcwuauservNlaEventSystemBITS');
BC_DeleteSvc('NtLmSsposemnmsrvcwuauservNlaEventSystemBITSHidServSpoolerseclogon');
BC_DeleteSvc('NtLmSsposemnmsrvcwuauservNlaEventSystemBITSWebClientwinmgmtSamSsTapiSrvlanmanserver');
BC_DeleteSvc('NtLmSspShellHWDetectionAVP');
BC_DeleteSvc('NtLmSspShellHWDetectionAVPTapiSrvlanmanserverNetDDEdsdmWmdmPmSN');
BC_DeleteSvc('NtmsSvcose');
BC_DeleteSvc('oseAlerter');
BC_DeleteSvc('osedmserver');
BC_DeleteSvc('osedmserverhelpsvc');
BC_DeleteSvc('osedmserverhelpsvcMDM');
BC_DeleteSvc('osedmserverhelpsvcMDMDhcpAVPSCardSvrHidServstisvc');
BC_DeleteSvc('osedmserverWebaltaController');
BC_DeleteSvc('osemnmsrvcwuauserv');
BC_DeleteSvc('oseosedmserver');
BC_DeleteSvc('PlugPlayHidServSpooler');
BC_DeleteSvc('PolicyAgentHidServSpooler');
BC_DeleteSvc('PolicyAgentHidServSpoolerAudioSrvEventlogHTTPFilterwuauserv');
BC_DeleteSvc('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
BC_DeleteSvc('PolicyAgentRDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservRasManHTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('ProtectedStorageERSvc');
BC_DeleteSvc('ProtectedStorageRemoteAccess');
BC_DeleteSvc('ProtectedStorageRemoteAccessNetlogonNtmsSvc');
BC_DeleteSvc('ProtectedStorageRemoteAccessNetlogonNtmsSvc LM Service');
BC_DeleteSvc('RasMan HotKey Poller');
BC_DeleteSvc('RasManCryptSvc');
BC_DeleteSvc('RasManCryptSvcmnmsrvcwuauservNetlogon');
BC_DeleteSvc('RasManCryptSvcSCardSvr');
BC_DeleteSvc('RasManCryptSvcSCardSvrVSSUPS');
BC_DeleteSvc('RasMandmserverBITS');
BC_DeleteSvc('RasManHTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('RasManHTTPFilterShellHWDetectionAVPPlugPlayHidServSpooler');
BC_DeleteSvc('RDSessMgrmnmsrvcwuauserv');
BC_DeleteSvc('RDSessMgrmnmsrvcwuauservEventSystemNlaEventSystem');
BC_DeleteSvc('RDSessMgrmnmsrvcwuauservRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
BC_DeleteSvc('RemoteAccessBITSW32TimeCryptSvcAppMgmt');
BC_DeleteSvc('RemoteAccessCOMSysApp');
BC_DeleteSvc('RemoteAccessTapiSrvlanmanserverNetDDEdsdmWmdmPmSN');
BC_DeleteSvc('RemoteRegistryCOMSysApp');
BC_DeleteSvc('RemoteRegistryCOMSysAppSCardSvr');
BC_DeleteSvc('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
BC_DeleteSvc('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc');
BC_DeleteSvc('RemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvcSCardSvrHidServWmdmPmSN');
BC_DeleteSvc('RemoteRegistryosemnmsrvcwuauserv');
BC_DeleteSvc('RpcLocatorHidServSpooler');
BC_DeleteSvc('RpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv');
BC_DeleteSvc('RpcLocatorHidServSpoolerMessengermnmsrvcwuauservMSIServerSCardSvrHidServWmdmPmSN');
BC_DeleteSvc('RpcSsSharedAccess');
BC_DeleteSvc('RpcSsSharedAccessAudioSrv');
BC_DeleteSvc('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccess');
BC_DeleteSvc('RpcSsSharedAccessAudioSrvAtiRpcSsSharedAccessRpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS');
BC_DeleteSvc('RpcSsSharedAccessAudioSrvPolicyAgent');
BC_DeleteSvc('RpcSsSharedAccessAudioSrvPolicyAgentupnphost');
BC_DeleteSvc('RpcSsSharedAccesslanmanworkstation');
BC_DeleteSvc('RpcSsSharedAccesslanmanworkstationNtLmSsposemnmsrvcwuauservNlaEventSystemBITS');
BC_DeleteSvc('RpcSsSharedAccessThemes');
BC_DeleteSvc('SamSslanmanserver');
BC_DeleteSvc('SamSsRemoteRegistryCOMSysAppSpoolermnmsrvcwuauserv');
BC_DeleteSvc('SamSsTapiSrvlanmanserver');
BC_DeleteSvc('SamSsWmiVSSUPS');
BC_DeleteSvc('SCardSvrHidServ');
BC_DeleteSvc('SCardSvrHidServstisvc');
BC_DeleteSvc('SCardSvrHidServWmdmPmSN');
BC_DeleteSvc('SCardSvrHidServWmdmPmSNTapiSrvSharedAccess');
BC_DeleteSvc('ScheduleHidServSpooler');
BC_DeleteSvc('ScheduleUMWdfNetDDE');
BC_DeleteSvc('seclogonNlaEventSystemBrowser');
BC_DeleteSvc('seclogonRemoteRegistry');
BC_DeleteSvc('seclogonRemoteRegistrySharedAccess');
BC_DeleteSvc('ShellHWDetectionAVP');
BC_DeleteSvc('ShellHWDetectionHTTPFilterBrowser');
BC_DeleteSvc('ShellHWDetectionHTTPFilterBrowserSSDPSRV');
BC_DeleteSvc('ShellHWDetectionLmHostsose');
BC_DeleteSvc('ShellHWDetectionLmHostsoseSwPrvSysmonLogSSDPSRVWmiVSSUPS');
BC_DeleteSvc('ShellHWDetectionLmHostsoseWmiApSrv');
BC_DeleteSvc('Spooler Web Scanner');
BC_DeleteSvc('SpoolerEventSystemNlaEventSystemFastUserSwitchingCompatibility');
BC_DeleteSvc('SpoolerHTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('SpoolerHTTPFilterShellHWDetectionAVPAdobemnmsrvc');
BC_DeleteSvc('SpoolerHTTPFilterShellHWDetectionAVPmnmsrvc');
BC_DeleteSvc('Spoolermnmsrvcwuauserv');
BC_DeleteSvc('SpoolermnmsrvcwuauservSpoolerEventSystemNlaEventSystemFastUserSwitchingCompatibility');
BC_DeleteSvc('SpoolermnmsrvcwuauservSwPrv');
BC_DeleteSvc('SpoolermnmsrvcwuauservSwPrvAVPoseDhcpAVPSCardSvrHidServstisvc');
BC_DeleteSvc('SpoolermnmsrvcwuauservwuauservSamSs');
BC_DeleteSvc('SpoolerShellHWDetectionLmHostsose');
BC_DeleteSvc('SpoolerShellHWDetectionLmHostsosehelpsvc');
BC_DeleteSvc('SpoolerShellHWDetectionLmHostsoseRpcSsSharedAccess');
BC_DeleteSvc('SpoolerShellHWDetectionLmHostsosewinmgmtSSDPSRV');
BC_DeleteSvc('srserviceosemnmsrvcwuauserv');
BC_DeleteSvc('srserviceosemnmsrvcwuauservsrserviceRasManHTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('SSDPSRVWmiVSSUPS');
BC_DeleteSvc('StarWindServiceAE');
BC_DeleteSvc('SwPrvhelpsvc');
BC_DeleteSvc('SwPrvhelpsvcWmdmPmSN');
BC_DeleteSvc('SwPrvSysmonLog');
BC_DeleteSvc('SwPrvSysmonLogSSDPSRVWmiVSSUPS');
BC_DeleteSvc('SwPrvSysmonLogSSDPSRVWmiVSSUPS HotKey Poller');
BC_DeleteSvc('SwPrvSysmonLogSSDPSRVWmiVSSUPSoseAlerter');
BC_DeleteSvc('SysmonLogmnmsrvc');
BC_DeleteSvc('SysmonLogmnmsrvcProtectedStorageRemoteAccess');
BC_DeleteSvc('SysmonLogSharedAccess');
BC_DeleteSvc('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauserv');
BC_DeleteSvc('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservAlerterProtectedStorageRemoteAccess');
BC_DeleteSvc('SysmonLogSharedAccessHidServSpoolerVSSUPSwuauservTapiSrvlanmanserverdmserver');
BC_DeleteSvc('SysmonLogSharedAccessseclogonNlaEventSystemBrowser');
BC_DeleteSvc('SysmonLogSharedAccessWebClientwinmgmtAlerter');
BC_DeleteSvc('SysmonLogSharedAccessWmiApSrv');
BC_DeleteSvc('SysmonLogSharedAccessWmiApSrvWmdmPmSN');
BC_DeleteSvc('TapiSrvDcomLaunch');
BC_DeleteSvc('TapiSrvDcomLaunchTlntSvrSCardSvrHidServLmHosts');
BC_DeleteSvc('TapiSrvlanmanserver');
BC_DeleteSvc('TapiSrvlanmanserverdmserver');
BC_DeleteSvc('TapiSrvlanmanserverNetDDEdsdmWmdmPmSN');
BC_DeleteSvc('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauserv');
BC_DeleteSvc('TapiSrvlanmanserverRpcLocatorHidServSpoolerAdobeRDSessMgrmnmsrvcwuauservAtiRpcSsSharedAccess');
BC_DeleteSvc('TapiSrvSharedAccess');
BC_DeleteSvc('TlntSvrFastUserSwitchingCompatibilityseclogonCryptSvcAppMgmtHidServ');
BC_DeleteSvc('TlntSvrNlaEventSystemBrowser');
BC_DeleteSvc('TlntSvrRpcSsSharedAccess');
BC_DeleteSvc('TlntSvrRpcSsSharedAccessdmserverBITS');
BC_DeleteSvc('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSsp');
BC_DeleteSvc('TlntSvrRpcSsSharedAccessdmserverBITSEventSystemNtLmSspMessengermnmsrvcwuauservMSIServerHTTPFilterShellHWDetectionAVP');
BC_DeleteSvc('TlntSvrSCardSvrHidServ');
BC_DeleteSvc('TlntSvrSCardSvrHidServ Web Scanner');
BC_DeleteSvc('TlntSvrSCardSvrHidServLmHosts');
BC_DeleteSvc('TlntSvrSCardSvrHidServRemoteRegistryCOMSysAppSpoolermnmsrvcwuauservCiSvc');
BC_DeleteSvc('TlntSvrSCardSvrHidServThemes');
BC_DeleteSvc('TrkWksRpcSsSharedAccess');
BC_DeleteSvc('UMWdfMessengermnmsrvcwuauservMSIServer');
BC_DeleteSvc('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserver');
BC_DeleteSvc('UMWdfWebClientwinmgmtSamSsTapiSrvlanmanserverhelpsvcSharedAccessHTTPFilterBrowserMessenger');
BC_DeleteSvc('upnphostAudioSrvEventlogHTTPFilterwuauserv');
BC_DeleteSvc('upnphostAudioSrvEventlogHTTPFilterwuauservTlntSvrNlaEventSystemBrowser');
BC_DeleteSvc('VSSUPSVSS');
BC_DeleteSvc('VSSUPSVSSsrserviceosemnmsrvcwuauserv');
BC_DeleteSvc('VSSUPSVSSsrserviceosemnmsrvcwuauservAppMgmt');
BC_DeleteSvc('W32TimeAudioSrv');
BC_DeleteSvc('W32TimeAudioSrvwscsvc');
BC_DeleteSvc('W32TimeHidServwinmgmt');
BC_DeleteSvc('WebaltaController');
BC_DeleteSvc('WebaltaControllerTrkWks');
BC_DeleteSvc('WebaltaControllerTrkWksTrkWks');
BC_DeleteSvc('WebClientAVPoseTapiSrvlanmanserverdmserver');
BC_DeleteSvc('WebClientSchedule');
BC_DeleteSvc('WebClientwinmgmt');
BC_DeleteSvc('WebClientwinmgmtAlerter');
BC_DeleteSvc('WebClientwinmgmtAlerterTlntSvrNlaEventSystemBrowser');
BC_DeleteSvc('WebClientwinmgmtAlerterTlntSvrNlaEventSystemBrowserWebaltaControllerTrkWks');
BC_DeleteSvc('WebClientwinmgmtSamSsTapiSrvlanmanserver');
BC_DeleteSvc('WebClientwinmgmtSamSsTapiSrvlanmanserverNla');
BC_DeleteSvc('WebClientwinmgmtSysmonLog');
BC_DeleteSvc('winmgmtSSDPSRV');
BC_DeleteSvc('winmgmtSSDPSRVImapiServiceMessengermnmsrvcwuauserv');
BC_DeleteSvc('winmgmtSSDPSRVSCardSvrHidServstisvc');
BC_DeleteSvc('WmdmPmSNImapiServiceMessengermnmsrvcwuauserv');
BC_DeleteSvc('WmdmPmSNImapiServiceMessengermnmsrvcwuauservoseAlerter');
BC_DeleteSvc('WmdmPmSNImapiServiceMessengermnmsrvcwuauservstisvc');
BC_DeleteSvc('WmiApSrvAVPose');
BC_DeleteSvc('WmiApSrvAVPoseWmiProtectedStorage');
BC_DeleteSvc('WmiApSrvosedmserverhelpsvcMDM');
BC_DeleteSvc('WmiApSrvSCardSvrHidServWmdmPmSNNetDDEdsdmWmdmPmSN');
BC_DeleteSvc('WmiProtectedStorage');
BC_DeleteSvc('WmiProtectedStorageHTTPFilterSwPrvSysmonLog');
BC_DeleteSvc('WmiVSSUPS');
BC_DeleteSvc('WmiVSSUPSNetman');
BC_DeleteSvc('wuauservImapiService');
BC_DeleteSvc('wuauservImapiServicedmserverBITSwuauservSamSs');
BC_DeleteSvc('wuauservImapiServiceWebaltaControllerTrkWksTrkWks');
BC_DeleteSvc('wuauservSamSs');
BC_DeleteSvc('WZCSVCLmHostsSwPrvSysmonLog');
BC_DeleteSvc('WZCSVCTapiSrvlanmanserverdmserver');
BC_DeleteSvc('WZCSVCTapiSrvlanmanserverdmservermnmsrvc');
BC_Activate;
RebootWindows(true);
end.[/CODE]

После перезагрузки:
- выполните такой скрипт
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы
- Сделайте повторные логи по [URL="http://virusinfo.info/pravila_old.html"]правилам[/URL] п.2 и 3 раздела Диагностика.([B]virusinfo_syscheck.zip[/B]; [B]hijackthis.log[/B])
- Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"][B]MBAM[/B][/URL]

polword - извиняюсь за задержку.

По делу:
quarantine.zip:
Результат загрузки
Файл сохранён как 100830_205410_quarantine_4c7be232b8f8e.zip
Размер файла 71072
MD5 9536a6e577ba33e6f1434ecd5b3b042c

Логи прилогают.

Жду дальнейшей инструкции :)
Спасибо!!!

1.[URL="http://virusinfo.info/showthread.php?t=4491"]Профиксите[/URL] в HijackThis
[CODE]
O2 - BHO: WebaltaBHO Object - {6C3BDD12-4B6F-44F1-87CB-4D94E1ED38A5} - C:\PROGRA~1\WebAlta\WEBALT~2.DLL (file missing)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - (no file)
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
[/CODE]
2.[URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
QuarantineFile('C:\WINDOWS\system32\rtutdmin.dll','');
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]

- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы

Готово.

1,2 - Сделал.
Единственное quarantine.zip который получился - пустой.. к тому же я уже его загружал.. и поэтому 2-й раз не получается.

polword подскажи пожалуйста.
В итоге можно сказать что комп без вирусов?
Может быть стоит поставить фаервол?

Спасибо за помощь!!!

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]4[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\windows\\system32\\adsnwd.exe - [B]Backdoor.Win32.IRCNite.ao[/B] ( DrWEB: Trojan.Siggen2.20603, BitDefender: Backdoor.Bot.27759, AVAST4: Win32:Trojan-gen )[/LIST][/LIST]