ОТКЛЮЧИТЕ ВОССТАНОВЛЕНИЕ СИСТЕМЫ !
Выполните скрипт
Код:
begin
SearchRootkit(true,true);
SetAVZGuardStatus(true);
QuarantineFile('C:\WINDOWS\system32\EZ3EBOSKUT\F001.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\pcidump.sys','');
QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UM5NXX0P\F001[1].exe','');
QuarantineFile('Explorer.exe C:\WINDOWS\csrsc.exe','');
QuarantineFile('C:\WINDOWS\system32\scvhost.exe','');
QuarantineFile('C:\WINDOWS\system32\anitsvstart.dll','');
QuarantineFile('C:\WINDOWS\system32\RbmutvC.dll','');
QuarantineFile('C:\WINDOWS\system32\BrZPoUlsGvb.dll','');
QuarantineFile('C:\WINDOWS\System32\logon.scr','');
StopService('acpi24');
StopService('frrd');
DeleteService('acpi24Drv');
QuarantineFile('C:\WINDOWS\system32\acpi24.sys','');
DeleteService('vsr');
QuarantineFile('C:\WINDOWS\system32\WMAGWRMEJC\eoo1.exe','');
DeleteService('vsfd');
QuarantineFile('C:\WINDOWS\system32\WMAGWRMEJC\F001.exe','');
DeleteService('vsd');
QuarantineFile('C:\WINDOWS\system32\WMAGWRMEJC\J002.exe','');
DeleteService('VMservices');
QuarantineFile('C:\WINDOWS\system32\panp.exe','');
DeleteService('acpi24');
QuarantineFile('C:\WINDOWS\system32\acpi24.exe','');
DeleteService('frrd');
QuarantineFile('C:\WINDOWS\system32\z\B7878.exe','');
QuarantineFile('c:\windows\system32\brzpoulsgvb.dll','');
QuarantineFile('c:\windows\system32\anitsvstart.dll','');
QuarantineFile('c:\windows\system32\gctwimaxserviced.exe','');
QuarantineFile('c:\windows\csrsc.exe','');
TerminateProcessByName('c:\windows\csrsc.exe');
QuarantineFile('c:\windows\system32\z\b7878.exe','');
TerminateProcessByName('c:\windows\system32\z\b7878.exe');
QuarantineFile('c:\windows\system32\77734.exe','');
TerminateProcessByName('c:\windows\system32\77734.exe');
DeleteFile('c:\windows\system32\77734.exe');
DeleteFile('c:\windows\system32\z\b7878.exe');
DeleteFile('c:\windows\csrsc.exe');
DeleteFile('c:\windows\system32\anitsvstart.dll');
DeleteFile('c:\windows\system32\brzpoulsgvb.dll');
DeleteFile('C:\WINDOWS\system32\z\B7878.exe');
DeleteFile('C:\WINDOWS\system32\acpi24.exe');
DeleteFile('C:\WINDOWS\system32\panp.exe');
DeleteFile('C:\WINDOWS\system32\WMAGWRMEJC\J002.exe');
DeleteFile('C:\WINDOWS\system32\WMAGWRMEJC\eoo1.exe');
DeleteFile('C:\WINDOWS\system32\acpi24.sys');
DeleteFile('C:\WINDOWS\system32\BrZPoUlsGvb.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\ufad-dns60\Parameters','ServiceDll');
DeleteFile('C:\WINDOWS\system32\RbmutvC.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\MediaCenter\Parameters','ServiceDll');
DeleteFile('C:\WINDOWS\system32\anitsvstart.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\AniSrv\Parameters','ServiceDll');
DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UM5NXX0P\F001[1].exe');
DeleteFile('C:\WINDOWS\system32\drivers\pcidump.sys');
DeleteFile('C:\WINDOWS\system32\EZ3EBOSKUT\F001.exe');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
После перезагрузки выполните второй скрипт
Код:
Begin
CreateQurantineArchive('C:\quarantine.zip');
End.
Закачайте полученный карантин по красной ссылке вверху. Повторите логи