Пофиксите в hijackthis:
Код:
R3 - URLSearchHook: (no name) - {1a894269-562d-459e-b17e-efd8de428e41} - (no file)
R3 - URLSearchHook: (no name) - {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - (no file)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe (file missing)
Выполните скрипт в AVZ:
Код:
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('c:\windows\systemup.exe');
TerminateProcessByName('c:\windows\sysdriver32.exe');
TerminateProcessByName('c:\windows\update.tray-5-0\svchost.exe');
TerminateProcessByName('c:\windows\update.2\svchost.exe');
TerminateProcessByName('c:\windows\l1rezerv.exe');
QuarantineFile('D:\kvmVlD.exe','');
QuarantineFile('D:\kvmVld.eXE','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\Windows\update.tray-5-0\svchost.exe','');
QuarantineFile('C:\Windows\systemup.exe','');
QuarantineFile('C:\Windows\sysdriver32_.exe','');
QuarantineFile('C:\Windows\l1rezerv.exe','');
QuarantineFile('C:\Windows\Temp\805551.exe','');
QuarantineFile('C:\Windows\Temp\704867.exe','');
QuarantineFile('C:\Windows\Temp\6873405.exe','');
QuarantineFile('C:\Users\Kerroll\AppData\Local\Temp\5453256.exe','');
QuarantineFile('C:\Windows\sysdriver32.exe','');
DeleteService('srvsysdriver32');
QuarantineFile('C:\Windows\update.2\svchost.exe','');
DeleteService('srviecheck');
DeleteFile('C:\Windows\update.2\svchost.exe');
DeleteFile('C:\Windows\sysdriver32.exe');
DeleteFile('C:\Users\Kerroll\AppData\Local\Temp\5453256.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5453256.exe');
DeleteFile('C:\Windows\Temp\6873405.exe');
DeleteFile('C:\Windows\Temp\704867.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6873405.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','704867.exe');
DeleteFile('C:\Windows\Temp\805551.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','805551.exe');
DeleteFile('C:\Windows\l1rezerv.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','l1rezerv.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32.exe');
DeleteFile('C:\Windows\sysdriver32_.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32_.exe');
DeleteFile('C:\Windows\systemup.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','systemup');
DeleteFile('C:\Windows\update.tray-5-0\svchost.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tray_ico0');
DeleteFile('D:\autorun.inf');
DeleteFile('D:\kvmVld.eXE');
DeleteFile('D:\kvmVlD.exe');
DeleteFileMask('c:\windows\update.tray-5-0','*.*',true);
DeleteFileMask('c:\windows\update.2','*.*',true);
DeleteDirectory('c:\windows\update.tray-5-0');
DeleteDirectory('c:\windows\update.2');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.
Файл quarantine.zip загрузите по ссылке прислать запрошенный карантин.
Сделайте новые логи