Код:
:processes
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2345.com/?k1112958
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2345.com/?k1112958
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2345.com/?k1112958
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.2345.com/?k1112958
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2345.com/?k1112958
IE - HKU\S-1-5-21-3865246706-2346428066-3012627111-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2345.com/?k1112958
O4 - HKLM..\Run: [ QQPCTray] File not found
O4 - HKLM..\Run: [360Safetray] File not found
O4 - HKLM..\Run: [KVMON] File not found
O4 - HKLM..\Run: [KVXP] File not found
O4 - HKLM..\Run: [kxesc] File not found
O4 - HKLM..\Run: [Laker] C:\WINDOWS\Thunder\lsess.exe File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [okc] C:\WINDOWS\pipi\Opk.exe File not found
O4 - HKLM..\Run: [RavTRAY] File not found
O4 - HKLM..\Run: [RISTRAY] File not found
O4 - HKLM..\Run: [ShStatEXE] File not found
O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O27 - HKLM IFEO\sethc.exe: Debugger - C:\WINDOWS\srchasst\wmpserv.dll File not found
[2013.06.28 11:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Администратор\Local Settings\Application Data\liebao
[2013.06.28 10:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Администратор\Application Data\HC_logs
[2013.06.28 10:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Администратор\Application Data\gotop
[2013.06.28 10:46:18 | 000,278,528 | ---- | C] (MySQL AB) -- C:\Documents and Settings\Администратор\MySql.Data.dll
[2013.06.28 10:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Администратор\Local Settings\Application Data\INISet
[2013.06.28 03:24:30 | 000,090,936 | ---- | C] (Kingsoft Corporation) -- C:\WINDOWS\System32\drivers\KNBDrv64.sys
[2013.06.28 03:20:30 | 046,885,080 | ---- | C] (Kingsoft Corporation) -- C:\WINDOWS\System\ksbinstaller_s_69_2502.exe
[2013.06.28 03:07:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Network
[2013.06.28 01:27:30 | 000,059,912 | ---- | C] (Kingsoft Corporation) -- C:\WINDOWS\System32\sKINSTALLERS_66_4511.exe
[2013.06.28 01:27:13 | 000,059,912 | ---- | C] (Kingsoft Corporation) -- C:\WINDOWS\System32\bootKINSTALLERS_66_4511.exe
[2013.06.27 22:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013.06.28 15:57:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\tfujTSw.exe
[2013.06.28 10:38:52 | 000,278,528 | ---- | M] (MySQL AB) -- C:\WINDOWS\System32\MySql.Data.dll
[2013.06.28 10:46:18 | 000,278,528 | ---- | C] (MySQL AB) -- C:\Documents and Settings\Администратор\MySql.Data.dll
[2013.06.28 10:36:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\sjnwrgjjuc
[2013.06.28 03:24:40 | 000,090,936 | ---- | M] (Kingsoft Corporation) -- C:\WINDOWS\System32\drivers\KNBDrv64.sys
[2013.06.28 03:20:30 | 046,885,080 | ---- | M] (Kingsoft Corporation) -- C:\WINDOWS\System\ksbinstaller_s_69_2502.exe
[2013.06.28 03:07:28 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\wvinyk.inf
[2013.06.28 03:07:27 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System\back.dat
[2013.06.28 03:03:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\bbrxvvqqow
[2013.06.28 01:27:35 | 000,059,912 | ---- | M] (Kingsoft Corporation) -- C:\WINDOWS\System32\sKINSTALLERS_66_4511.exe
[2013.06.28 01:27:21 | 000,059,912 | ---- | M] (Kingsoft Corporation) -- C:\WINDOWS\System32\bootKINSTALLERS_66_4511.exe
@Alternate Data Stream - 848 bytes -> C:\WINDOWS\System32\msln.exe:6edf8c2d83ec8dae11a9df07dde94488
:Files
recycler /alldrives
:Reg
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[purity]
[Reboot]
Компьютер перезагрузится и откроет в блокноте лог выполнения скрипта. Выложите его сюда.