для начала удалите все антиспаи - они бесполезы ... причем совсем ...
выполните скрипт ...
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\System32\Drivers\yaT61.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\xpR58.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxp35.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxo14.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwn36.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winry82.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winry37.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmt58.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winml61.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmd50.sys','');
DeleteService('yaT61');
DeleteService('xpR58');
DeleteService('Winxp35');
DeleteService('Winxo14');
DeleteService('Winwn36');
DeleteService('Winry82');
DeleteService('Winry37');
DeleteService('Winmt58');
DeleteService('Winml61');
DeleteService('Winmd50');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkj61.sys','');
DeleteService('Winkj61');
DeleteService('Winkj47');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingv60.sys','');
DeleteService('Wingv60');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winfv26.sys','');
DeleteService('Winfv26');
QuarantineFile('C:\WINDOWS\System32\Drivers\Windk14.sys','');
DeleteService('Windk14');
QuarantineFile('C:\WINDOWS\System32\Drivers\Windc26.sys','');
DeleteService('Windc26');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wincs68.sys','');
DeleteService('Wincs68');
DeleteService('Winak83');
QuarantineFile('C:\WINDOWS\System32\Drivers\wfY50.sys','');
DeleteService('wfY50');
DeleteService('vvP82');
QuarantineFile('C:\WINDOWS\System32\Drivers\vvP82.sys','');
DeleteService('utV60');
QuarantineFile('C:\WINDOWS\System32\Drivers\utV60.sys','');
DeleteService('ttE61');
QuarantineFile('C:\WINDOWS\System32\Drivers\ttE61.sys','');
DeleteService('qgQ60');
QuarantineFile('C:\WINDOWS\System32\Drivers\qgQ60.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\nlN14.sys','');
DeleteService('nlN14');
DeleteService('lkU58');
QuarantineFile('C:\WINDOWS\System32\Drivers\lkU58.sys','');
DeleteService('ksM04');
QuarantineFile('C:\WINDOWS\System32\Drivers\ksM04.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\jiK14.sys','');
DeleteService('jiK14');
DeleteService('jaC48');
QuarantineFile('C:\WINDOWS\System32\Drivers\jaC48.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\hyS14.sys','');
DeleteService('hyS14');
DeleteService('hyJ68');
QuarantineFile('C:\WINDOWS\System32\Drivers\hyJ68.sys','');
DeleteService('hgA48');
QuarantineFile('C:\WINDOWS\System32\Drivers\hgA48.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ffH71.sys','');
DeleteService('evX72');
QuarantineFile('C:\WINDOWS\System32\Drivers\evX72.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\evG50.sys','');
DeleteService('evG50');
DeleteService('ekE60');
QuarantineFile('C:\WINDOWS\System32\Drivers\ekE60.sys','');
DeleteService('aiK35');
QuarantineFile('C:\WINDOWS\System32\Drivers\aiK35.sys','');
DeleteService('aaT37');
QuarantineFile('C:\WINDOWS\System32\Drivers\aaT37.sys','');
DeleteFile('C:\WINDOWS\System32\Drivers\aaT37.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\aiK35.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ekE60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\evG50.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\evX72.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ffH71.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\hgA48.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\hyJ68.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\hyS14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\jaC48.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\jiK14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ksM04.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\lkU58.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\nlN14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\qgQ60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ttE61.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\utV60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\vvP82.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\wfY50.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winak83.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincs68.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Windc26.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Windk14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winfv26.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingv60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkj47.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkj61.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmd50.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winml61.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmt58.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winry37.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winry82.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwn36.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxo14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxp35.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\xpR58.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\yaT61.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
пришлите карантин согласно приложения 3 правил ....
повторите логи ...