выполните скрипт
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\Drivers\ldphrlhi.sys','');
QuarantineFile('sys32.dll','');
QuarantineFile('c:\uupf8rvf.exe','');
QuarantineFile('c:\BKCOuhNy.exe','');
QuarantineFile('c:\Apedt7.exe','');
QuarantineFile('c00469D6.mat','');
QuarantineFile('WinNt64.dll','');
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\wdmon.exe','');
QuarantineFile('C:\WINDOWS\vlc.exe','');
QuarantineFile('C:\WINDOWS\taskmg.exe','');
QuarantineFile('C:\WINDOWS\system32\svshost.dll','');
QuarantineFile('C:\WINDOWS\system.exe','');
QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
QuarantineFile('C:\WINDOWS\spool.exe','');
QuarantineFile('C:\WINDOWS\sms.exe','');
QuarantineFile('C:\WINDOWS\servicelayer.exe','');
QuarantineFile('C:\WINDOWS\odb.exe','');
QuarantineFile('C:\WINDOWS\amoumain.exe','');
QuarantineFile('C:\WINDOWS\alg.exe','');
QuarantineFile('C:\WINDOWS\lsass.exe','');
DeleteService('tcpsr');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
DeleteService('kxcvisco');
QuarantineFile('C:\WINDOWS\System32\Drivers\kxcvisco.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\egU68.sys','');
DeleteService('egU68');
DeleteService('dnQ86');
QuarantineFile('C:\WINDOWS\System32\Drivers\dnQ86.sys','');
DeleteService('ldphrlhi');
QuarantineFile('C:\WINDOWS\System32\Drivers\ldphrlhi.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Pdg17.sys','');
DeleteService('Pdg17');
DeleteService('Passthru');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\ndisio.sys','');
QuarantineFile('Pdg17.sys','');
TerminateProcessByName('c:\windows\svzip.exe');
QuarantineFile('c:\windows\svzip.exe','');
TerminateProcessByName('c:\windows\svhoster.exe');
QuarantineFile('c:\windows\svhoster.exe','');
TerminateProcessByName('c:\windows\svc.exe');
QuarantineFile('c:\windows\svc.exe','');
TerminateProcessByName('c:\windows\sv.exe');
QuarantineFile('c:\windows\sv.exe','');
TerminateProcessByName('c:\windows\servicelayer.exe');
QuarantineFile('c:\windows\servicelayer.exe','');
TerminateProcessByName('c:\windows\odb.exe');
QuarantineFile('c:\windows\odb.exe','');
TerminateProcessByName('c:\documents and settings\user\application data\microsoft\windows\lsass.exe');
QuarantineFile('c:\documents and settings\user\application data\microsoft\windows\lsass.exe','');
TerminateProcessByName('c:\windows\ctfmon.exe');
QuarantineFile('c:\windows\ctfmon.exe','');
DeleteFile('c:\windows\ctfmon.exe');
DeleteFile('c:\documents and settings\user\application data\microsoft\windows\lsass.exe');
DeleteFile('c:\windows\odb.exe');
DeleteFile('c:\windows\servicelayer.exe');
DeleteFile('c:\windows\sv.exe');
DeleteFile('c:\windows\svc.exe');
DeleteFile('c:\windows\svhoster.exe');
DeleteFile('c:\windows\svzip.exe');
DeleteFile('C:\Documents and Settings\User\Application Data\Microsoft\Windows\lsass.exe');
DeleteFile('Pdg17.sys');
DeleteFile('C:\WINDOWS\system32\DRIVERS\ndisio.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Pdg17.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ldphrlhi.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\dnQ86.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\egU68.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\kxcvisco.sys');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\lsass.exe');
DeleteFile('C:\WINDOWS\alg.exe');
DeleteFile('C:\WINDOWS\amoumain.exe');
DeleteFile('C:\WINDOWS\odb.exe');
DeleteFile('C:\WINDOWS\servicelayer.exe');
DeleteFile('C:\WINDOWS\sms.exe');
DeleteFile('C:\WINDOWS\spool.exe');
DeleteFile('C:\WINDOWS\system32\ntos.exe');
DeleteFile('C:\WINDOWS\system.exe');
DeleteFile('C:\WINDOWS\system32\svshost.dll');
DeleteFile('C:\WINDOWS\taskmg.exe');
DeleteFile('C:\WINDOWS\vlc.exe');
DeleteFile('C:\WINDOWS\wdmon.exe');
DeleteFile('WinCtrl32.dll');
DeleteFile('WinNt64.dll');
DeleteFile('c00469D6.mat');
DeleteFile('c:\Apedt7.exe');
DeleteFile('c:\BKCOuhNy.exe');
DeleteFile('c:\uupf8rvf.exe');
DeleteFile('sys32.dll');
DeleteFile('C:\WINDOWS\system32\Drivers\ldphrlhi.sys');
DeleteFile('C:\WINDOWS\system32\drivers\dnQ86.sys');
DeleteFile('C:\WINDOWS\system32\drivers\egU68.sys');
DeleteFile('C:\WINDOWS\system32\WinNt64.dll');
DeleteFile('C:\WINDOWS\Temp\teste3_p.exe');
DeleteFile('C:\WINDOWS\Temp\teste4_p.exe');
DeleteFile('C:\WINDOWS\system32\WlCtrl32.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
пришлите карантин согласно приложения 3 правил
повторите логи