Выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{97421D0D-E07F-40DF-8F07-99597B9585AD}');
QuarantineFile('C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll','');
QuarantineFile('C:\WINDOWS\system32\fRWSJda7RbSuR3jFSmMBy.inf','');
QuarantineFile('C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll','');
QuarantineFile('C:\WINDOWS\system32\cRsAQd4hw.dll','');
QuarantineFile('C:\WINDOWS\system32\SCEVFJRCmaB7.dll','');
QuarantineFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll','');
QuarantineFile('C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf','');
QuarantineFile('C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf','');
QuarantineFile('C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf','');
QuarantineFile('C:\WINDOWS\system32\Am274u6Rqq2cTzTpjCGKy.inf','');
QuarantineFile('C:\WINDOWS\system32\2EF0D734.dll','');
QuarantineFile('C:\WINDOWS\system32\122B901E.dll','');
QuarantineFile('C:\WINDOWS\system32\08223B03.dll','');
QuarantineFile('C:\WINDOWS\fonts\SD78dgC7hD2sktQHyAu.fon','');
QuarantineFile('C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\WfB5SebgASzrSAeaRC63D.cur','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\CWWFj6tF7GvQjNsqc.cur','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur','');
QuarantineFile('D:\temp\wmsetup.dll','');
QuarantineFile('C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf','');
QuarantineFile('C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf','');
QuarantineFile('C:\WINDOWS\system32\Va7SpUWgCA5f.dll','');
QuarantineFile('C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf','');
QuarantineFile('C:\WINDOWS\system32\pEcFwPj48y6DADf87r.inf','');
QuarantineFile('C:\WINDOWS\system32\ndxq9awMc.dll','');
QuarantineFile('C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf','');
QuarantineFile('C:\WINDOWS\system32\dhDhwS7fFW.dll','');
QuarantineFile('C:\WINDOWS\system32\CRZfQurd2g58gXVgHSDbNhU.inf','');
QuarantineFile('C:\WINDOWS\system32\704C3595.dll','');
QuarantineFile('C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf','');
QuarantineFile('C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll','');
QuarantineFile('C:\WINDOWS\MPKrnl.dll','');
QuarantineFile('C:\WINDOWS\MKMKrnl.dll','');
QuarantineFile('C:\WINDOWS\fonts\fyrwJf5Qfhh.fon','');
QuarantineFile('C:\WINDOWS\fonts\A97CRaCB.fon','');
DeleteFile('C:\WINDOWS\fonts\A97CRaCB.fon');
DeleteFile('C:\WINDOWS\fonts\fyrwJf5Qfhh.fon');
DeleteFile('C:\WINDOWS\MKMKrnl.dll');
DeleteFile('C:\WINDOWS\MPKrnl.dll');
DeleteFile('C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll');
DeleteFile('C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf');
DeleteFile('C:\WINDOWS\system32\704C3595.dll');
DeleteFile('C:\WINDOWS\system32\CRZfQurd2g58gXVgHSDbNhU.inf');
DeleteFile('C:\WINDOWS\system32\dhDhwS7fFW.dll');
DeleteFile('C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf');
DeleteFile('C:\WINDOWS\system32\ndxq9awMc.dll');
DeleteFile('C:\WINDOWS\system32\pEcFwPj48y6DADf87r.inf');
DeleteFile('C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf');
DeleteFile('C:\WINDOWS\system32\Va7SpUWgCA5f.dll');
DeleteFile('C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf');
DeleteFile('C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf');
DeleteFile('D:\temp\wmsetup.dll');
DeleteFile('C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur');
DeleteFile('C:\WINDOWS\Downloaded Program Files\CWWFj6tF7GvQjNsqc.cur');
DeleteFile('C:\WINDOWS\Downloaded Program Files\WfB5SebgASzrSAeaRC63D.cur');
DeleteFile('C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf');
DeleteFile('C:\WINDOWS\fonts\SD78dgC7hD2sktQHyAu.fon');
DeleteFile('C:\WINDOWS\system32\08223B03.dll');
DeleteFile('C:\WINDOWS\system32\122B901E.dll');
DeleteFile('C:\WINDOWS\system32\2EF0D734.dll');
DeleteFile('C:\WINDOWS\system32\Am274u6Rqq2cTzTpjCGKy.inf');
DeleteFile('C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf');
DeleteFile('C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf');
DeleteFile('C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf');
DeleteFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll');
DeleteFile('C:\WINDOWS\system32\SCEVFJRCmaB7.dll');
DeleteFile('C:\WINDOWS\system32\cRsAQd4hw.dll');
DeleteFile('C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll');
DeleteFile('C:\WINDOWS\system32\fRWSJda7RbSuR3jFSmMBy.inf');
DeleteFile('C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll');
DeleteFile('c:\windows\system32\b4ynkreeheerkfeea4.inf');
DeleteFile('c:\windows\fonts\a97cracb.fon');
DeleteFile('c:\windows\system32\crzfqurd2g58gxvghsdbnhu.inf');
DeleteFile('c:\windows\tasks\efepead4zpvmuxrdbs.inf');
DeleteFile('c:\windows\system32\srnrks5f7rkv9hp.inf');
DeleteFile('c:\windows\system32\3a5xtckyzk7kzcrfre.inf');
DeleteFile('c:\windows\tasks\k6xzvuk4mrgjbpe76f.inf');
DeleteFile('c:\windows\system32\2ef0d734.dll');
DeleteFile('c:\windows\system32\btmband89jc9pspq5eknj.inf');
DeleteFile('c:\windows\tasks\c2nh4numz9kny5zqnc.inf');
DeleteFile('c:\windows\system32\frwsjda7rbsur3jfsmmby.inf');
DeleteFile('c:\windows\system32\pecfwpj48y6dadf87r.inf');
DeleteFile('c:\windows\system32\dvpzdpd688jbumdbxv.inf');
DeleteFile('C:\WINDOWS\system32\rfpz9wwyy2np.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(9);
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил
(загружать тут: http://virusinfo.info/upload_virus.php?tid=54373).
Очистите временные файлы IE через "Свойства обозревателя".
Сделайте новые логи.