Pomogite!

[Alexx111]

Код:

AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 12/19/2009 1:47:23 PM
Database loaded: signatures - 254585, NN profile(s) - 2, malware removal microprograms - 56, signature database released 18.12.2009 22:52
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 161328
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600,  ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Library not found rasapi32.dll
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error - file not found (X:\i386\System32\ntoskrnl.exe)
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
 Error loading driver - operation interrupted [C0000034]
2. Scanning RAM
 Number of processes found: 17
 Number of modules loaded: 113
Scanning RAM - complete
3. Scanning disks
Direct reading: B:\Temp\~DFA59C.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
LSP Protocol error = "RSVP UDP Service Provider" --> file is missing X:\i386\system32\rsvpsp.dll
LSP Protocol error = "RSVP TCP Service Provider" --> file is missing X:\i386\system32\rsvpsp.dll
 Attention ! SPI/LSP errors detected. Number of errors - 2
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
X:\i386\system32\LPK.DLL --> Suspicion for Keylogger or Trojan DLL
X:\i386\system32\LPK.DLL>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
B:\Tools\RICHED20.dll --> Suspicion for Keylogger/Trojan DLL, being masked as system file
B:\Tools\RICHED20.dll>>> Behaviour analysis 
  1. Reacts to events: keyboard
  2. Polls keys' state
B:\Tools\RICHED20.dll>>> Neural net: file is 0.00% like a typical keyboard/mouse events interceptor
X:\i386\system32\hnetcfg.dll --> Suspicion for Keylogger or Trojan DLL
X:\i386\system32\hnetcfg.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
X:\i386\System32\wshtcpip.dll --> Suspicion for Keylogger or Trojan DLL
X:\i386\System32\wshtcpip.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: Messenger (Messenger)
>> Services: potentially dangerous service allowed: Alerter (Alerter)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>>> Security: Internet Explorer allows ActiveX, not marked as safe
>>> Security: block ActiveX, not marked as safe, in Internet Explorer
>>> Security: Internet Explorer allows unsigned ActiveX elements
>>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
>>> Security: Internet Explorer allows running files and applications in IFRAME window without asking user
>> Security: terminal connections to the PC are allowed
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  Abnormal EXE files association
 >>  Abnormal COM files association
 >>  Abnormal REG files association
 >>  Protocol prefixes are modified
 >>  Internet Explorer - ActiveX, not marked as safe, are allowed
 >>  Internet Explorer - signed ActiveX elements are allowed without asking user
 >>  Internet Explorer - unsigned ActiveX elements are allowed
 >>  Internet Explorer - automatic queries of ActiveX operating elements are allowed
 >>  Internet Explorer - running programs and files in IFRAME window is allowed
 >>  Start menu items are blocked
 >>  Help and Support menu item is blocked
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 84915, extracted from archives: 74662, malicious software found 0, suspicions - 0
Scanning finished at 12/19/2009 1:55:34 PM
Time of scanning: 00:08:12
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

[Bratez]

Отключите восстановление системы!
Выполните скрипт в AVZ:

Код:

begin
ExecuteRepair(1);
ExecuteRepair(2);
RebootWindows(true); 
end.

Компьютер перезагрузится.
Сделайте логи в соответствии с правилами.