Отключите восстановление системы
Пофиксите в Hijackthis:
Код:
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\5ece5d64.exe,C:\Windows\system32\aabd766a.exe,C:\Windows\system32\ee30b202.exe,C:\Windows\system32\342142c5.exe,C:\Windows\system32\792c769e.exe,C:\Windows\system32\bb523a03.exe,C:\Windows\system32\443653d.exe,C:\Windows\system32\46905719.exe,C:\Windows\system32\a1fdf680.exe,C:\Windows\system32\ea59ac9e.exe,C:\Windows\system32\30e41489.exe,C:\Windows\system32\7407d195.exe, .....
Отключите компьютер от интернета, а также антивирус и/или файрвол.
Закройте все программы, выполните скрипт в AVZ:
Код:
begin
DeleteFileMask(GetAVZDirectory+'Quarantine','*.*',true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\CBS.log.perf','');
QuarantineFile('C:\Windows\system32\1f9e4dbe.exe','');
QuarantineFile('C:\Windows\system32\1e86c05b.exe','');
QuarantineFile('C:\Windows\system32\1e591266.exe','');
QuarantineFile('C:\Windows\system32\1cd1eca.exe','');
QuarantineFile('C:\Windows\system32\1c2c2950.exe','');
QuarantineFile('C:\Windows\system32\1af36c6f.exe','');
QuarantineFile('C:\Windows\system32\18d1d80d.exe','');
QuarantineFile('C:\Windows\system32\1654527f.exe','');
QuarantineFile('C:\Windows\system32\161864e6.exe','');
QuarantineFile('C:\Windows\system32\15ccbfaf.exe','');
QuarantineFile('C:\Windows\system32\13ba22e7.exe','');
QuarantineFile('C:\Windows\system32\11a5b24c.exe','');
QuarantineFile('C:\Windows\system32\102c10a7.exe','');
QuarantineFile('c:\windows\system32\soluti~2.scr','');
DeleteFile('C:\Windows\system32\102c10a7.exe');
DeleteFile('C:\Windows\system32\11a5b24c.exe');
DeleteFile('C:\Windows\system32\13ba22e7.exe');
DeleteFile('C:\Windows\system32\15ccbfaf.exe');
DeleteFile('C:\Windows\system32\161864e6.exe');
DeleteFile('C:\Windows\system32\1654527f.exe');
DeleteFile('C:\Windows\system32\18d1d80d.exe');
DeleteFile('C:\Windows\system32\1af36c6f.exe');
DeleteFile('C:\Windows\system32\1c2c2950.exe');
DeleteFile('C:\Windows\system32\1cd1eca.exe');
DeleteFile('C:\Windows\system32\1e591266.exe');
DeleteFile('C:\Windows\system32\1e86c05b.exe');
DeleteFile('C:\Windows\system32\1f9e4dbe.exe');
DeleteFile('C:\Windows\system32\2128d9f.exe');
DeleteFile('C:\Windows\system32\2157847c.exe');
DeleteFile('C:\Windows\system32\21988924.exe');
DeleteFile('C:\Windows\system32\22e8aa66.exe');
DeleteFile('C:\Windows\system32\253637ef.exe');
DeleteFile('C:\Windows\system32\254f8af8.exe');
DeleteFile('C:\Windows\system32\259aafcf.exe');
DeleteFile('C:\Windows\system32\2601d194.exe');
DeleteFile('C:\Windows\system32\2630257.exe');
DeleteFile('C:\Windows\system32\27fcf5e.exe');
DeleteFile('C:\Windows\system32\29b94f63.exe');
DeleteFile('C:\Windows\system32\2a580abe.exe');
DeleteFile('C:\Windows\system32\2b1eaaf0.exe');
DeleteFile('C:\Windows\system32\2b272e4.exe');
DeleteFile('C:\Windows\system32\2be5b01c.exe');
DeleteFile('C:\Windows\system32\2c5fe778.exe');
DeleteFile('C:\Windows\system32\2ccdf569.exe');
DeleteFile('C:\Windows\system32\2ceb4250.exe');
DeleteFile('C:\Windows\system32\2e827a01.exe');
DeleteFile('C:\Windows\system32\2f05379c.exe');
DeleteFile('C:\Windows\system32\30e41489.exe');
DeleteFile('C:\Windows\system32\33afeeb9.exe');
DeleteFile('C:\Windows\system32\33e392dd.exe');
DeleteFile('C:\Windows\system32\342142c5.exe');
DeleteFile('C:\Windows\system32\342d5660.exe');
DeleteFile('C:\Windows\system32\383158c2.exe');
DeleteFile('C:\Windows\system32\38be983d.exe');
DeleteFile('C:\Windows\system32\38c2ff1b.exe');
DeleteFile('C:\Windows\system32\3b2ba0e0.exe');
DeleteFile('C:\Windows\system32\3c86ceeb.exe');
DeleteFile('C:\Windows\system32\3d8f3fef.exe');
DeleteFile('C:\Windows\system32\3de39b86.exe');
DeleteFile('C:\Windows\system32\3e314c54.exe');
DeleteFile('C:\Windows\system32\3ff55c77.exe');
DeleteFile('C:\Windows\system32\4044c182.exe');
DeleteFile('C:\Windows\system32\41cfcc05.exe');
DeleteFile('C:\Windows\system32\4328758.exe');
DeleteFile('C:\Windows\system32\43497af7.exe');
DeleteFile('C:\Windows\system32\4434230e.exe');
DeleteFile('C:\Windows\system32\443653d.exe');
DeleteFile('C:\Windows\system32\4557f5f9.exe');
DeleteFile('C:\Windows\system32\46905719.exe');
DeleteFile('C:\Windows\system32\4729d26d.exe');
DeleteFile('C:\Windows\system32\4910975f.exe');
DeleteFile('C:\Windows\system32\4a9d079e.exe');
DeleteFile('C:\Windows\system32\4be8cd33.exe');
DeleteFile('C:\Windows\system32\4c8bc3d6.exe');
DeleteFile('C:\Windows\system32\4d724cf9.exe');
DeleteFile('C:\Windows\system32\4f4a0cc7.exe');
DeleteFile('C:\Windows\system32\4f9b0730.exe');
DeleteFile('C:\Windows\system32\4feaa744.exe');
DeleteFile('C:\Windows\system32\50812275.exe');
DeleteFile('C:\Windows\system32\54222a87.exe');
DeleteFile('C:\Windows\system32\54285bb1.exe');
DeleteFile('C:\Windows\system32\55bad06f.exe');
DeleteFile('C:\Windows\system32\565f0461.exe');
DeleteFile('C:\Windows\system32\584c2d3b.exe');
DeleteFile('C:\Windows\system32\5a64ed1e.exe');
DeleteFile('C:\Windows\system32\5a945fe5.exe');
DeleteFile('C:\Windows\system32\5b342efd.exe');
DeleteFile('C:\Windows\system32\5c9a7fd4.exe');
DeleteFile('C:\Windows\system32\5caa0772.exe');
DeleteFile('C:\Windows\system32\5cd6395a.exe');
DeleteFile('C:\Windows\system32\5ece5d64.exe');
DeleteFile('C:\Windows\system32\5ee01b77.exe');
DeleteFile('C:\Windows\system32\5fad40f5.exe');
DeleteFile('C:\Windows\system32\5ffc10f1.exe');
DeleteFile('C:\Windows\system32\6075a6e8.exe');
DeleteFile('C:\Windows\system32\65424a1c.exe');
DeleteFile('C:\Windows\system32\671de92b.exe');
DeleteFile('C:\Windows\system32\683b62d2.exe');
DeleteFile('C:\Windows\system32\68bffda9.exe');
DeleteFile('C:\Windows\system32\690cc9b9.exe');
DeleteFile('C:\Windows\system32\691d5fd.exe');
DeleteFile('C:\Windows\system32\6cf9d44a.exe');
DeleteFile('C:\Windows\system32\6e847f7a.exe');
DeleteFile('C:\Windows\system32\6ef89996.exe');
DeleteFile('C:\Windows\system32\73364da2.exe');
DeleteFile('C:\Windows\system32\73ddb5a3.exe');
DeleteFile('C:\Windows\system32\7407d195.exe');
DeleteFile('C:\Windows\system32\7456877a.exe');
DeleteFile('C:\Windows\system32\7457f8b7.exe');
DeleteFile('C:\Windows\system32\75733afa.exe');
DeleteFile('C:\Windows\system32\76f11d1f.exe');
DeleteFile('C:\Windows\system32\792c769e.exe');
DeleteFile('C:\Windows\system32\796ab6a5.exe');
DeleteFile('C:\Windows\system32\7a2a5691.exe');
DeleteFile('C:\Windows\system32\7af62c9b.exe');
DeleteFile('C:\Windows\system32\7f958f61.exe');
DeleteFile('C:\Windows\system32\802e6d00.exe');
DeleteFile('C:\Windows\system32\8073a696.exe');
DeleteFile('C:\Windows\system32\8076cbde.exe');
DeleteFile('C:\Windows\system32\84cfb5c7.exe');
DeleteFile('C:\Windows\system32\859c1e2a.exe');
DeleteFile('C:\Windows\system32\86bc2ebe.exe');
DeleteFile('C:\Windows\system32\87f1309d.exe');
DeleteFile('C:\Windows\system32\880b0c17.exe');
DeleteFile('C:\Windows\system32\8a117ffc.exe');
DeleteFile('C:\Windows\system32\8b1d3c48.exe');
DeleteFile('C:\Windows\system32\8c6bc248.exe');
DeleteFile('C:\Windows\system32\8e0f9c46.exe');
DeleteFile('C:\Windows\system32\8e102e7f.exe');
DeleteFile('C:\Windows\system32\92c95920.exe');
DeleteFile('C:\Windows\system32\92ef8e65.exe');
DeleteFile('C:\Windows\system32\933289fd.exe');
DeleteFile('C:\Windows\system32\978a8d7.exe');
DeleteFile('C:\Windows\system32\99042c6c.exe');
DeleteFile('C:\Windows\system32\9b48c592.exe');
DeleteFile('C:\Windows\system32\9d2f69db.exe');
DeleteFile('C:\Windows\system32\9de1e55d.exe');
DeleteFile('C:\Windows\system32\a1641c14.exe');
DeleteFile('C:\Windows\system32\a1fdf680.exe');
DeleteFile('C:\Windows\system32\a25d35e5.exe');
DeleteFile('C:\Windows\system32\a2776545.exe');
DeleteFile('C:\Windows\system32\a27e4f07.exe');
DeleteFile('C:\Windows\system32\a310c71f.exe');
DeleteFile('C:\Windows\system32\a5de1166.exe');
DeleteFile('C:\Windows\system32\a799d004.exe');
DeleteFile('C:\Windows\system32\aa0ce809.exe');
DeleteFile('C:\Windows\system32\aa368b25.exe');
DeleteFile('C:\Windows\system32\aabd766a.exe');
DeleteFile('C:\Windows\system32\aafac2b.exe');
DeleteFile('C:\Windows\system32\ad93908.exe');
DeleteFile('C:\Windows\system32\adedb071.exe');
DeleteFile('C:\Windows\system32\ae3c36a0.exe');
DeleteFile('C:\Windows\system32\af9efb1d.exe');
DeleteFile('C:\Windows\system32\b03f6648.exe');
DeleteFile('C:\Windows\system32\b11938df.exe');
DeleteFile('C:\Windows\system32\b4118df4.exe');
DeleteFile('C:\Windows\system32\b43f4bdc.exe');
DeleteFile('C:\Windows\system32\b5005f63.exe');
DeleteFile('C:\Windows\system32\b568dbf.exe');
DeleteFile('C:\Windows\system32\b611510f.exe');
DeleteFile('C:\Windows\system32\b6f31d0c.exe');
DeleteFile('C:\Windows\system32\b75aa466.exe');
DeleteFile('C:\Windows\system32\b888b9a4.exe');
DeleteFile('C:\Windows\system32\b8e36e1b.exe');
DeleteFile('C:\Windows\system32\b914600f.exe');
DeleteFile('C:\Windows\system32\b9702ce8.exe');
DeleteFile('C:\Windows\system32\bb523a03.exe');
DeleteFile('C:\Windows\system32\bb82b3ba.exe');
DeleteFile('C:\Windows\system32\bcafe9eb.exe');
DeleteFile('C:\Windows\system32\bd009472.exe');
DeleteFile('C:\Windows\system32\be24e15d.exe');
DeleteFile('C:\Windows\system32\bf88ed2b.exe');
DeleteFile('C:\Windows\system32\c2a2163b.exe');
DeleteFile('C:\Windows\system32\c385c5e6.exe');
DeleteFile('C:\Windows\system32\c472c6b7.exe');
DeleteFile('C:\Windows\system32\c484acf4.exe');
DeleteFile('C:\Windows\system32\c4fae2c5.exe');
DeleteFile('C:\Windows\system32\c5cd8f47.exe');
DeleteFile('C:\Windows\system32\c6047537.exe');
DeleteFile('C:\Windows\system32\c68b11c9.exe');
DeleteFile('C:\Windows\system32\c7de390d.exe');
DeleteFile('C:\Windows\system32\c8afaeab.exe');
DeleteFile('C:\Windows\system32\c91c826.exe');
DeleteFile('C:\Windows\system32\cd1051ef.exe');
DeleteFile('C:\Windows\system32\cd826f.exe');
DeleteFile('C:\Windows\system32\cda783c4.exe');
DeleteFile('C:\Windows\system32\cee680e6.exe');
DeleteFile('C:\Windows\system32\cf3d311b.exe');
DeleteFile('C:\Windows\system32\cfabb9ee.exe');
DeleteFile('C:\Windows\system32\d0326e72.exe');
DeleteFile('C:\Windows\system32\d0ec6fc.exe');
DeleteFile('C:\Windows\system32\d16a4198.exe');
DeleteFile('C:\Windows\system32\d326b55e.exe');
DeleteFile('C:\Windows\system32\d3412b4.exe');
DeleteFile('C:\Windows\system32\d4fa9f20.exe');
DeleteFile('C:\Windows\system32\d828e23f.exe');
DeleteFile('C:\Windows\system32\da426982.exe');
DeleteFile('C:\Windows\system32\de0e1834.exe');
DeleteFile('C:\Windows\system32\de27165f.exe');
DeleteFile('C:\Windows\system32\df28644f.exe');
DeleteFile('C:\Windows\system32\df8c9d8b.exe');
DeleteFile('C:\Windows\system32\e07ba1f9.exe');
DeleteFile('C:\Windows\system32\e14089a0.exe');
DeleteFile('C:\Windows\system32\e1672e29.exe');
DeleteFile('C:\Windows\system32\e1732e21.exe');
DeleteFile('C:\Windows\system32\e2ecdeb6.exe');
DeleteFile('C:\Windows\system32\e472bc27.exe');
DeleteFile('C:\Windows\system32\e937e54f.exe');
DeleteFile('C:\Windows\system32\e9bf3a9b.exe');
DeleteFile('C:\Windows\system32\ea2e9113.exe');
DeleteFile('C:\Windows\system32\ea59ac9e.exe');
DeleteFile('C:\Windows\system32\eb6da795.exe');
DeleteFile('C:\Windows\system32\ec99b9f6.exe');
DeleteFile('C:\Windows\system32\ee30b202.exe');
DeleteFile('C:\Windows\system32\ef66a390.exe');
DeleteFile('C:\Windows\system32\f07461b4.exe');
DeleteFile('C:\Windows\system32\f1816fc3.exe');
DeleteFile('C:\Windows\system32\f1a4a236.exe');
DeleteFile('C:\Windows\system32\f2df86c1.exe');
DeleteFile('C:\Windows\system32\f2e4dbd2.exe');
DeleteFile('C:\Windows\system32\f6ea2df.exe');
DeleteFile('C:\Windows\system32\f8701420.exe');
DeleteFile('C:\Windows\system32\fb68b859.exe');
DeleteFile('C:\Windows\system32\fc17abdd.exe');
DeleteFile('C:\Windows\system32\fd3f52ec.exe');
DeleteFile('C:\Windows\system32\fd67982e.exe');
DeleteFile('C:\Windows\system32\fe6c710e.exe');
DeleteFile('C:\Windows\system32\fea7c3fc.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится! Пришлите карантин по ссылке согласно правил Прислать запрошенный карантин вверху темы. Сделайте новые логи по правилам (virusinfo_syscure.zip, virusinfo_syscheck.zip и hijackthis.log)