Выполните скрипт в AVZ:
Код:
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe');
TerminateProcessByName('d:\windows\cfdrive32.exe');
TerminateProcessByName('d:\docume~1\kvv\locals~1\temp\7298.exe');
QuarantineFile('D:\WINDOWS\system32\70.exe','');
QuarantineFile('D:\WINDOWS\system32\26.exe','');
QuarantineFile('D:\WINDOWS\system32\35.exe','');
QuarantineFile('D:\WINDOWS\system32\67.exe','');
QuarantineFile('D:\WINDOWS\system32\77.exe','');
QuarantineFile('D:\WINDOWS\system32\87.exe','');
QuarantineFile('D:\WINDOWS\system32\02.exe','');
QuarantineFile('D:\WINDOWS\system32\04.exe','');
QuarantineFile('D:\WINDOWS\system32\07.exe','');
QuarantineFile('D:\WINDOWS\system32\11.exe','');
QuarantineFile('D:\WINDOWS\system32\15.exe','');
QuarantineFile('D:\WINDOWS\system32\25.exe','');
QuarantineFile('D:\WINDOWS\system32\27.exe','');
QuarantineFile('D:\WINDOWS\system32\32.exe','');
QuarantineFile('D:\WINDOWS\system32\42.exe','');
QuarantineFile('D:\WINDOWS\system32\64.exe','');
QuarantineFile('D:\WINDOWS\system32\57.exe','');
QuarantineFile('D:\WINDOWS\system32\41.exe','');
QuarantineFile('D:\WINDOWS\system32\12.exe','');
QuarantineFile('D:\WINDOWS\system32\78.exe','');
QuarantineFile('D:\WINDOWS\system32\36.exe','');
QuarantineFile('D:\WINDOWS\system32\21.exe','');
QuarantineFile('D:\WINDOWS\system32\53.exe','');
QuarantineFile('D:\WINDOWS\system32\23.exe','');
QuarantineFile('D:\WINDOWS\cfdrive32.exe','');
QuarantineFile('D:\RECYCLER\S-1-5-21-5926763937-8151121736-282971327-5201\syscr.exe','');
QuarantineFile('D:\Documents and Settings\KVV\Application Data\ltzqai.exe','');
QuarantineFile('D:\DOCUME~1\KVV\LOCALS~1\Temp\36920.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe','');
QuarantineFile('D:\WINDOWS\system\csrss.exe','');
DeleteService('NrConnmags');
DeleteFile('D:\WINDOWS\system\csrss.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','12CFG214-K641-12SF-N85P');
DeleteFile('D:\DOCUME~1\KVV\LOCALS~1\Temp\36920.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run-','Advanced DHTML Enable');
DeleteFile('D:\Documents and Settings\KVV\Application Data\ltzqai.exe');
DeleteFile('D:\RECYCLER\S-1-5-21-5926763937-8151121736-282971327-5201\syscr.exe');
DeleteFile('D:\WINDOWS\cfdrive32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
DeleteFile('D:\WINDOWS\system32\23.exe');
DeleteFile('D:\WINDOWS\system32\53.exe');
DeleteFile('D:\WINDOWS\system32\21.exe');
DeleteFile('D:\WINDOWS\system32\36.exe');
DeleteFile('D:\WINDOWS\system32\78.exe');
DeleteFile('D:\WINDOWS\system32\12.exe');
DeleteFile('D:\WINDOWS\system32\41.exe');
DeleteFile('D:\WINDOWS\system32\57.exe');
DeleteFile('D:\WINDOWS\system32\64.exe');
DeleteFile('D:\WINDOWS\system32\42.exe');
DeleteFile('D:\WINDOWS\system32\32.exe');
DeleteFile('D:\WINDOWS\system32\27.exe');
DeleteFile('D:\WINDOWS\system32\25.exe');
DeleteFile('D:\WINDOWS\system32\15.exe');
DeleteFile('D:\WINDOWS\system32\11.exe');
DeleteFile('D:\WINDOWS\system32\07.exe');
DeleteFile('D:\WINDOWS\system32\04.exe');
DeleteFile('D:\WINDOWS\system32\02.exe');
DeleteFile('D:\WINDOWS\system32\87.exe');
DeleteFile('D:\WINDOWS\system32\77.exe');
DeleteFile('D:\WINDOWS\system32\67.exe');
DeleteFile('D:\WINDOWS\system32\35.exe');
DeleteFile('D:\WINDOWS\system32\26.exe');
DeleteFile('D:\WINDOWS\system32\70.exe');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.
Файл quarantine.zip загрузите по ссылке прислать запрошенный карантин.
Сделайте новые логи