[zirreX]

• Выполните скрипт AVZ

AVZ, меню "Файл -> Выполнить скрипт" -> Скопировать ниже написанный скрипт -> Нажать кнопку "Запустить".

Код:

begin
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\qsyu.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\wintluoec.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\winmadvps.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\winiryg.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\winhtoqlm.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\poyykq.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\winbceda.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\winpgrur.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\pnox.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\wintfyq.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\wingricoo.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\egbnq.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\hrov.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\wulxk.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\iuedpf.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\uhmucf.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','C:\DOCUME~1\BLONDI~1\LOCALS~1\Temp\lhmnmf.exe');
 DeleteFileMask('C:\WINDOWS\TEMP\', '*.*', true);
 DeleteFileMask(GetEnvironmentVariable ('Temp'), '*.*', true);
end.

Деинсталлируйте ComboFix: нажмите Пуск => Выполнить в окне наберите команду Combofix /Uninstall (Обязательно должен быть пробел между combofix и /u), нажмите кнопку "ОК"



Скачайте OTCleanIt или с зеркала, запустите, нажмите Clean up

После этого приложите к посту новый лог rsit.