Собственно, пазл сошелся:
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.vools.ag
Все из компонентов были вычищены нами.
C:\Windows\NetworkDistribution\tibe-2.dll - infected with Trojan.Equation.23 C:\Windows\NetworkDistribution\posh-0.dll - infected with Trojan.Equation.77 C:\Windows\NetworkDistribution\libxml2.dll - is hacktool program Tool.Equation.23 C:\Windows\NetworkDistribution\exma-1.dll - infected with Trojan.Equation.17 C:\Windows\NetworkDistribution\trfo-2.dll - infected with Trojan.Equation.25 C:\Windows\NetworkDistribution\trch-1.dll - infected with Trojan.Equation.24 C:\Windows\NetworkDistribution\coli-0.dll - infected with BackDoor.Spy.3365 C:\Windows\NetworkDistribution\svchost.exe - infected with BackDoor.Spy.3365 C:\Windows\NetworkDistribution\trfo-2.dll - deleted C:\Windows\NetworkDistribution\posh-0.dll - deleted C:\Windows\NetworkDistribution\tibe-2.dll - deleted C:\Windows\NetworkDistribution\trch-1.dll - deleted C:\Windows\NetworkDistribution\exma-1.dll - deleted C:\Windows\NetworkDistribution\libxml2.dll - quarantined C:\Windows\NetworkDistribution\svchost.exe - deleted C:\Windows\NetworkDistribution\coli-0.dll - deleted C:\Windows\NetworkDistribution\tucl-1.dll - infected with Trojan.Equation.26 C:\Windows\NetworkDistribution\tucl-1.dll - deleted C:\Windows\NetworkDistribution\ucl.dll - infected with Trojan.Equation.91 C:\Windows\NetworkDistribution\ucl.dll - deleted
Остальные были вычещены ранее. Можно еще посмотреть вручную, остались ли какие-то dll в C:\Windows\NetworkDistribution.
Ну и, видимо, вредоносное письмо.
>>D:\DB\NewMail\Priemnaya\INBOX-1\3295.part is ZIP archive D:\DB\NewMail\Priemnaya\INBOX-1\3295.part\info.zip - infected with JS.DownLoader.1225 D:\DB\NewMail\Priemnaya\INBOX-1\3295.part\info.zip - infected, incurable