Здравствуйте!
Закройте все программы
Отключите
- ПК от интернета/локалки.
- Антивирус и Файрвол
Выполните скрипт в АВЗ -
Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\runWIN\update.exe','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Next.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk','');
QuarantineFile('C:\Users\Djulya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk','');
QuarantineFile('C:\Users\Djulya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yandex.lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk','');
QuarantineFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex\Yandex.lnk','');
QuarantineFile('C:\Users\Juliette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk','');
QuarantineFile('C:\Users\Juliette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk','');
QuarantineFile('C:\Users\Juliette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Удалить Google Chrome.lnk','');
QuarantineFile('C:\Users\_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk','');
QuarantineFile('C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk','');
QuarantineFile('C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Удалить Google Chrome.lnk','');
QuarantineFile('C:\Program Files (x86)\Opera Next\opera.exe.bat','');
QuarantineFile('C:\Program Files (x86)\Opera\opera.exe.bat','');
QuarantineFile('C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat','');
QuarantineFile('C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat','');
QuarantineFile('C:\Users\FARIZAT\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat','');
DeleteFile('C:\Users\FARIZAT\AppData\Roaming\runWIN\Update.exe','32');
DeleteFile('C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','32');
DeleteFile('C:\Users\FARIZAT\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat','32');
DeleteFile('C:\Program Files (x86)\Opera Next\opera.exe.bat','');
DeleteFile('C:\Program Files (x86)\Opera\opera.exe.bat','');
DeleteFile('C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat','');
DeleteFile('C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat','');
DeleteFile('C:\Users\FARIZAT\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat','');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(10);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.
Файл quarantine.zip из папки AVZ загрузите по ссылке "Прислать запрошенный карантин" вверху темы.
- Исправьте с помощью утилиты ClearLNK следующие ярлыки:
Код:
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Opera Next.lnk [C:\Program Files (x86)\Opera Next\opera.exe.bat "http://1kanal.org/?src=hp1"]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Opera.lnk [C:\Program Files (x86)\Opera\opera.exe.bat "http://1kanal.org/?src=hp1"]
C:\Users\Все пользователи\Microsoft\Windows\Start Menu\Programs\Opera Next.lnk [C:\Program Files (x86)\Opera Next\opera.exe.bat "http://1kanal.org/?src=hp1"]
C:\Users\Все пользователи\Microsoft\Windows\Start Menu\Programs\Opera.lnk [C:\Program Files (x86)\Opera\opera.exe.bat "http://1kanal.org/?src=hp1"]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Next.lnk [C:\Program Files (x86)\Opera Next\opera.exe.bat "http://1kanal.org/?src=hp1"]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [C:\Program Files (x86)\Opera\opera.exe.bat "http://1kanal.org/?src=hp1"]
================================ [ Other ] ================================
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\Djulya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\chrome.exe (File not found)]
C:\Users\Djulya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\chrome.exe (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yandex.lnk [C:\Users\FARIZAT\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk [C:\Users\FARIZAT\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\FARIZAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex\Yandex.lnk [C:\Users\FARIZAT\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\Users\Juliette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\chrome.exe (File not found)]
C:\Users\Juliette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\chrome.exe (File not found)]
C:\Users\Juliette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Удалить Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\21.0.1180.89\Installer\setup.exe --uninstall --multi-install --chrome --verbose-logging (File not found)]
C:\Users\_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\chrome.exe (File not found)]
C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\chrome.exe (File not found)]
C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Удалить Google Chrome.lnk [C:\Users\FARIZAT\AppData\Local\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe --uninstall --multi-install --chrome --verbose-logging (File not found)]
C:\Users\Все пользователи\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat "http://1kanal.org/?src=hp1" (File not found)]
отчёт о работе прикрепите.
Удалите в MBAM всё кроме
Код:
C:\Program Files (x86)\WinRAR\original\RAR Slayer v1.1.exe (Malware.Tool) -> Действие не было предпринято.
D:\DISC F\обмен\Autodesk AutoCAD 2009 Rus (x86 x64)\KeyGens\xf-acad9-32-BITS.exe (RiskWare.Tool.HCK) -> Действие не было предпринято.
D:\DISC F\обмен\Autodesk AutoCAD 2009 Rus (x86 x64)\KeyGens\xf-acad9-64-BITS.exe (RiskWare.Tool.CK) -> Действие не было предпринято.
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log)