Выполните скрипт в AVZ
Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
DelBHO('{1cc2bb80-20ab-43e5-b958-432d72b546ca}');
QuarantineFile('C:\Program Files\Great Find\Extensions\1cc2bb80-20ab-43e5-b958-432d72b546ca.dll','');
QuarantineFile('C:\ProgramData\ExtTag\druvseuj.dll','');
DeleteService('xeweqipe');
QuarantineFile('C:\Program Files\4C4C4544-1437558041-5210-8033-B2C04F424C31\knsw2E33.tmp','');
QuarantineFile('C:\Program Files\4C4C4544-1437558041-5210-8033-B2C04F424C31\hnsb9E3E.tmp','');
SetServiceStart('hyverumu', 4);
DeleteService('hyverumu');
SetServiceStart('comyninu', 4);
DeleteService('comyninu');
SetServiceStart('Service Mgr GreatFind', 4);
DeleteService('Service Mgr GreatFind');
SetServiceStart('Checker', 4);
DeleteService('Checker');
TerminateProcessByName('c:\program files\common files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.exe');
QuarantineFile('c:\program files\common files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.exe','');
TerminateProcessByName('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.exe');
QuarantineFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.exe','');
TerminateProcessByName('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\plugin.exe');
QuarantineFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\plugin.exe','');
TerminateProcessByName('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8\plugin.exe');
QuarantineFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8\plugin.exe','');
TerminateProcessByName('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5\plugin.exe');
QuarantineFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5\plugin.exe','');
TerminateProcessByName('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10\plugin.exe');
QuarantineFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10\plugin.exe','');
TerminateProcessByName('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\plugin.exe');
QuarantineFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\plugin.exe','');
TerminateProcessByName('c:\program files\checker\check.exe');
QuarantineFile('c:\program files\checker\check.exe','');
TerminateProcessByName('c:\program files\checker\packages\cab58261-9338-4ea4-8ef3-ecba42950f0c\checker.exe');
DeleteFile('c:\program files\checker\packages\cab58261-9338-4ea4-8ef3-ecba42950f0c\checker.exe','32');
DeleteFile('c:\program files\checker\check.exe','32');
DeleteFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\plugin.exe','32');
DeleteFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10\plugin.exe','32');
DeleteFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5\plugin.exe','32');
DeleteFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8\plugin.exe','32');
DeleteFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\plugin.exe','32');
DeleteFile('c:\programdata\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.exe','32');
DeleteFile('c:\program files\common files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.exe','32');
DeleteFile('C:\Program Files\4C4C4544-1437558041-5210-8033-B2C04F424C31\hnsb9E3E.tmp','32');
DeleteFile('C:\Program Files\4C4C4544-1437558041-5210-8033-B2C04F424C31\jnsm7A87.tmp','32');
DeleteFile('C:\Program Files\4C4C4544-1437558041-5210-8033-B2C04F424C31\knsw2E33.tmp','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_35F47CA955883AC80F45949DB9B0CAE0','command');
DeleteFile('C:\Program Files\Great Find\Extensions\1cc2bb80-20ab-43e5-b958-432d72b546ca.dll','32');
DeleteFile('C:\Users\admin\AppData\Roaming\mystartsearch\UninstallManager.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{A5F8D5BC-9755-454A-BD19-4D975EAF9E63}','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.
Выполните скрипт в AVZ
Код:
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
c:\quarantine.zip пришлите по красной ссылке Прислать запрошенный карантин над первым сообщением в Вашей теме.
Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи