Здравствуйте !!!
Выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('D:\PABCWork.NET\Program1.exe');
QuarantineFile('C:\Windows\system32\searchprotectservice.exe','');
QuarantineFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ГАНјдЇАА.lnk','');
QuarantineFile('C:\Program Files\MTV20151204\MTView.exe','');
QuarantineFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC???.lnk','');
QuarantineFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC','');
QuarantineFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk','');
QuarantineFile('C:\ProgramData\MwUuJDN\AiwlIVG5.bat','');
QuarantineFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk','');
QuarantineFile('C:\ProgramData\mralpZzKi\zKwmHti0.bat','');
QuarantineFile('C:\Users\weech\AppData\Local\Kometa\Panel\KometaLaunchPanel.exe','');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\R','');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol','');
QuarantineFile('C:\Users\weech\AppData\Roaming\MyDesktop\qweeeCL.exe','');
QuarantineFile('C:\Program Files\00000000-1454764872-0000-0000-6CF0490D77E7\knsx2F53.tmp','');
QuarantineFile('D:\PABCWork.NET\Program1.exe','');
DeleteFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ГАНјдЇАА.lnk');
DeleteFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk');
DeleteFile('C:\Users\weech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk');
DeleteFile('C:\Users\weech\AppData\Roaming\MyDesktop\qweeeCL.exe');
DeleteFile('C:\Program Files\00000000-1454764872-0000-0000-6CF0490D77E7\knsx2F53.tmp','32');
DeleteFile('C:\Users\weech\AppData\Roaming\MyDesktop\qweeeCL.exe','32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol','32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\R','32');
DeleteFile('C:\Users\weech\AppData\Local\Kometa\Panel\KometaLaunchPanel.exe','32');
DeleteFile('C:\ProgramData\mralpZzKi\zKwmHti0.bat','32');
DeleteFile('C:\ProgramData\MwUuJDN\AiwlIVG5.bat','32');
DeleteFile('C:\Program Files\MTV20151204\MTView.exe','32');
DeleteFile('C:\Windows\system32\searchprotectservice.exe','32');
DelBHO('{0633EE93-D776-472f-A0FF-E1416B8B2E3D}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MyDesktop');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','C');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','KometaLaunchPanel');
DeleteService('nydohytizbt');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(4);
RebootWindows(true);
end.
После перезагрузки выполните скрипт:
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Загрузите quarantine.zip из папки AVZ по красной ссылке вверху темы Прислать запрошенный карантин
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log )
+ Сделайте Лог утилиты checkbrowserlnk лог Check_Browsers_LNK прикрепите к теме.