drweb не смог зачистить, я снимал винт, цеплял к другому компу. Стало не намного лучше. Логи прикрепляю.
Printable View
drweb не смог зачистить, я снимал винт, цеплял к другому компу. Стало не намного лучше. Логи прикрепляю.
Уважаемый(ая) [B]vknyaz[/B], спасибо за обращение на наш форум!
Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].
[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
Люди обратите на меня внимание! Очень надо! Я может не правильно выразился, но это логи с зараженного компьютера, а не с того к которому я диск подключал. Еще раз прошу обратить внимание на меня. Третьи сутки пошли.
Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\работа\AppData\Local\Hostinstaller\478067544_monster.exe','');
QuarantineFile('C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe','');
QuarantineFile('C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe','');
QuarantineFile('C:\Users\работа\AppData\Roaming\okagncigkfokplmopeninonbibkmpogi\ml.py','');
QuarantineFile('C:\Users\работа\AppData\Roaming\Horoscope\app.py','');
QuarantineFile('C:\Program Files (x86)\kqEuPYMaU\nOnBlp.dll','');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
QuarantineFile('C:\Program Files (x86)\ZfJRwqLPhIE\kBoflUE.dll','');
QuarantineFile('C:\Users\работа\AppData\Roaming\Horoscope\ml2.py','');
QuarantineFile('C:\Program Files (x86)\WeatherInspect\WeatherInspect.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\ttnchjv225d\vcfzzrked5p.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-kcndl.tmp\vcfzzrked5p.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\xcb2mi5pxz3\vgmgy5z0jit.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-24i1p.tmp\vgmgy5z0jit.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-24i1p.tmp\vgmgy5z0jit.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\xcb2mi5pxz3\vgmgy5z0jit.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-kcndl.tmp\vcfzzrked5p.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\ttnchjv225d\vcfzzrked5p.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\yuifces0gub\vx51r351z25.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-cnqig.tmp\vx51r351z25.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\pochtwh2t2v\wcdeh5n5ocf.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-fdiqj.tmp\wcdeh5n5ocf.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-fdiqj.tmp\wcdeh5n5ocf.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\pochtwh2t2v\wcdeh5n5ocf.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-cnqig.tmp\vx51r351z25.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\yuifces0gub\vx51r351z25.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\ky0ww55v0ay\xjvhq1imfik.exe');
TerminateProcessByName('c:\program files (x86)\hpwhale\whalestarter.exe');
QuarantineFile('c:\program files (x86)\hpwhale\whalestarter.exe','');
QuarantineFile('c:\users\работа\appdata\roaming\ky0ww55v0ay\xjvhq1imfik.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-325al.tmp\yapdkt3njmm.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\y5222ixzdda\yapdkt3njmm.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-tfap0.tmp\xjvhq1imfik.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-tfap0.tmp\xjvhq1imfik.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\y5222ixzdda\yapdkt3njmm.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-325al.tmp\yapdkt3njmm.tmp','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-p3mps.tmp\ywqxr3osr2r.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\cbh15tm2ozw\ywqxr3osr2r.exe');
TerminateProcessByName('c:\program files (x86)\yeadesktop\yeadesktop.exe');
QuarantineFile('c:\program files (x86)\yeadesktop\yeadesktop.exe','');
QuarantineFile('c:\users\работа\appdata\roaming\cbh15tm2ozw\ywqxr3osr2r.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-p3mps.tmp\ywqxr3osr2r.tmp','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-b1e4g.tmp\rw3z3bfhq00.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\dcvgdmluifd\rw3z3bfhq00.exe');
TerminateProcessByName('c:\users\работа\appdata\roaming\n5pdd4wbwu3\rdelqxejuco.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-luu3v.tmp\qsglzcz1luv.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-luu3v.tmp\qsglzcz1luv.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\n5pdd4wbwu3\rdelqxejuco.exe','');
QuarantineFile('c:\users\работа\appdata\roaming\dcvgdmluifd\rw3z3bfhq00.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-b1e4g.tmp\rw3z3bfhq00.tmp','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-8qp4f.tmp\npcfouc4et2.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\dlnksn1dymn\p4l5bvazpgs.exe');
TerminateProcessByName('c:\users\работа\appdata\roaming\nmgqlb3uj0t\qsglzcz1luv.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-5s30g.tmp\p4l5bvazpgs.tmp');
QuarantineFile('c:\users\работа\appdata\roaming\nmgqlb3uj0t\qsglzcz1luv.exe','');
QuarantineFile('c:\program files (x86)\pqwick1.1\pqwick.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-5s30g.tmp\p4l5bvazpgs.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\dlnksn1dymn\p4l5bvazpgs.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-8qp4f.tmp\npcfouc4et2.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\jadq4gumvsj\mvskhwbmxtx.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-1r8bq.tmp\mvskhwbmxtx.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\eht3heiu3pp\n40dwzhavqy.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-h99fd.tmp\n40dwzhavqy.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\f1q55yrnxmh\npcfouc4et2.exe');
QuarantineFile('c:\users\работа\appdata\roaming\f1q55yrnxmh\npcfouc4et2.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-h99fd.tmp\n40dwzhavqy.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\eht3heiu3pp\n40dwzhavqy.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-1r8bq.tmp\mvskhwbmxtx.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\jadq4gumvsj\mvskhwbmxtx.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-9c2ji.tmp\l2qk3tfuxb2.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\0r45yjtxayy\lbn5zub3oel.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-mv6s4.tmp\lbn5zub3oel.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\qg2phn0hbaf\lfj3k54gg1c.exe');
QuarantineFile('c:\users\работа\appdata\roaming\qg2phn0hbaf\lfj3k54gg1c.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-mv6s4.tmp\lbn5zub3oel.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\0r45yjtxayy\lbn5zub3oel.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-9c2ji.tmp\l2qk3tfuxb2.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\ki1mx2k3t3t\l2qk3tfuxb2.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-86muq.tmp\kytua0yxcal.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\1r3dcoac1vu\kytua0yxcal.exe');
TerminateProcessByName('c:\users\работа\appdata\roaming\cuf1uatwj1j\kp4zz1rk5is.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-gu3d0.tmp\kp4zz1rk5is.tmp');
QuarantineFile('c:\users\работа\appdata\roaming\1r3dcoac1vu\kytua0yxcal.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-86muq.tmp\kytua0yxcal.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\ki1mx2k3t3t\l2qk3tfuxb2.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-gu3d0.tmp\kp4zz1rk5is.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\cuf1uatwj1j\kp4zz1rk5is.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-o0g7c.tmp\hle0c3t4fzm.tmp');
TerminateProcessByName('c:\program files (x86)\hpwhale\hpwhalesrv.exe');
TerminateProcessByName('c:\users\работа\appdata\roaming\uuyqqirhy4q\htk22gbnkc5.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-b6fsc.tmp\htk22gbnkc5.tmp');
QuarantineFile('c:\users\работа\appdata\roaming\uuyqqirhy4q\htk22gbnkc5.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-b6fsc.tmp\htk22gbnkc5.tmp','');
QuarantineFile('c:\program files (x86)\hpwhale\hpwhalesrv.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-o0g7c.tmp\hle0c3t4fzm.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\nmhwzzacfpn\hle0c3t4fzm.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\hots5npb5ba\gx1rreclay5.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-u1e1s.tmp\gx1rreclay5.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\wu12is1p1v2\hdokcleeyoz.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-t0hvc.tmp\hdokcleeyoz.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-t0hvc.tmp\hdokcleeyoz.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\wu12is1p1v2\hdokcleeyoz.exe','');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-u1e1s.tmp\gx1rreclay5.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\hots5npb5ba\gx1rreclay5.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\u5z431qnydp\gswe2myg2hx.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-4pl32.tmp\gswe2myg2hx.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-4pl32.tmp\gswe2myg2hx.tmp','');
QuarantineFile('c:\users\работа\appdata\roaming\u5z431qnydp\gswe2myg2hx.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-mog52.tmp\evqwfmixbwc.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-mog52.tmp\evqwfmixbwc.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\dtucgtss4rl\evqwfmixbwc.exe');
QuarantineFile('c:\users\работа\appdata\roaming\dtucgtss4rl\evqwfmixbwc.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-jbu5e.tmp\evct1mqxrkd.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-jbu5e.tmp\evct1mqxrkd.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\dowctbkwml2\evct1mqxrkd.exe');
QuarantineFile('c:\users\работа\appdata\roaming\dowctbkwml2\evct1mqxrkd.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\cpuzapp4\cpuzapp.exe');
QuarantineFile('c:\users\работа\appdata\roaming\cpuzapp4\cpuzapp.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\wdpk5zwtntx\bnxsf0p2qjy.exe');
QuarantineFile('c:\users\работа\appdata\roaming\wdpk5zwtntx\bnxsf0p2qjy.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-vo6jt.tmp\bnxsf0p2qjy.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-vo6jt.tmp\bnxsf0p2qjy.tmp','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-kmots.tmp\b5mzwwgqbd2.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-kmots.tmp\b5mzwwgqbd2.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\5dnctlqwiok\b5mzwwgqbd2.exe');
QuarantineFile('c:\users\работа\appdata\roaming\5dnctlqwiok\b5mzwwgqbd2.exe','');
TerminateProcessByName('c:\users\работа\desktop\autologger\autologger.exe');
QuarantineFile('c:\users\работа\desktop\autologger\autologger.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-oe8dt.tmp\auh1ihzurca.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-oe8dt.tmp\auh1ihzurca.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\05w15r1yjh1\auh1ihzurca.exe');
QuarantineFile('c:\users\работа\appdata\roaming\05w15r1yjh1\auh1ihzurca.exe','');
TerminateProcessByName('c:\users\работа\appdata\roaming\0fc2rcwhklt\50idwuku3a3.exe');
QuarantineFile('c:\users\работа\appdata\roaming\0fc2rcwhklt\50idwuku3a3.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-nr75a.tmp\4kddqiqxsz5.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-nr75a.tmp\4kddqiqxsz5.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\up5n2i41x1t\4kddqiqxsz5.exe');
QuarantineFile('c:\users\работа\appdata\roaming\up5n2i41x1t\4kddqiqxsz5.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-9p39p.tmp\4hsrrodf45c.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-9p39p.tmp\4hsrrodf45c.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\at00dhzib53\4hsrrodf45c.exe');
QuarantineFile('c:\users\работа\appdata\roaming\at00dhzib53\4hsrrodf45c.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-crc50.tmp\3yoh0qh1uv2.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-crc50.tmp\3yoh0qh1uv2.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\kh1g0iebxjy\3yoh0qh1uv2.exe');
QuarantineFile('c:\users\работа\appdata\roaming\kh1g0iebxjy\3yoh0qh1uv2.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-d354p.tmp\3icnuhg1emi.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-d354p.tmp\3icnuhg1emi.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\dx5avjdidwq\3icnuhg1emi.exe');
QuarantineFile('c:\users\работа\appdata\roaming\dx5avjdidwq\3icnuhg1emi.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-bftra.tmp\2nartk5i4ea.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-bftra.tmp\2nartk5i4ea.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\iptao4puqrg\2nartk5i4ea.exe');
QuarantineFile('c:\users\работа\appdata\roaming\iptao4puqrg\2nartk5i4ea.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-r182f.tmp\1mhezm2zvad.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-r182f.tmp\1mhezm2zvad.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\f33azxcbwed\1mhezm2zvad.exe');
QuarantineFile('c:\users\работа\appdata\roaming\f33azxcbwed\1mhezm2zvad.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-h8rio.tmp\1cqnvsqvmid.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-h8rio.tmp\1cqnvsqvmid.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\2vyiyh525w0\1cqnvsqvmid.exe');
QuarantineFile('c:\users\работа\appdata\roaming\2vyiyh525w0\1cqnvsqvmid.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-pafge.tmp\0zvdaq0gzoa.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-pafge.tmp\0zvdaq0gzoa.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\azgfh1kgkl0\0zvdaq0gzoa.exe');
QuarantineFile('c:\users\работа\appdata\roaming\azgfh1kgkl0\0zvdaq0gzoa.exe','');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-86cgc.tmp\0eklo52zyg1.tmp');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-86cgc.tmp\0eklo52zyg1.tmp','');
TerminateProcessByName('c:\users\работа\appdata\roaming\12yoldi20lx\0eklo52zyg1.exe');
QuarantineFile('c:\users\работа\appdata\roaming\12yoldi20lx\0eklo52zyg1.exe','');
DeleteFile('c:\users\работа\appdata\roaming\12yoldi20lx\0eklo52zyg1.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-86cgc.tmp\0eklo52zyg1.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\azgfh1kgkl0\0zvdaq0gzoa.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-pafge.tmp\0zvdaq0gzoa.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\2vyiyh525w0\1cqnvsqvmid.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-h8rio.tmp\1cqnvsqvmid.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\f33azxcbwed\1mhezm2zvad.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-r182f.tmp\1mhezm2zvad.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\iptao4puqrg\2nartk5i4ea.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-bftra.tmp\2nartk5i4ea.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\dx5avjdidwq\3icnuhg1emi.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-d354p.tmp\3icnuhg1emi.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\kh1g0iebxjy\3yoh0qh1uv2.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-crc50.tmp\3yoh0qh1uv2.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\at00dhzib53\4hsrrodf45c.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-9p39p.tmp\4hsrrodf45c.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\up5n2i41x1t\4kddqiqxsz5.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-nr75a.tmp\4kddqiqxsz5.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\0fc2rcwhklt\50idwuku3a3.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\05w15r1yjh1\auh1ihzurca.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-oe8dt.tmp\auh1ihzurca.tmp','32');
DeleteFile('c:\users\работа\desktop\autologger\autologger.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\5dnctlqwiok\b5mzwwgqbd2.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-kmots.tmp\b5mzwwgqbd2.tmp','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-vo6jt.tmp\bnxsf0p2qjy.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\wdpk5zwtntx\bnxsf0p2qjy.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\cpuzapp4\cpuzapp.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\dowctbkwml2\evct1mqxrkd.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-jbu5e.tmp\evct1mqxrkd.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\dtucgtss4rl\evqwfmixbwc.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-mog52.tmp\evqwfmixbwc.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\u5z431qnydp\gswe2myg2hx.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-4pl32.tmp\gswe2myg2hx.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\hots5npb5ba\gx1rreclay5.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-u1e1s.tmp\gx1rreclay5.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\wu12is1p1v2\hdokcleeyoz.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-t0hvc.tmp\hdokcleeyoz.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\nmhwzzacfpn\hle0c3t4fzm.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-o0g7c.tmp\hle0c3t4fzm.tmp','32');
DeleteFile('c:\program files (x86)\hpwhale\hpwhalesrv.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-b6fsc.tmp\htk22gbnkc5.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\uuyqqirhy4q\htk22gbnkc5.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\cuf1uatwj1j\kp4zz1rk5is.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-gu3d0.tmp\kp4zz1rk5is.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\ki1mx2k3t3t\l2qk3tfuxb2.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-86muq.tmp\kytua0yxcal.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\1r3dcoac1vu\kytua0yxcal.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-9c2ji.tmp\l2qk3tfuxb2.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\0r45yjtxayy\lbn5zub3oel.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-mv6s4.tmp\lbn5zub3oel.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\qg2phn0hbaf\lfj3k54gg1c.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\jadq4gumvsj\mvskhwbmxtx.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-1r8bq.tmp\mvskhwbmxtx.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\eht3heiu3pp\n40dwzhavqy.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-h99fd.tmp\n40dwzhavqy.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\f1q55yrnxmh\npcfouc4et2.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-8qp4f.tmp\npcfouc4et2.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\dlnksn1dymn\p4l5bvazpgs.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-5s30g.tmp\p4l5bvazpgs.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\nmgqlb3uj0t\qsglzcz1luv.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-b1e4g.tmp\rw3z3bfhq00.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\dcvgdmluifd\rw3z3bfhq00.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\n5pdd4wbwu3\rdelqxejuco.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-luu3v.tmp\qsglzcz1luv.tmp','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-p3mps.tmp\ywqxr3osr2r.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\cbh15tm2ozw\ywqxr3osr2r.exe','32');
DeleteFile('c:\program files (x86)\yeadesktop\yeadesktop.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-325al.tmp\yapdkt3njmm.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\y5222ixzdda\yapdkt3njmm.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-tfap0.tmp\xjvhq1imfik.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\ky0ww55v0ay\xjvhq1imfik.exe','32');
DeleteFile('c:\program files (x86)\hpwhale\whalestarter.exe','32');
DeleteFile('c:\users\работа\appdata\roaming\yuifces0gub\vx51r351z25.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-cnqig.tmp\vx51r351z25.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\pochtwh2t2v\wcdeh5n5ocf.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-fdiqj.tmp\wcdeh5n5ocf.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\ttnchjv225d\vcfzzrked5p.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-kcndl.tmp\vcfzzrked5p.tmp','32');
DeleteFile('c:\users\работа\appdata\roaming\xcb2mi5pxz3\vgmgy5z0jit.exe','32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-24i1p.tmp\vgmgy5z0jit.tmp','32');
DeleteFile('C:\Program Files (x86)\WeatherInspect\WeatherInspect.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WeatherInspect');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WhaleStarter');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5YC2BAEXRDOI4CU');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','8141582');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7BADSHBNCO0X971');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5739560');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7738311');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2TQAUKGV7T5BZBU');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','810306');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SAXXAB4ISV8112P');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','okagncigkfokplmopeninonbibkmpogi');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CpuzApp');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','YeaDesktop');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','6431558');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','314079');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','0O8MMT42FB4Y2CD');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3284368');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','OSJW6ARJQVV3L8F');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','906372');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1687498');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','6682657');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','UEOCSAHSVNO0ON0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','4TZ3S5EAGVZLUQR');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2331678');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3319536');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','9476487');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Y9LNB7S71YFLS0L');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ZH8UTX2S3UHWM05');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5417626');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3166308');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','6QZJTX0FMFR3YXH');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5575436');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','JO7M5NCNO3B37MY');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7355328');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7315974');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','8385938');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','XW0MPULXO59C8W9');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2882486');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5353809');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','394883');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5Q8Q2PQVP9LUC0G');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3QFZAYLK7GWXAPR');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','8680062');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7UXVXLZ2IKT0KUV');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1368386');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CWO8NPTGUR4N6MT');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3392086');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','4662222');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7035119');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1CKPZ17XF54H9WN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ZYL2Y56WXAXQLL8');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2294727');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','128678');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','9862914');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','J94EWGNZFMDGX8E');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','JT7ZR4FI1O81EJT');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5390103');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','6647120');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','274H7NA158BGNX8');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','6535654');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','M89A4DSFFU3XZT5');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7826380');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','4088318');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','816308');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Z4HQPTJNQANGIYC');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7528485');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1978804');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','9697930');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','9XGHDVSLU1KTF5D');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','0TY5K1QPIS1P1QZ');
DeleteFile('C:\Users\работа\AppData\Roaming\Horoscope\ml2.py','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Horoscope');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amigo');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ShellExperienceHost');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\AdsService\Parameters','ServiceDll');
DeleteFile('C:\Users\работа\AppData\Local\AdService\AdService.dll','32');
DeleteFile('C:\Program Files (x86)\ZfJRwqLPhIE\kBoflUE.dll','32');
DeleteFile('C:\Program Files (x86)\kqEuPYMaU\nOnBlp.dll','32');
DeleteFile('C:\Users\работа\AppData\Roaming\Horoscope\app.py','32');
DeleteFile('C:\Users\работа\AppData\Roaming\okagncigkfokplmopeninonbibkmpogi\ml.py','32');
DeleteFile('C:\Users\работа\AppData\Local\Hostinstaller\478067544_monster.exe','32');
DeleteFile('C:\Windows\system32\Tasks\urlopener','64');
DeleteFile('C:\Windows\system32\Tasks\zjwPaeaadZaNwF','64');
DeleteFile('C:\Windows\system32\Tasks\{7D7E0547-087A-7809-0F11-0A0C0B08117A}','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code][list][*]Обратите внимание: будет выполнена [b]перезагрузка компьютера[/b].[/list]
Выполните скрипт в AVZ
[code]begin
CreateQurantineArchive('c:\quarantine.zip');
end.[/code][b]c:\quarantine.zip[/b] пришлите по красной ссылке [color="Red"][u][b]Прислать запрошенный карантин[/b][/u][/color] [b]над первым сообщением[/b] темы.
Скачайте [url=https://virusinfo.info/soft/tool.php?tool=ClearLNK]ClearLNK[/url] и сохраните архив с утилитой на Рабочем столе.
1. Распакуйте архив с утилитой в отдельную папку.
2. Перенесите [B]Check_Browsers_LNK.log[/B] из папки Autologger на ClearLNK как показано на рисунке
[img]https://dragokas.com/tools/move.gif[/img]
3. Отчет о работе [b]ClearLNK-<Дата>.log[/b] будет сохранен в папке [b]LOG[/b].
4. Прикрепите этот отчет к своему следующему сообщению.
[b][color="Red"]Пожалуйста, ЕЩЕ РАЗ запустите Autologger, прикрепите к следующему сообщению НОВЫЕ логи. [/color][/b]