браузер самопроизвольно открывается и открывает вкладки
Printable View
браузер самопроизвольно открывается и открывает вкладки
Уважаемый(ая) [B]evgeniinos[/B], спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].
[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
Запустите HijackThis, расположенный в папке Autologger и [url="http://virusinfo.info/showthread.php?t=4491"]пофиксите[/url] (в [B]Windows Vista/7/8/10[/B] необходимо запускать через правую кнопку мыши [B]Запуск от имени администратора)[/B]):[code]R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQU
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQU
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://mail.ru/cnt/10445?gp=821115
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQU
R1 - HKCU\Software\Microsoft\Internet Explorer\Main: [SearchAssistant] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQUNrP3splIaynXBVw,,&q={searchTerms}
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} [SuggestionsURL] = http://suggests.go.mail.ru/ie8?q={searchTerms} - Поиск@Mail.Ru
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} [URL] = http://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B7B6D9F9E-3582-40F6-800B-0A9AD0498D35%7D&gp=821116 - Поиск@Mail.Ru
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQUNrP3splIaynXBVw,,&q={searchTerms} - Search the web
O2 - HKLM\..\BHO: YoutubeAdBlock - {C0D38E5A-7CF8-4105-8FE8-31B81443A114} - C:\Program Files (x86)\oPjpQbAMIIE\tqTzFIFbp.dll
O2-32 - HKLM\..\BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\Pupsik\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
O2-32 - HKLM\..\BHO: YoutubeAdBlock - {C0D38E5A-7CF8-4105-8FE8-31B81443A114} - C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll
O4 - HKCU\..\Run: [4549267] = C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe /VERYSILENT (file missing)
O4 - HKCU\..\Run: [8972907] = C:\Users\Pupsik\AppData\Roaming\2btuzttitio\g3cfkgdwezd.exe /VERYSILENT
O4 - HKCU\..\Run: [9005909] = C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe /VERYSILENT (file missing)
O4 - MSConfig\startupreg: Y2MLG2LFTG70JR5 [command] = C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe (HKCU) (2018/04/16)
O4 - MSConfig\startupreg: iTunesHelper [command] = C:\Program Files\iTunes\iTunesHelper.exe (file missing) (HKLM) (2017/08/24)
O17 - HKLM\System\CCS\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.143.176
O17 - HKLM\System\CCS\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.143.176
O17 - HKLM\System\CCS\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.143.176
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.143.176
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.143.176
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [NameServer] = 82.163.142.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [NameServer] = 82.163.143.176
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.142.178
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.143.176
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.142.178
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.143.176
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.142.178
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.143.176
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.142.178
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.143.176
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.142.178
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.143.176
O17 - HKLM\System\ControlSet002\Services\Tcpip\Parameters: [NameServer] = 82.163.142.178
O17 - HKLM\System\ControlSet002\Services\Tcpip\Parameters: [NameServer] = 82.163.143.176[/code]
[url="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/url]:[code]begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe');
TerminateProcessByName('C:\Program Files (x86)\Script\908833.exe');
TerminateProcessByName('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe');
TerminateProcessByName('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe');
TerminateProcessByName('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe');
TerminateProcessByName('c:\programdata\dahjservice\dahjservice.exe');
TerminateProcessByName('c:\programdata\logic cramble\set.exe');
TerminateProcessByName('c:\programdata\prefssecure\nettrans.exe');
TerminateProcessByName('c:\programdata\yahoochrome_d\desktop174.exe');
TerminateProcessByName('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe');
TerminateProcessByName('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp');
TerminateProcessByName('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe');
TerminateProcessByName('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe');
TerminateProcessByName('C:\Windows\Temp\csrss.exe');
TerminateProcessByName('C:\Windows\Temp\svchost.exe');
StopService('backlh');
StopService('dahjService');
StopService('Nettrans');
StopService('saiyitechnology');
StopService('Windows');
QuarantineFile('C:\PROGRA~3\f2d18221\cf43db24.dll', '');
QuarantineFile('C:\Program Files (x86)\FpyEWGzDFWVVpLycIFR\oXbYAni.dll', '');
QuarantineFile('C:\Program Files (x86)\GYHHaWMnbkQU2\MqRtrzDsaVLTL.dll', '');
QuarantineFile('C:\Program Files (x86)\IUpWUBcycmhgC\rFnehUe.dll', '');
QuarantineFile('C:\Program Files (x86)\muZPPgwvU\qtzsVT.dll', '');
QuarantineFile('C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll', '');
QuarantineFile('C:\Program Files (x86)\oPjpQbAMIIE\TT0noN.dll', '');
QuarantineFile('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe', '');
QuarantineFile('C:\Program Files (x86)\Script\908833.exe', '');
QuarantineFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '');
QuarantineFile('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe', '');
QuarantineFile('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe', '');
QuarantineFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe', '');
QuarantineFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe', '');
QuarantineFile('C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe', '');
QuarantineFile('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe', '');
QuarantineFile('c:\programdata\dahjservice\dahjservice.exe', '');
QuarantineFile('c:\programdata\logic cramble\set.exe', '');
QuarantineFile('c:\programdata\prefssecure\nettrans.exe', '');
QuarantineFile('c:\programdata\yahoochrome_d\desktop174.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Local\B8F1A310-E7CB-74E4-84DB-3B7B2844256A\{CF43DB24-5905-3D92-3478-B277CEBE7649}..', '');
QuarantineFile('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe', '');
QuarantineFile('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp', '');
QuarantineFile('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe', '');
QuarantineFile('c:\users\pupsik\appdata\local\xservice\xservice.dll', '');
QuarantineFile('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\cpuminer\cpm.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\TOIfotMLQI.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe', '');
QuarantineFile('C:\Windows\System32\conhost.exe', '');
QuarantineFile('C:\Windows\Temp\csrss.exe', '');
QuarantineFile('C:\Windows\Temp\svchost.exe', '');
QuarantineFile('C:\Windows\Wpai.exe', '');
DeleteFile('C:\PROGRA~3\f2d18221\cf43db24.dll', '32');
DeleteFile('C:\Program Files (x86)\FpyEWGzDFWVVpLycIFR\oXbYAni.dll', '32');
DeleteFile('C:\Program Files (x86)\GYHHaWMnbkQU2\MqRtrzDsaVLTL.dll', '32');
DeleteFile('C:\Program Files (x86)\IUpWUBcycmhgC\rFnehUe.dll', '32');
DeleteFile('C:\Program Files (x86)\muZPPgwvU\qtzsVT.dll', '32');
DeleteFile('C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll', '32');
DeleteFile('C:\Program Files (x86)\oPjpQbAMIIE\TT0noN.dll', '32');
DeleteFile('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe', '32');
DeleteFile('C:\Program Files (x86)\Script\908833.exe', '32');
DeleteFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '32');
DeleteFile('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe', '32');
DeleteFile('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe', '32');
DeleteFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe', '32');
DeleteFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe', '32');
DeleteFile('C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe', '32');
DeleteFile('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe', '32');
DeleteFile('c:\programdata\dahjservice\dahjservice.exe', '32');
DeleteFile('c:\programdata\logic cramble\set.exe', '32');
DeleteFile('c:\programdata\prefssecure\nettrans.exe', '32');
DeleteFile('c:\programdata\yahoochrome_d\desktop174.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\B8F1A310-E7CB-74E4-84DB-3B7B2844256A\{CF43DB24-5905-3D92-3478-B277CEBE7649}..', '32');
DeleteFile('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe', '32');
DeleteFile('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\is-LKMM0.tmp\_isetup\_isdecmp.dll', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\is-LKMM0.tmp\idp.dll', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe', '32');
DeleteFile('c:\users\pupsik\appdata\local\xservice\xservice.dll', '32');
DeleteFile('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\cpuminer\cpm.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\TOIfotMLQI.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe', '32');
DeleteFile('C:\Windows\Temp\csrss.exe', '32');
DeleteFile('C:\Windows\Temp\svchost.exe', '32');
DeleteFile('C:\Windows\Wpai.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "{1352E3D2-AF45-4182-AA3E-FC6FB99F9897}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{7E0F7947-7F0B-0A78-7F11-0F0D7E7F110B}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{8FB8EF90-03CF-4A98-BFDC-DAD0FA842C18}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{E2750EB4-D448-47F6-B20B-ADC53E3A9D5E}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{E3B7CD6C-31BC-74AA-D8EA-B164EFE31F45}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "46F65358-17D4-8709-B853-EEF2F6029CB3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Checker64" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "KlAEYQtzmHgics" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "KlgKDPyHEeVbjwqnEgK2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "XeRTeJCMKPYXWyYqW2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "xRZOrQVCBWPMscb2" /F', 0, 15000, true);
DeleteService('backlh');
DeleteService('dahjService');
DeleteService('NativeDesktopMediaService');
DeleteService('Nettrans');
DeleteService('saiyitechnology');
DeleteService('Windows');
DeleteFileMask('c:\progra~3\f2d18221', '*', true);
DeleteFileMask('c:\program files (x86)\fpyewgzdfwvvplycifr', '*', true);
DeleteFileMask('c:\program files (x86)\gyhhawmnbkqu2', '*', true);
DeleteFileMask('c:\program files (x86)\iupwubcycmhgc', '*', true);
DeleteFileMask('c:\program files (x86)\muzppgwvu', '*', true);
DeleteFileMask('c:\program files (x86)\opjpqbamiie', '*', true);
DeleteFileMask('c:\program files (x86)\script', '*', true);
DeleteFileMask('c:\program files (x86)\yeadesktop', '*', true);
DeleteFileMask('c:\program files\6i5ybfzau7', '*', true);
DeleteFileMask('c:\program files\dfe2tcznci', '*', true);
DeleteFileMask('c:\program files\jetmedia', '*', true);
DeleteFileMask('c:\program files\krv1siuo0s', '*', true);
DeleteFileMask('c:\program files\xexvmf12d2', '*', true);
DeleteFileMask('c:\programdata\dahjservice', '*', true);
DeleteFileMask('c:\programdata\logic cramble', '*', true);
DeleteFileMask('c:\programdata\prefssecure', '*', true);
DeleteFileMask('c:\programdata\yahoochrome_d', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\b8f1a310-e7cb-74e4-84db-3b7b2844256a', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\temp\00009638', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\xservice', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\2btuzttitio', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\cpuminer', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\iabqw4tm0rn', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\xmp4jwgbnec', '*', true);
DeleteDirectory('c:\progra~3\f2d18221');
DeleteDirectory('c:\program files (x86)\fpyewgzdfwvvplycifr');
DeleteDirectory('c:\program files (x86)\gyhhawmnbkqu2');
DeleteDirectory('c:\program files (x86)\iupwubcycmhgc');
DeleteDirectory('c:\program files (x86)\muzppgwvu');
DeleteDirectory('c:\program files (x86)\opjpqbamiie');
DeleteDirectory('c:\program files (x86)\script');
DeleteDirectory('c:\program files (x86)\yeadesktop');
DeleteDirectory('c:\program files\6i5ybfzau7');
DeleteDirectory('c:\program files\dfe2tcznci');
DeleteDirectory('c:\program files\jetmedia');
DeleteDirectory('c:\program files\krv1siuo0s');
DeleteDirectory('c:\program files\xexvmf12d2');
DeleteDirectory('c:\programdata\dahjservice');
DeleteDirectory('c:\programdata\logic cramble');
DeleteDirectory('c:\programdata\prefssecure');
DeleteDirectory('c:\programdata\yahoochrome_d');
DeleteDirectory('c:\users\pupsik\appdata\local\b8f1a310-e7cb-74e4-84db-3b7b2844256a');
DeleteDirectory('c:\users\pupsik\appdata\local\temp\00009638');
DeleteDirectory('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp');
DeleteDirectory('c:\users\pupsik\appdata\local\xservice');
DeleteDirectory('c:\users\pupsik\appdata\roaming\2btuzttitio');
DeleteDirectory('c:\users\pupsik\appdata\roaming\cpuminer');
DeleteDirectory('c:\users\pupsik\appdata\roaming\iabqw4tm0rn');
DeleteDirectory('c:\users\pupsik\appdata\roaming\xmp4jwgbnec');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '4549267');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '8972907');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '9005909');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'msiql');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'OZUVTMCFGM2FCDI');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'VQ9ZT13V1WQ988W');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YeaDesktop');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZJLLWNFBSVROUPH');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Y2MLG2LFTG70JR5', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'cpuminer');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'jvzle0xskm1');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\WinService\Parameters', 'ServiceDll');
ExecuteRepair(2);
ExecuteRepair(4);
ExecuteRepair(3);
ExecuteRepair(21);
ExecuteFile('ipconfig.exe', '/flushdns', 0, 15000, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.[/code]Компьютер перезагрузится.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Скачайте утилиту Universal Virus Sniffer [URL="https://yadi.sk/d/6A65LkI1WEuqC"]отсюда[/URL] и [url=http://virusinfo.info/showthread.php?t=121767]сделайте полный образ автозапуска uVS[/url].