Здравствуйте, после загрузки ноутбука сразу всплывают очень много маленьких окон с названием 1111, ивсе виснет. Помогите решить проблему.
Printable View
Здравствуйте, после загрузки ноутбука сразу всплывают очень много маленьких окон с названием 1111, ивсе виснет. Помогите решить проблему.
Уважаемый(ая) [B]Oleksander[/B], спасибо за обращение на наш форум!
Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].
[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
Здравствуйте,
Удалите Lavasoft через установку программ в панели управления.
HiJackThis (из каталога [B]autologger[/B])[URL=http://virusinfo.info/showthread.php?t=4491&p=64376&viewfull=1#post64376]профиксить[/URL]
[B]Важно[/B]: необходимо отметить и профиксить [B]только[/B] то, что указано ниже.
[CODE]
O4 - HKCU\..\Run: [1986067] = C:\Users\Лиза\AppData\Roaming\g4cjxky3nqs\jxrojil1e2u.exe /VERYSILENT
O4 - HKCU\..\Run: [1ZWTZW1ZJ0CCZES] = C:\Program Files\6LTYCHYV5L\6LTYCHYV5.exe
O4 - HKCU\..\Run: [2173081] = C:\Users\Лиза\AppData\Roaming\hvnztay0gns\d3kaskpifhw.exe /VERYSILENT
O4 - HKCU\..\Run: [3943782] = C:\Users\Лиза\AppData\Roaming\g4tgcvufucz\ck1bp34xg43.exe /VERYSILENT
O4 - HKCU\..\Run: [4HZUVQ3MZBV6ELI] = C:\Program Files\LHMRRRQK8J\LHMRRRQK8.exe
O4 - HKCU\..\Run: [6215480] = C:\Users\Лиза\AppData\Roaming\av4oix1mcve\zc512abg0cu.exe /VERYSILENT
O4 - HKCU\..\Run: [8478U3JV6BMKHLQ] = C:\Program Files (x86)\kpkkuqpzebr\BY91E.exe
O4 - HKCU\..\Run: [8914149] = C:\Users\Лиза\AppData\Roaming\4i3lwhqkn0s\24meo2c4q1k.exe /VERYSILENT
O4 - HKCU\..\Run: [901812] = C:\Users\Лиза\AppData\Roaming\41gkrvwtilg\mqp2nasgyrl.exe /VERYSILENT
O4 - HKCU\..\Run: [9411864] = C:\Users\Лиза\AppData\Roaming\vyxme5bayi4\xkb4xh4vc3c.exe /VERYSILENT
O4 - HKCU\..\Run: [G46WZ8KBYXMC7RJ] = C:\Program Files\UI1F7YJWBC\UI1F7YJWB.exe
O4 - HKCU\..\Run: [GK35KQX8QACUMWK] = C:\Program Files\MJEBC7LHQ5\MJEBC7LHQ.exe
O4 - HKCU\..\Run: [JQIEHK4L1KJGALT] = C:\Program Files\AP6WPN1WKB\OWI5PTU08.exe
O4 - HKCU\..\Run: [SLH3WD9MOYKU02B] = C:\Program Files\SPJZUMEYA4\0VX3PXMAK.exe
O4 - HKCU\..\Run: [Web Companion] = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKCU\..\Run: [yaoffer50160] = C:\Users\Лиза\AppData\Local\yaoffer50160\yaoffer50160.exe --start --client:50160
O4 - HKCU\..\RunOnce: [AutoHot] = C:\Users\Лиза\AppData\Roaming\AutoHot.exe
O4 - HKCU\..\StartupApproved\Run: [bo0D+çAoTm.exe] = C:\Program Files\rempl\TAS38P088OISN7XGK1DXN4\bo0D+çAoTm.exe (2018/11/30)
O4 - HKLM\..\RunOnce: [50u0te0siil] = C:\Program Files (x86)\Motor\269795629.exe 1 3.1543509566.5c00163ed6858
O4 - HKLM\..\RunOnce: [OMEWPRODUCT_Z2E52] = C:\Program Files (x86)\kpkkuqpzebr\8R7UHEY03YRDTY5.exe
O4 - HKLM\..\RunOnce: [OMEWPRODUCT_] = C:\Program Files\rempl\TAS38P088OISN7XGK1DXN4\DUqçMR4XFd.exe
O4 - HKLM\..\RunOnce: [cjwcficklm5] = C:\Program Files (x86)\Motor\197064242.exe 1 3.1543509536.5c00162017b09
O22 - Task: (disabled) DESKTOP-PDLHDMA-29011 - C:\WINDOWS\SysWOW64\252162536520844.exe /i http://srlaten.com/2536520844 /q
O22 - Task: (disabled) GoogleUpdateService - C:\Program Files\Opera\54.0.2952.64\opera.exe http://relosoun.com (file missing)
O22 - Task: \Microsoft\Windows\Starter - C:\ProgramData\WindowsMenu\westat.exe /updatecheck
[/CODE]
AVZ [URL=http://virusinfo.info/showthread.php?t=7239&p=88804&viewfull=1#post88804]выполнить следующий скрипт[/URL].
Важно на ОС: Windows Vista/7/8/8.1 AVZ запускайте через контекстное меню проводника от имени Администратора.
[CODE]
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\users\72a9~1\appdata\local\temp\is-pr4lj.tmp\zc512abg0cu.tmp');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\av4oix1mcve\zc512abg0cu.exe');
TerminateProcessByName('c:\users\Лиза\appdata\local\yaoffer50160\yaoffer50160.exe');
TerminateProcessByName('c:\users\72a9~1\appdata\local\temp\is-k8g2h.tmp\xkb4xh4vc3c.tmp');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\vyxme5bayi4\xkb4xh4vc3c.exe');
TerminateProcessByName('c:\programdata\windowsmenu\westat.exe');
TerminateProcessByName('c:\program files (x86)\lavasoft\web companion\application\webcompanion.exe');
TerminateProcessByName('C:\Program Files\UI1F7YJWBC\UI1F7YJWB.exe');
TerminateProcessByName('C:\Program Files\AP6WPN1WKB\OWI5PTU08.exe');
TerminateProcessByName('c:\users\72a9~1\appdata\local\temp\is-k8g2i.tmp\mqp2nasgyrl.tmp');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\41gkrvwtilg\mqp2nasgyrl.exe');
TerminateProcessByName('C:\Program Files\MJEBC7LHQ5\MJEBC7LHQ.exe');
TerminateProcessByName('C:\Program Files\LHMRRRQK8J\LHMRRRQK8.exe');
TerminateProcessByName('c:\users\72a9~1\appdata\local\temp\is-p6rmj.tmp\jxrojil1e2u.tmp');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\g4cjxky3nqs\jxrojil1e2u.exe');
TerminateProcessByName('c:\users\72a9~1\appdata\local\temp\is-l06l0.tmp\d3kaskpifhw.tmp');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\hvnztay0gns\d3kaskpifhw.exe');
TerminateProcessByName('C:\Users\Лиза\AppData\Roaming\CRMSvc\CRMSvc.exe');
TerminateProcessByName('c:\program files (x86)\onesystemcare\cleanupconsole.exe');
TerminateProcessByName('c:\users\72a9~1\appdata\local\temp\is-bcs73.tmp\ck1bp34xg43.tmp');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\g4tgcvufucz\ck1bp34xg43.exe');
TerminateProcessByName('C:\Program Files (x86)\kpkkuqpzebr\BY91E.exe');
TerminateProcessByName('C:\Program Files\rempl\TAS38P088OISN7XGK1DXN4\bo0D+cAoTm.exe');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\autohot.exe');
TerminateProcessByName('C:\Program Files\6LTYCHYV5L\6LTYCHYV5.exe');
TerminateProcessByName('C:\Program Files (x86)\Motor\269795629.exe');
TerminateProcessByName('c:\users\72a9~1\appdata\local\temp\is-c04iv.tmp\24meo2c4q1k.tmp');
TerminateProcessByName('c:\users\Лиза\appdata\roaming\4i3lwhqkn0s\24meo2c4q1k.exe');
TerminateProcessByName('C:\Program Files (x86)\Motor\197064242.exe');
TerminateProcessByName('C:\Program Files\SPJZUMEYA4\0VX3PXMAK.exe');
StopService('CRMSvc');
StopService('localNETService');
StopService('WCAssistantService');
DeleteService('WCAssistantService');
DeleteService('CRMSvc');
QuarantineFile('c:\users\Лиза\appdata\roaming\av4oix1mcve\zc512abg0cu.exe','');
QuarantineFile('c:\users\Лиза\appdata\local\yaoffer50160\yaoffer50160.exe','');
QuarantineFile('c:\users\72a9~1\appdata\local\temp\is-k8g2h.tmp\xkb4xh4vc3c.tmp','');
QuarantineFile('c:\program files (x86)\lavasoft\web companion\application\webcompanion.exe','');
QuarantineFile('c:\users\Лиза\appdata\roaming\vyxme5bayi4\xkb4xh4vc3c.exe','');
QuarantineFile('c:\programdata\windowsmenu\westat.exe','');
QuarantineFile('C:\Program Files\UI1F7YJWBC\UI1F7YJWB.exe','');
QuarantineFile('C:\Program Files\AP6WPN1WKB\OWI5PTU08.exe','');
QuarantineFile('c:\users\72a9~1\appdata\local\temp\is-k8g2i.tmp\mqp2nasgyrl.tmp','');
QuarantineFile('c:\users\Лиза\appdata\roaming\41gkrvwtilg\mqp2nasgyrl.exe','');
QuarantineFile('C:\Program Files\LHMRRRQK8J\LHMRRRQK8.exe','');
QuarantineFile('c:\users\72a9~1\appdata\local\temp\is-p6rmj.tmp\jxrojil1e2u.tmp','');
QuarantineFile('c:\users\Лиза\appdata\roaming\g4cjxky3nqs\jxrojil1e2u.exe','');
QuarantineFile('c:\users\Лиза\appdata\roaming\hvnztay0gns\d3kaskpifhw.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\CRMSvc\CRMSvc.exe','');
QuarantineFile('c:\program files (x86)\onesystemcare\cleanupconsole.exe','');
QuarantineFile('C:\Program Files\MJEBC7LHQ5\MJEBC7LHQ.exe','');
QuarantineFile('c:\users\72a9~1\appdata\local\temp\is-bcs73.tmp\ck1bp34xg43.tmp','');
QuarantineFile('c:\users\Лиза\appdata\roaming\g4tgcvufucz\ck1bp34xg43.exe','');
QuarantineFile('C:\Program Files (x86)\kpkkuqpzebr\BY91E.exe','');
QuarantineFile('C:\Program Files\rempl\TAS38P088OISN7XGK1DXN4\bo0D+cAoTm.exe','');
QuarantineFile('c:\users\Лиза\appdata\roaming\autohot.exe','');
QuarantineFile('C:\Program Files\6LTYCHYV5L\6LTYCHYV5.exe','');
QuarantineFile('C:\Program Files (x86)\Motor\269795629.exe','');
QuarantineFile('c:\users\72a9~1\appdata\local\temp\is-c04iv.tmp\24meo2c4q1k.tmp','');
QuarantineFile('c:\users\Лиза\appdata\roaming\4i3lwhqkn0s\24meo2c4q1k.exe','');
QuarantineFile('C:\Program Files (x86)\Motor\197064242.exe','');
QuarantineFile('C:\Program Files\SPJZUMEYA4\0VX3PXMAK.exe','');
QuarantineFile('c:\users\72a9~1\appdata\local\temp\is-l06l0.tmp\d3kaskpifhw.tmp','');
QuarantineFile('C:\ProgramData\localNETService\localNETService.exe','');
QuarantineFile('C:\Users\Лиза\appdata\roaming\crmsvc\crmsvc.exe','');
QuarantineFile('C:\ProgramData\WindowsMenu\westat.exe','');
QuarantineFile('C:\WINDOWS\SysWOW64\252162536520844.exe','');
QuarantineFile('C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe','');
QuarantineFile('C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe','');
QuarantineFile('C:\Program Files (x86)\kpkkuqpzebr\8R7UHEY03YRDTY5.exe','');
QuarantineFile('C:\Program Files\rempl\TAS38P088OISN7XGK1DXN4\DUqcMR4XFd.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Local\Maurice\Maurice.dll','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\AutoHot.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\g4cjxky3nqs\jxrojil1e2u.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\4i3lwhqkn0s\24meo2c4q1k.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\hvnztay0gns\d3kaskpifhw.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\av4oix1mcve\zc512abg0cu.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\vyxme5bayi4\xkb4xh4vc3c.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\41gkrvwtilg\mqp2nasgyrl.exe','');
QuarantineFile('C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe','');
QuarantineFile('C:\Users\Лиза\AppData\Roaming\g4tgcvufucz\ck1bp34xg43.exe','');
QuarantineFile('C:\Program Files (x86)\bestDownloader\bestDownloader.exe','');
QuarantineFile('C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe','');
QuarantineFile('c:\users\72a9~1\appdata\local\temp\is-pr4lj.tmp\zc512abg0cu.tmp','');
DeleteFile('C:\Program Files\SPJZUMEYA4\0VX3PXMAK.exe','32');
DeleteFile('C:\Program Files (x86)\Motor\197064242.exe','32');
DeleteFile('c:\users\Лиза\appdata\roaming\4i3lwhqkn0s\24meo2c4q1k.exe','32');
DeleteFile('c:\users\72a9~1\appdata\local\temp\is-c04iv.tmp\24meo2c4q1k.tmp','32');
DeleteFile('C:\Program Files (x86)\Motor\269795629.exe','32');
DeleteFile('C:\Program Files\6LTYCHYV5L\6LTYCHYV5.exe','32');
DeleteFile('c:\users\Лиза\appdata\roaming\autohot.exe','32');
DeleteFile('C:\Program Files\rempl\TAS38P088OISN7XGK1DXN4\bo0D+cAoTm.exe','32');
DeleteFile('C:\Program Files (x86)\kpkkuqpzebr\BY91E.exe','32');
DeleteFile('c:\users\Лиза\appdata\roaming\g4tgcvufucz\ck1bp34xg43.exe','32');
DeleteFile('c:\users\72a9~1\appdata\local\temp\is-bcs73.tmp\ck1bp34xg43.tmp','32');
DeleteFile('c:\program files (x86)\onesystemcare\cleanupconsole.exe','32');
DeleteFile('C:\Users\Лиза\AppData\Roaming\CRMSvc\CRMSvc.exe','32');
DeleteFile('c:\users\Лиза\appdata\roaming\hvnztay0gns\d3kaskpifhw.exe','32');
DeleteFile('c:\users\72a9~1\appdata\local\temp\is-l06l0.tmp\d3kaskpifhw.tmp','32');
DeleteFile('c:\users\Лиза\appdata\roaming\g4cjxky3nqs\jxrojil1e2u.exe','32');
DeleteFile('c:\users\72a9~1\appdata\local\temp\is-p6rmj.tmp\jxrojil1e2u.tmp','32');
DeleteFile('C:\Program Files\LHMRRRQK8J\LHMRRRQK8.exe','32');
DeleteFile('C:\Program Files\MJEBC7LHQ5\MJEBC7LHQ.exe','32');
DeleteFile('c:\users\Лиза\appdata\roaming\41gkrvwtilg\mqp2nasgyrl.exe','32');
DeleteFile('c:\users\72a9~1\appdata\local\temp\is-k8g2i.tmp\mqp2nasgyrl.tmp','32');
DeleteFile('C:\Program Files\AP6WPN1WKB\OWI5PTU08.exe','32');
DeleteFile('C:\Program Files\UI1F7YJWBC\UI1F7YJWB.exe','32');
DeleteFile('c:\program files (x86)\lavasoft\web companion\application\webcompanion.exe','32');
DeleteFile('c:\programdata\windowsmenu\westat.exe','32');
DeleteFile('c:\users\Лиза\appdata\roaming\vyxme5bayi4\xkb4xh4vc3c.exe','32');
DeleteFile('c:\users\72a9~1\appdata\local\temp\is-k8g2h.tmp\xkb4xh4vc3c.tmp','32');
DeleteFile('c:\users\Лиза\appdata\local\yaoffer50160\yaoffer50160.exe','32');
DeleteFile('c:\users\Лиза\appdata\roaming\av4oix1mcve\zc512abg0cu.exe','32');
DeleteFile('c:\users\72a9~1\appdata\local\temp\is-pr4lj.tmp\zc512abg0cu.tmp','32');
DeleteFile('C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','bestDownloader');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','yaoffer50160');
DeleteFile('C:\Users\Лиза\AppData\Local\yaoffer50160\yaoffer50160.exe','32');
DeleteFile('C:\Program Files (x86)\bestDownloader\bestDownloader.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','8478U3JV6BMKHLQ');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3943782');
DeleteFile('C:\Users\Лиза\AppData\Roaming\g4tgcvufucz\ck1bp34xg43.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Web Companion');
DeleteFile('C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','901812');
DeleteFile('C:\Users\Лиза\AppData\Roaming\41gkrvwtilg\mqp2nasgyrl.exe','32');
DeleteFile('C:\Users\Лиза\AppData\Roaming\vyxme5bayi4\xkb4xh4vc3c.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','9411864');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1ZWTZW1ZJ0CCZES');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','JQIEHK4L1KJGALT');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SLH3WD9MOYKU02B');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','6215480');
DeleteFile('C:\Users\Лиза\AppData\Roaming\av4oix1mcve\zc512abg0cu.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GK35KQX8QACUMWK');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','G46WZ8KBYXMC7RJ');
DeleteFile('C:\Users\Лиза\AppData\Roaming\hvnztay0gns\d3kaskpifhw.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2173081');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','8914149');
DeleteFile('C:\Users\Лиза\AppData\Roaming\4i3lwhqkn0s\24meo2c4q1k.exe','32');
DeleteFile('C:\Users\Лиза\AppData\Roaming\g4cjxky3nqs\jxrojil1e2u.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1986067');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','4HZUVQ3MZBV6ELI');
DeleteFile('C:\Users\Лиза\AppData\Roaming\AutoHot.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\RunOnce','AutoHot');
DeleteFile('C:\Users\Лиза\AppData\Local\Maurice\Maurice.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\MicroV2Service\Parameters','ServiceDll');
DeleteFile('C:\Program Files\rempl\TAS38P088OISN7XGK1DXN4\DUqcMR4XFd.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_');
DeleteFile('C:\Program Files (x86)\kpkkuqpzebr\8R7UHEY03YRDTY5.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_Z2E52');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','cjwcficklm5');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','50u0te0siil');
DeleteFile('C:\WINDOWS\system32\Tasks\878ea8a7-270f-43f5-a6f1-891ced809b00','64');
DeleteFile('C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe','32');
DeleteFile('C:\WINDOWS\system32\Tasks\c72bbd3c-e675-4dc8-bafd-d9d89ffd1e13','64');
DeleteFile('C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe','32');
DeleteFile('C:\WINDOWS\system32\Tasks\DESKTOP-PDLHDMA-29011','64');
DeleteFile('C:\WINDOWS\system32\Tasks\GoogleUpdateService','64');
DeleteFile('C:\WINDOWS\SysWOW64\252162536520844.exe','32');
DeleteFile('C:\WINDOWS\system32\Tasks\Microsoft\Windows\Starter','64');
DeleteFile('C:\ProgramData\WindowsMenu\westat.exe','32');
DeleteFile('C:\Users\Лиза\appdata\roaming\crmsvc\crmsvc.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
[/CODE]
После выполнения скрипта компьютер перезагрузится.
После перезагрузки:
- Выполните в AVZ:
[CODE]
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
[/CODE]
Файл quarantine.zip из папки AVZ загрузите по ссылке "[B][COLOR="#FF0000"]Прислать запрошенный карантин[/COLOR][/B]" вверху темы.
- Подготовьте лог [URL="https://virusinfo.info/showthread.php?t=218752&p=1480546&viewfull=1#post1480546"]AdwCleaner[/URL] и приложите его в теме.