- Пофиксите в HijackThis:
Код:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=119357&tt=gc_&babsrc=HP_ss_wls_sps&mntrId=76645404A6B1D62D
O2 - BHO: BrowwSe2savee - {F3DEF137-D28A-AA4A-5D02-FB420A253FA3} - (no file)
- Выполните в АВЗ:
Код:
begin
ClearQuarantine;
TerminateProcessByName('c:\users\user\appdata\roaming\searchprotect\bin\cltmng.exe');
QuarantineFile('C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe','');
QuarantineFile('C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe','');
QuarantineFile('C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe','');
QuarantineFile('c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll','');
QuarantineFile('c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll','');
QuarantineFile('c:\users\user\appdata\roaming\searchprotect\bin\cltmng.exe','');
DeleteFile('c:\users\user\appdata\roaming\searchprotect\bin\cltmng.exe','32');
DeleteFile('C:\Program Files (x86)\Mozilla Firefox\firefox.url','32');
DeleteFile('c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll','32');
DeleteFile('c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll','32');
DeleteFile('C:\Windows\system32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job','64');
DeleteFile('C:\Windows\system32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job','64');
DeleteFile('C:\Windows\system32\Tasks\OptimizerPro1UpdaterTask{2F277397-9E05-4429-95B7-53D780D4A878}.job','64');
DeleteFile('C:\Windows\system32\Tasks\schedule!3036567561.job','64');
DeleteFile('C:\Windows\system32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\BonanzaDealsUpdate','64');
DeleteFile('C:\Windows\system32\Tasks\OptimizerPro1UpdaterTask{2F277397-9E05-4429-95B7-53D780D4A878}','64');
DeleteFile('C:\Windows\system32\Tasks\schedule!3036567561','64');
DeleteFile('C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe','32');
DeleteFile('C:\ProgramData\Premium\OptimizerPro1\profile.ini','32');
DeleteFile('C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe','32');
DeleteFile('C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe','32');
DeleteFile('c:\programdata\bettersoft\optimizerpro\3036567561.ini','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SearchProtect');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','SearchProtect');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','SearchProtect');
DeleteFileMask('c:\programdata\bettersoft','*',true);
DeleteFileMask('C:\ProgramData\Premium','*',true);
DeleteFileMask('C:\Program Files (x86)\BonanzaDealsLive','*',true);
DeleteFileMask('c:\progra~3\bitguard','*',true);
DeleteFileMask('c:\users\user\appdata\roaming\searchprotect','*',true);
DeleteDirectory('c:\programdata\bettersoft');
DeleteDirectory('C:\ProgramData\Premium');
DeleteDirectory('C:\Program Files (x86)\BonanzaDealsLive');
DeleteDirectory('c:\progra~3\bitguard');
DeleteDirectory('c:\users\user\appdata\roaming\searchprotect');
ExecuteSysClean;
RebootWindows(true);
end.
Компьютер перезагрузится
После перезагрузки:
- Выполните в АВЗ:
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Файл quarantine.zip из папки AVZ загрузите по ссылке "Прислать запрошенный карантин" вверху темы.
- Сделайте лог AdwCleaner