Выполните скрипт в AVZ:
Код:
begin
TerminateProcessByName('c:\program files (x86)\deal keeper\updatedealkeeper.exe');
TerminateProcessByName('c:\programdata\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe');
TerminateProcessByName('c:\users\Пелёнк\appdata\local\pay-by-ads\yahoo! search\1.3.12.4\dsrlte.exe');
TerminateProcessByName('C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe');
TerminateProcessByName('C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter64.exe');
TerminateProcessByName('c:\program files (x86)\deal keeper\bin\dealkeeper.browseradapter.exe');
TerminateProcessByName('c:\program files (x86)\deal keeper\bin\dealkeeper.boasprt.exe');
TerminateProcessByName('c:\program files (x86)\deal keeper\bin\dealkeeper.boashelper.exe');
TerminateProcessByName('c:\program files (x86)\deal keeper\bin\dealkeeper.boas.exe');
StopService('{55dce8ba-9dec-4013-937e-adbf9317d990}w64');
StopService('{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64');
StopService('{76152aee-de6d-453d-a8d8-6f11a0085df8}w64');
QuarantineFile('C:\Users\Пелёнк\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe','');
QuarantineFile('C:\windows\system32\drivers\{76152aee-de6d-453d-a8d8-6f11a0085df8}w64.sys','');
QuarantineFile('C:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys','');
QuarantineFile('C:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys','');
QuarantineFile('c:\program files (x86)\deal keeper\updatedealkeeper.exe','');
QuarantineFile('c:\programdata\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe','');
QuarantineFile('c:\users\Пелёнк\appdata\local\pay-by-ads\yahoo! search\1.3.12.4\dsrlte.exe','');
QuarantineFile('C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe','');
QuarantineFile('C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter64.exe','');
QuarantineFile('c:\program files (x86)\deal keeper\bin\dealkeeper.browseradapter.exe','');
QuarantineFile('c:\program files (x86)\deal keeper\bin\dealkeeper.boasprt.exe','');
QuarantineFile('c:\program files (x86)\deal keeper\bin\dealkeeper.boashelper.exe','');
QuarantineFile('c:\program files (x86)\deal keeper\bin\dealkeeper.boas.exe','');
DeleteFile('c:\program files (x86)\deal keeper\bin\dealkeeper.boas.exe','32');
DeleteFile('c:\program files (x86)\deal keeper\bin\dealkeeper.boashelper.exe','32');
DeleteFile('c:\program files (x86)\deal keeper\bin\dealkeeper.boasprt.exe','32');
DeleteFile('c:\program files (x86)\deal keeper\bin\dealkeeper.browseradapter.exe','32');
DeleteFile('C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter64.exe','32');
DeleteFile('C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe','32');
DeleteFile('c:\users\Пелёнк\appdata\local\pay-by-ads\yahoo! search\1.3.12.4\dsrlte.exe','32');
DeleteFile('c:\programdata\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe','32');
DeleteFile('c:\program files (x86)\deal keeper\updatedealkeeper.exe','32');
DeleteFile('C:\Program Files (x86)\Deal Keeper\bin\{76152aee-de6d-453d-a8d8-6f11a0085df8}.dll','32');
DeleteFile('C:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys','32');
DeleteFile('C:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys','32');
DeleteFile('C:\windows\system32\drivers\{76152aee-de6d-453d-a8d8-6f11a0085df8}w64.sys','32');
DeleteFile('C:\windows\system32\Tasks\ASP','64');
DeleteFile('C:\windows\system32\Tasks\Yahoo! Search','64');
DeleteFile('C:\Users\Пелёнк\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe','32');
DeleteFile('C:\windows\system32\Tasks\Yahoo! Search Udpater','64');
DeleteService('{55dce8ba-9dec-4013-937e-adbf9317d990}w64');
DeleteService('{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64');
DeleteService('{76152aee-de6d-453d-a8d8-6f11a0085df8}w64');
DeleteFileMask('c:\program files (x86)\deal keeper','*',true);
DeleteDirectory('c:\program files (x86)\deal keeper');
DeleteFileMask('C:\Users\Пелёнк\AppData\Local\Pay-By-Ads','*',true);
DeleteDirectory('C:\Users\Пелёнк\AppData\Local\Pay-By-Ads');
DeleteFileMask('c:\programdata\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8','*',true);
DeleteDirectory('c:\programdata\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8');
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
ExecuteWizard('SCU',2,2,true);
RebootWindows(true);
end.
Компьютер перезагрузится.
Выполните в AVZ скрипт:
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Выполните 2-й стандартный скрипт в AVZ и прикрепите к своему следующему сообщению файл virusinfo_syscheck.zip.
Сделайте лог AdwCleaner (by Xplode).