Выполните скрипт в AVZ
Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\torrent search\toolbar32.dll','');
QuarantineFile('C:\Program Files\torrent search\sv9l6uopyr.exe','');
QuarantineFile('C:\Program Files\torrent search\interfaces32.dll','');
QuarantineFile('C:\Program Files\torrent search\basement\extensionupdaterservice.exe','');
QuarantineFile('C:\Program Files\torrent search\backgroundsingleton.exe','');
QuarantineFile('C:\Program Files\Torrent Search\Sv9l6UOpyR.exe','');
QuarantineFile('C:\PROGRA~1\OPERAH~1\OPERA_~1.EXE','');
DelBHO('{44627DAE-18B6-4ABC-8B22-13979EDFC56D}');
DelBHO('{05EB6920-D8AD-4350-BEF1-4F7107F70431}');
QuarantineFile('C:\Program Files\Torrent Search\Toolbar32.dll','');
QuarantineFile('C:\Documents and Settings\User\Application Data\cppredistx86.exe','');
DeleteService('QMUdisk');
DeleteService('TS888');
QuarantineFile('C:\Documents and Settings\User\Local Settings\Application Data\FFFFFFFF-1424768485-FFFF-FFFF-FFFFFFFFFFFF\snsfC3.tmp','');
QuarantineFile('C:\Documents and Settings\User\Application Data\FFFFFFFF-1424768297-FFFF-FFFF-FFFFFFFFFFFF\jnsuAE.tmp','');
QuarantineFile('C:\Documents and Settings\User\Application Data\FFFFFFFF-1424768297-FFFF-FFFF-FFFFFFFFFFFF\nsw99.tmpfs','');
DeleteService('hurygire');
DeleteService('bomujope');
DeleteService('tykeziro');
DeleteFile('C:\Documents and Settings\User\Application Data\FFFFFFFF-1424768297-FFFF-FFFF-FFFFFFFFFFFF\nsw99.tmpfs','32');
DeleteFile('C:\Documents and Settings\User\Application Data\FFFFFFFF-1424768297-FFFF-FFFF-FFFFFFFFFFFF\jnsuAE.tmp','32');
DeleteFile('C:\Documents and Settings\User\Local Settings\Application Data\FFFFFFFF-1424768485-FFFF-FFFF-FFFFFFFFFFFF\snsfC3.tmp','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\TS888.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\QMUdisk.sys','32');
DeleteFile('C:\Documents and Settings\User\Application Data\cppredistx86.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Visual C++ 2010','command');
DeleteFile('C:\Program Files\Torrent Search\Toolbar32.dll','32');
DeleteFile('C:\Program Files\Torrent Search\Sv9l6UOpyR.exe','32');
DeleteFile('C:\windows\Tasks\Update Service for Torrent Search.job','32');
DeleteFile('C:\windows\Tasks\Update Service for Torrent Search2.job','32');
DeleteFile('C:\Program Files\torrent search\backgroundsingleton.exe','32');
DeleteFile('C:\Program Files\torrent search\basement\extensionupdaterservice.exe','32');
DeleteFile('C:\Program Files\torrent search\interfaces32.dll','32');
DeleteFile('C:\Program Files\torrent search\sv9l6uopyr.exe','32');
DeleteFile('C:\Program Files\torrent search\toolbar32.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин над первым сообщением темы.
Сделайте новые логи по правилам