браузер самопроизвольно открывается и открывает вкладки
браузер самопроизвольно открывается и открывает вкладки
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) evgeniinos, спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Запустите HijackThis, расположенный в папке Autologger и пофиксите (в Windows Vista/7/8/10 необходимо запускать через правую кнопку мыши Запуск от имени администратора)):Выполните скрипт в AVZ:Код:R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQU R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQU R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://mail.ru/cnt/10445?gp=821115 R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQU R1 - HKCU\Software\Microsoft\Internet Explorer\Main: [SearchAssistant] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQUNrP3splIaynXBVw,,&q={searchTerms} R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} [SuggestionsURL] = http://suggests.go.mail.ru/ie8?q={searchTerms} - Поиск@Mail.Ru R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} [URL] = http://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B7B6D9F9E-3582-40F6-800B-0A9AD0498D35%7D&gp=821116 - Поиск@Mail.Ru R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlKdUMxBQUYM9J7QZAcPNk6V2ZtImM_UyJG8OV_s66m0QiQ0P94cGg0R9iSzkGaAQ6QGmlJu8ruvnjjrhk3D07WpuWQkjPdJKJ8wP0_0xxFkrtkzoAYekB_0bQpyyOLQBHs27X-pj8YhDwNYDGTyARc9vQUNrP3splIaynXBVw,,&q={searchTerms} - Search the web O2 - HKLM\..\BHO: YoutubeAdBlock - {C0D38E5A-7CF8-4105-8FE8-31B81443A114} - C:\Program Files (x86)\oPjpQbAMIIE\tqTzFIFbp.dll O2-32 - HKLM\..\BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\Pupsik\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll O2-32 - HKLM\..\BHO: YoutubeAdBlock - {C0D38E5A-7CF8-4105-8FE8-31B81443A114} - C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll O4 - HKCU\..\Run: [4549267] = C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe /VERYSILENT (file missing) O4 - HKCU\..\Run: [8972907] = C:\Users\Pupsik\AppData\Roaming\2btuzttitio\g3cfkgdwezd.exe /VERYSILENT O4 - HKCU\..\Run: [9005909] = C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe /VERYSILENT (file missing) O4 - MSConfig\startupreg: Y2MLG2LFTG70JR5 [command] = C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe (HKCU) (2018/04/16) O4 - MSConfig\startupreg: iTunesHelper [command] = C:\Program Files\iTunes\iTunesHelper.exe (file missing) (HKLM) (2017/08/24) O17 - HKLM\System\CCS\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.142.178 O17 - HKLM\System\CCS\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.143.176 O17 - HKLM\System\CCS\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.142.178 O17 - HKLM\System\CCS\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.143.176 O17 - HKLM\System\CCS\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.142.178 O17 - HKLM\System\CCS\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.143.176 O17 - HKLM\System\CCS\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.142.178 O17 - HKLM\System\CCS\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.143.176 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.142.178 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.143.176 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [NameServer] = 82.163.142.178 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [NameServer] = 82.163.143.176 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.142.178 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{461EA3A9-D342-40C4-874E-D4C1823B3CA7}: [NameServer] = 82.163.143.176 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.142.178 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{48D637F5-DA9D-437B-84BA-529CE862945B}: [NameServer] = 82.163.143.176 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.142.178 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{9130BDEE-5F20-4067-8FE3-83AA9F0F32B8}: [NameServer] = 82.163.143.176 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.142.178 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A5E127BE-3E47-419A-B56F-33E4E48E8816}: [NameServer] = 82.163.143.176 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.142.178 O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A9B80EA0-CD58-4964-8029-1274360CEB73}: [NameServer] = 82.163.143.176 O17 - HKLM\System\ControlSet002\Services\Tcpip\Parameters: [NameServer] = 82.163.142.178 O17 - HKLM\System\ControlSet002\Services\Tcpip\Parameters: [NameServer] = 82.163.143.176Компьютер перезагрузится.Код:begin ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); TerminateProcessByName('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe'); TerminateProcessByName('C:\Program Files (x86)\Script\908833.exe'); TerminateProcessByName('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe'); TerminateProcessByName('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe'); TerminateProcessByName('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe'); TerminateProcessByName('c:\programdata\dahjservice\dahjservice.exe'); TerminateProcessByName('c:\programdata\logic cramble\set.exe'); TerminateProcessByName('c:\programdata\prefssecure\nettrans.exe'); TerminateProcessByName('c:\programdata\yahoochrome_d\desktop174.exe'); TerminateProcessByName('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe'); TerminateProcessByName('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp'); TerminateProcessByName('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe'); TerminateProcessByName('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe'); TerminateProcessByName('C:\Windows\Temp\csrss.exe'); TerminateProcessByName('C:\Windows\Temp\svchost.exe'); StopService('backlh'); StopService('dahjService'); StopService('Nettrans'); StopService('saiyitechnology'); StopService('Windows'); QuarantineFile('C:\PROGRA~3\f2d18221\cf43db24.dll', ''); QuarantineFile('C:\Program Files (x86)\FpyEWGzDFWVVpLycIFR\oXbYAni.dll', ''); QuarantineFile('C:\Program Files (x86)\GYHHaWMnbkQU2\MqRtrzDsaVLTL.dll', ''); QuarantineFile('C:\Program Files (x86)\IUpWUBcycmhgC\rFnehUe.dll', ''); QuarantineFile('C:\Program Files (x86)\muZPPgwvU\qtzsVT.dll', ''); QuarantineFile('C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll', ''); QuarantineFile('C:\Program Files (x86)\oPjpQbAMIIE\TT0noN.dll', ''); QuarantineFile('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe', ''); QuarantineFile('C:\Program Files (x86)\Script\908833.exe', ''); QuarantineFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', ''); QuarantineFile('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe', ''); QuarantineFile('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe', ''); QuarantineFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe', ''); QuarantineFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe', ''); QuarantineFile('C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe', ''); QuarantineFile('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe', ''); QuarantineFile('c:\programdata\dahjservice\dahjservice.exe', ''); QuarantineFile('c:\programdata\logic cramble\set.exe', ''); QuarantineFile('c:\programdata\prefssecure\nettrans.exe', ''); QuarantineFile('c:\programdata\yahoochrome_d\desktop174.exe', ''); QuarantineFile('C:\Users\Pupsik\AppData\Local\B8F1A310-E7CB-74E4-84DB-3B7B2844256A\{CF43DB24-5905-3D92-3478-B277CEBE7649}..', ''); QuarantineFile('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe', ''); QuarantineFile('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp', ''); QuarantineFile('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe', ''); QuarantineFile('c:\users\pupsik\appdata\local\xservice\xservice.dll', ''); QuarantineFile('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe', ''); QuarantineFile('C:\Users\Pupsik\AppData\Roaming\cpuminer\cpm.exe', ''); QuarantineFile('C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe', ''); QuarantineFile('C:\Users\Pupsik\AppData\Roaming\TOIfotMLQI.exe', ''); QuarantineFile('C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe', ''); QuarantineFile('C:\Windows\System32\conhost.exe', ''); QuarantineFile('C:\Windows\Temp\csrss.exe', ''); QuarantineFile('C:\Windows\Temp\svchost.exe', ''); QuarantineFile('C:\Windows\Wpai.exe', ''); DeleteFile('C:\PROGRA~3\f2d18221\cf43db24.dll', '32'); DeleteFile('C:\Program Files (x86)\FpyEWGzDFWVVpLycIFR\oXbYAni.dll', '32'); DeleteFile('C:\Program Files (x86)\GYHHaWMnbkQU2\MqRtrzDsaVLTL.dll', '32'); DeleteFile('C:\Program Files (x86)\IUpWUBcycmhgC\rFnehUe.dll', '32'); DeleteFile('C:\Program Files (x86)\muZPPgwvU\qtzsVT.dll', '32'); DeleteFile('C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll', '32'); DeleteFile('C:\Program Files (x86)\oPjpQbAMIIE\TT0noN.dll', '32'); DeleteFile('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe', '32'); DeleteFile('C:\Program Files (x86)\Script\908833.exe', '32'); DeleteFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '32'); DeleteFile('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe', '32'); DeleteFile('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe', '32'); DeleteFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe', '32'); DeleteFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe', '32'); DeleteFile('C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe', '32'); DeleteFile('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe', '32'); DeleteFile('c:\programdata\dahjservice\dahjservice.exe', '32'); DeleteFile('c:\programdata\logic cramble\set.exe', '32'); DeleteFile('c:\programdata\prefssecure\nettrans.exe', '32'); DeleteFile('c:\programdata\yahoochrome_d\desktop174.exe', '32'); DeleteFile('C:\Users\Pupsik\AppData\Local\B8F1A310-E7CB-74E4-84DB-3B7B2844256A\{CF43DB24-5905-3D92-3478-B277CEBE7649}..', '32'); DeleteFile('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe', '32'); DeleteFile('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp', '32'); DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\is-LKMM0.tmp\_isetup\_isdecmp.dll', '32'); DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\is-LKMM0.tmp\idp.dll', '32'); DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe', '32'); DeleteFile('c:\users\pupsik\appdata\local\xservice\xservice.dll', '32'); DeleteFile('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe', '32'); DeleteFile('C:\Users\Pupsik\AppData\Roaming\cpuminer\cpm.exe', '32'); DeleteFile('C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe', '32'); DeleteFile('C:\Users\Pupsik\AppData\Roaming\TOIfotMLQI.exe', '32'); DeleteFile('C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe', '32'); DeleteFile('C:\Windows\Temp\csrss.exe', '32'); DeleteFile('C:\Windows\Temp\svchost.exe', '32'); DeleteFile('C:\Windows\Wpai.exe', '32'); ExecuteFile('schtasks.exe', '/delete /TN "{1352E3D2-AF45-4182-AA3E-FC6FB99F9897}" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "{7E0F7947-7F0B-0A78-7F11-0F0D7E7F110B}" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "{8FB8EF90-03CF-4A98-BFDC-DAD0FA842C18}" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "{E2750EB4-D448-47F6-B20B-ADC53E3A9D5E}" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "{E3B7CD6C-31BC-74AA-D8EA-B164EFE31F45}" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "46F65358-17D4-8709-B853-EEF2F6029CB3" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Checker64" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "KlAEYQtzmHgics" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "KlgKDPyHEeVbjwqnEgK2" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "XeRTeJCMKPYXWyYqW2" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "xRZOrQVCBWPMscb2" /F', 0, 15000, true); DeleteService('backlh'); DeleteService('dahjService'); DeleteService('NativeDesktopMediaService'); DeleteService('Nettrans'); DeleteService('saiyitechnology'); DeleteService('Windows'); DeleteFileMask('c:\progra~3\f2d18221', '*', true); DeleteFileMask('c:\program files (x86)\fpyewgzdfwvvplycifr', '*', true); DeleteFileMask('c:\program files (x86)\gyhhawmnbkqu2', '*', true); DeleteFileMask('c:\program files (x86)\iupwubcycmhgc', '*', true); DeleteFileMask('c:\program files (x86)\muzppgwvu', '*', true); DeleteFileMask('c:\program files (x86)\opjpqbamiie', '*', true); DeleteFileMask('c:\program files (x86)\script', '*', true); DeleteFileMask('c:\program files (x86)\yeadesktop', '*', true); DeleteFileMask('c:\program files\6i5ybfzau7', '*', true); DeleteFileMask('c:\program files\dfe2tcznci', '*', true); DeleteFileMask('c:\program files\jetmedia', '*', true); DeleteFileMask('c:\program files\krv1siuo0s', '*', true); DeleteFileMask('c:\program files\xexvmf12d2', '*', true); DeleteFileMask('c:\programdata\dahjservice', '*', true); DeleteFileMask('c:\programdata\logic cramble', '*', true); DeleteFileMask('c:\programdata\prefssecure', '*', true); DeleteFileMask('c:\programdata\yahoochrome_d', '*', true); DeleteFileMask('c:\users\pupsik\appdata\local\b8f1a310-e7cb-74e4-84db-3b7b2844256a', '*', true); DeleteFileMask('c:\users\pupsik\appdata\local\temp\00009638', '*', true); DeleteFileMask('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp', '*', true); DeleteFileMask('c:\users\pupsik\appdata\local\xservice', '*', true); DeleteFileMask('c:\users\pupsik\appdata\roaming\2btuzttitio', '*', true); DeleteFileMask('c:\users\pupsik\appdata\roaming\cpuminer', '*', true); DeleteFileMask('c:\users\pupsik\appdata\roaming\iabqw4tm0rn', '*', true); DeleteFileMask('c:\users\pupsik\appdata\roaming\xmp4jwgbnec', '*', true); DeleteDirectory('c:\progra~3\f2d18221'); DeleteDirectory('c:\program files (x86)\fpyewgzdfwvvplycifr'); DeleteDirectory('c:\program files (x86)\gyhhawmnbkqu2'); DeleteDirectory('c:\program files (x86)\iupwubcycmhgc'); DeleteDirectory('c:\program files (x86)\muzppgwvu'); DeleteDirectory('c:\program files (x86)\opjpqbamiie'); DeleteDirectory('c:\program files (x86)\script'); DeleteDirectory('c:\program files (x86)\yeadesktop'); DeleteDirectory('c:\program files\6i5ybfzau7'); DeleteDirectory('c:\program files\dfe2tcznci'); DeleteDirectory('c:\program files\jetmedia'); DeleteDirectory('c:\program files\krv1siuo0s'); DeleteDirectory('c:\program files\xexvmf12d2'); DeleteDirectory('c:\programdata\dahjservice'); DeleteDirectory('c:\programdata\logic cramble'); DeleteDirectory('c:\programdata\prefssecure'); DeleteDirectory('c:\programdata\yahoochrome_d'); DeleteDirectory('c:\users\pupsik\appdata\local\b8f1a310-e7cb-74e4-84db-3b7b2844256a'); DeleteDirectory('c:\users\pupsik\appdata\local\temp\00009638'); DeleteDirectory('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp'); DeleteDirectory('c:\users\pupsik\appdata\local\xservice'); DeleteDirectory('c:\users\pupsik\appdata\roaming\2btuzttitio'); DeleteDirectory('c:\users\pupsik\appdata\roaming\cpuminer'); DeleteDirectory('c:\users\pupsik\appdata\roaming\iabqw4tm0rn'); DeleteDirectory('c:\users\pupsik\appdata\roaming\xmp4jwgbnec'); DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '4549267'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '8972907'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '9005909'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'msiql'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'OZUVTMCFGM2FCDI'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'VQ9ZT13V1WQ988W'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YeaDesktop'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZJLLWNFBSVROUPH'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Y2MLG2LFTG70JR5', 'command'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'cpuminer'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'jvzle0xskm1'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\WinService\Parameters', 'ServiceDll'); ExecuteRepair(2); ExecuteRepair(4); ExecuteRepair(3); ExecuteRepair(21); ExecuteFile('ipconfig.exe', '/flushdns', 0, 15000, true); CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip'); ExecuteSysClean; ExecuteWizard('SCU', 2, 2, true); RebootWindows(true); end.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Скачайте утилиту Universal Virus Sniffer отсюда и сделайте полный образ автозапуска uVS.
WBR,
Vadim
Ваши права в разделе
Ответить с цитированием
