Не надо грузить логи в карантин, только и всего.
Выполните скрипт в AVZ из папки Autologger:
Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFile('C:\Program Files (x86)\Common Files\AppDownloads\{3049408A-BBA6-43E8-9A23-F47DC52582C8}.exe', '');
QuarantineFile('C:\Program Files (x86)\Common Files\AppDownloads\{C416D463-61C1-4392-9F84-C634F7F7A785}.exe', '');
QuarantineFile('C:\Users\Домашний\AppData\Local\Microsoft\Windows\svhost.vbs', '');
QuarantineFile('C:\Windows\SysWow64\WinVDEdrv6.sys', '');
DeleteFile('C:\Program Files (x86)\Common Files\AppDownloads\{3049408A-BBA6-43E8-9A23-F47DC52582C8}.exe', '64');
DeleteFile('C:\Program Files (x86)\Common Files\AppDownloads\{C416D463-61C1-4392-9F84-C634F7F7A785}.exe', '64');
DeleteFile('C:\Program Files\Bonjour\mDNSResponder.exe', '64');
DeleteFile('C:\Program Files\DrWeb\drwmsg.dll', '64');
DeleteFile('C:\Users\Домашний\AppData\Local\Microsoft\Windows\svhost.vbs', '64');
DeleteFile('C:\Windows\SysWow64\WinVDEdrv6.sys', '64');
DeleteFile('D:\Program Files (x86)\Google\Picasa3\Picasa3.exe', '64');
DeleteService('NEWDRIVER');
DeleteFileMask('c:\program files (x86)\common files\appdownloads', '*', true);
DeleteDirectory('c:\program files (x86)\common files\appdownloads');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Java SATARaid.lnk', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SATARaid5Manager.lnk', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SPDriverInstall.lnk', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Домашний^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Отправка в OneNote.lnk', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Manager', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameCenter', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Intense Registry Service', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QIP2005', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\World of Tanks', 'x64');
DeleteSchedulerTask('{043E3DFD-B3ED-4C5D-8AC7-04D63B549654}');
DeleteSchedulerTask('{05652D30-0BA4-41BC-9C1D-CDFED3854D62}');
DeleteSchedulerTask('{0834A0D4-73E5-44A2-86F7-F21B58279B2A}');
DeleteSchedulerTask('{08AC755B-BC0B-4323-82E1-C03E07EABAC1}');
DeleteSchedulerTask('{09ACF272-7606-461D-AB32-07DA6BBF8448}');
DeleteSchedulerTask('{0B4E384E-0591-41D9-960A-00668230B7B4}');
DeleteSchedulerTask('{0BD5722A-EA1A-4B07-9E78-7BA04EC05D78}');
DeleteSchedulerTask('{1281DCEF-4C82-46E5-BB8A-D9984D7483D9}');
DeleteSchedulerTask('{12DCB928-8A0D-44FE-AF76-57DFB716DBD0}');
DeleteSchedulerTask('{130ADB11-470C-4494-9727-BF50653C3875}');
DeleteSchedulerTask('{149E3173-1A2A-42B1-B3E2-979E1A6468D8}');
DeleteSchedulerTask('{1672E8F7-66BF-43D0-ABD4-38E2D61F5CB6}');
DeleteSchedulerTask('{192386DB-1954-4FA3-AB10-BC36F71A9C5B}');
DeleteSchedulerTask('{1AD8A4D9-550F-4AC4-A2C3-7F30C219F464}');
DeleteSchedulerTask('{1B32366B-2DA1-4529-BC1A-886FCF8120B4}');
DeleteSchedulerTask('{1B5D959F-94D1-4CBF-988A-4BAFB3EEEDBC}');
DeleteSchedulerTask('{1C6F1F17-B5B2-48D8-A77D-330088AC354A}');
DeleteSchedulerTask('{1DE437F9-17BB-4253-B3E1-66039D506CE8}');
DeleteSchedulerTask('{20A6BB6E-BAB1-494B-BE33-E27B1DC920D0}');
DeleteSchedulerTask('{281F860A-2C58-4724-A068-FB9C779BBAB5}');
DeleteSchedulerTask('{28D33A14-04D4-4055-9B99-D6670475061B}');
DeleteSchedulerTask('{2BD10B53-088E-4E8B-B7BF-C68FD2AA0CBB}');
DeleteSchedulerTask('{2C42297A-AF61-46DA-A911-A8D2FA5C9557}');
DeleteSchedulerTask('{2C6C22A4-EEFF-4BAA-B654-4DDF28C9AE4A}');
DeleteSchedulerTask('{2CF229F0-B10E-40DF-A288-C3A13920F326}');
DeleteSchedulerTask('{2E262C3D-DF20-4E0A-ADC0-CB30FCEA3F9A}');
DeleteSchedulerTask('{2E8C1290-2D49-43E3-9B4B-A8FE6EDDAD87}');
DeleteSchedulerTask('{2FB7F8C6-0985-4A84-8B1E-D42E7192F2A7}');
DeleteSchedulerTask('{2FD18329-B6A2-4BBF-B72B-1CF41DF67BBD}');
DeleteSchedulerTask('{3049408A-BBA6-43E8-9A23-F47DC52582C8}');
DeleteSchedulerTask('{39CD7220-C452-4391-B792-E59913785235}');
DeleteSchedulerTask('{39F2A7DB-5C4E-476A-8F25-D43F8067DE67}');
DeleteSchedulerTask('{4B18D0A9-CB8E-445B-990A-77E2E18EBA0D}');
DeleteSchedulerTask('{4FCC272B-01C7-4F80-A675-243275ED6A99}');
DeleteSchedulerTask('{50C1513C-2D26-4487-AD7D-AABBDBE0DF7A}');
DeleteSchedulerTask('{50FFA3F6-37FD-47C1-B7F7-8728BEFC6F24}');
DeleteSchedulerTask('{53CF10A4-5042-4E7D-98C5-9E87FD876711}');
DeleteSchedulerTask('{54082711-48D9-4B23-80B8-E3EBCAA1BC99}');
DeleteSchedulerTask('{56BEE9FF-E765-489E-922B-5F52DB565D59}');
DeleteSchedulerTask('{58D1B224-3821-425D-AD0E-DA6135D7E45A}');
DeleteSchedulerTask('{59CE2040-07BC-49FB-B571-91FF2DB139E8}');
DeleteSchedulerTask('{5C8F075F-AD6F-43C4-9C39-86695425AE87}');
DeleteSchedulerTask('{5CB4EBC9-D58D-4DBE-9D53-5E1177B0167A}');
DeleteSchedulerTask('{62B8C76A-86A9-4611-9B80-C2E8B7A136F0}');
DeleteSchedulerTask('{64D3E6C7-AA30-4B1E-9042-4AF377C36C5A}');
DeleteSchedulerTask('{6673AA5F-5E51-4570-9F25-C26AB451693D}');
DeleteSchedulerTask('{6B1B6812-D6B3-4980-93BE-F6FD8CFE37EA}');
DeleteSchedulerTask('{6CFF9C0D-BC06-4923-AE36-878B3FCD98C8}');
DeleteSchedulerTask('{6E8BF950-ACED-4590-959D-89A0330AEE52}');
DeleteSchedulerTask('{6F83C012-033E-4CA1-A18E-B0AB4A82B1B5}');
DeleteSchedulerTask('{703299CC-538B-4525-9526-7080F4AF0BAB}');
DeleteSchedulerTask('{70897E8D-F1DB-4490-8E44-18184A7C4348}');
DeleteSchedulerTask('{73E81578-FF5D-48A7-88E9-5C57ED130D1F}');
DeleteSchedulerTask('{73F5EB8D-5DD5-4120-BE09-4BBF60515614}');
DeleteSchedulerTask('{75C9C3EC-5BD4-45FB-8ACC-C39CB0424490}');
DeleteSchedulerTask('{797F3197-5320-49C4-BB38-E8602739116B}');
DeleteSchedulerTask('{7A2E25FF-2388-431C-A51B-942A7DA247E2}');
DeleteSchedulerTask('{7CFF894C-B49C-4868-8ACE-20675359CB61}');
DeleteSchedulerTask('{7EE91B7A-DCD1-4C3A-9A67-50172DB33DEF}');
DeleteSchedulerTask('{85F294E6-84AD-4866-8880-8190FF81CD67}');
DeleteSchedulerTask('{87E208AB-5E1B-473F-B46E-CED8E1759F82}');
DeleteSchedulerTask('{8AF3AE8E-3302-4F34-BD18-BC48738B8946}');
DeleteSchedulerTask('{8B725BFD-CAA4-47E0-B09A-C205B64E887C}');
DeleteSchedulerTask('{8CB202AA-52B3-409E-8278-418326D3E440}');
DeleteSchedulerTask('{8EDE72D0-3F8D-4C89-BC9D-EFEC33C18145}');
DeleteSchedulerTask('{9557F70B-78AC-4C2F-959D-2B8704C26BB6}');
DeleteSchedulerTask('{95BB3EA6-50F0-4D6B-AEF4-8F76CC834636}');
DeleteSchedulerTask('{9BC575AE-E110-4D2A-AA46-6CC464A825ED}');
DeleteSchedulerTask('{9BD615EB-4F39-4134-A8C4-C844BFA17E7B}');
DeleteSchedulerTask('{A26D2E06-264A-4C6C-B42A-7DB7C23A9296}');
DeleteSchedulerTask('{A2F086F1-8EED-4280-8B1D-ED5BC70C1BD9}');
DeleteSchedulerTask('{A34328F3-8F98-4C2D-B990-D49DAF906668}');
DeleteSchedulerTask('{A3915319-07FF-4E4D-8A3D-21DAD0294B9F}');
DeleteSchedulerTask('{A3F3921C-F644-464B-A63C-40534C5980FF}');
DeleteSchedulerTask('{A4FD95E5-7A07-43E4-B0F8-37FAD7155597}');
DeleteSchedulerTask('{A7E6F3CF-0500-445C-95BD-E416066C86FA}');
DeleteSchedulerTask('{AA21CC4A-13ED-4095-9525-FD716D871DED}');
DeleteSchedulerTask('{AAC8D1B3-62BE-4F87-92B0-47FAE53DF98C}');
DeleteSchedulerTask('{ABB814E6-B204-4663-9FEC-DEF6F4D12EDD}');
DeleteSchedulerTask('{ABF7F0A0-5918-48C9-A6FA-175FD6526AE3}');
DeleteSchedulerTask('{ADBCECD1-75B1-48D2-9CF4-DA9EAD1D10BF}');
DeleteSchedulerTask('{B0081F67-B46E-4AEB-8E57-2EFD5424E926}');
DeleteSchedulerTask('{B088F307-099D-4E74-9109-BF308BE66589}');
DeleteSchedulerTask('{B4645D7D-DE86-4119-B750-29996E8BA6CE}');
DeleteSchedulerTask('{B5B03D34-438A-4599-81F0-C9A6E897ACFE}');
DeleteSchedulerTask('{B818823C-E46D-435A-9132-2E670C23E583}');
DeleteSchedulerTask('{B95E535A-C60F-440E-9CB2-AC0B4B0DB4ED}');
DeleteSchedulerTask('{BA2D23C8-1883-4910-914A-A72E31414456}');
DeleteSchedulerTask('{BE71C094-CA4E-4E22-A5E3-CF0C7FDB38DB}');
DeleteSchedulerTask('{C12558BB-DFA4-4F85-832F-827B54AE9BCF}');
DeleteSchedulerTask('{C13CA7F8-DE1A-46B7-9F84-01FC5743C0A9}');
DeleteSchedulerTask('{C2BAAC06-8C8A-459B-9879-AEF4A9049FDC}');
DeleteSchedulerTask('{C416D463-61C1-4392-9F84-C634F7F7A785}');
DeleteSchedulerTask('{C849F8A9-37B7-44C8-91A6-285A506C82BB}');
DeleteSchedulerTask('{C96225BE-6E2D-44B2-A03B-1AFF90547A74}');
DeleteSchedulerTask('{C978D438-978D-4EBC-A7B3-D54751BB083F}');
DeleteSchedulerTask('{CA0C65F4-6F4B-4DA5-9832-9216FA0FC1AA}');
DeleteSchedulerTask('{CB7B474D-D341-442B-BAD2-22C28F9D6A93}');
DeleteSchedulerTask('{CED4186F-82C7-44E1-99A3-D3B61B3F322E}');
DeleteSchedulerTask('{CED72C9F-6387-4645-9075-67686E2FD91C}');
DeleteSchedulerTask('{D52E0B35-6EC3-4038-B488-43ED33E2DA6A}');
DeleteSchedulerTask('{D86E9477-5186-4CF8-B5AD-143F695481EF}');
DeleteSchedulerTask('{D8DD480A-AEE4-4CFA-B584-1D52C9FFA58D}');
DeleteSchedulerTask('{DA026FB6-649E-4D43-8FBF-911B0A717C61}');
DeleteSchedulerTask('{DABCA27A-84CB-490B-9EDC-726617CE3EBE}');
DeleteSchedulerTask('{DFB3B830-95A3-4430-80DE-9244EA5DDA44}');
DeleteSchedulerTask('{E0660504-8F1E-481A-BDC0-914523684906}');
DeleteSchedulerTask('{E0F19D2E-97DE-412F-BDCC-1A7274011FC1}');
DeleteSchedulerTask('{E10295BC-5F69-4C90-82BD-56ECA5170B97}');
DeleteSchedulerTask('{E3D676EA-66FA-4F39-A26C-3959525FC25B}');
DeleteSchedulerTask('{E4A1FD53-8C51-4C88-A2A8-82F62B2CC75A}');
DeleteSchedulerTask('{E6747932-FA1A-4E0A-89DC-9D0076420DBF}');
DeleteSchedulerTask('{EA971F3A-02AA-4322-982A-C1EDC7FE3619}');
DeleteSchedulerTask('{EAD7E018-FFB9-47F5-8D7E-394D17E76B50}');
DeleteSchedulerTask('{ECE038AE-E3CE-415A-B168-9BF53E8FE312}');
DeleteSchedulerTask('{EF980FDE-B9E0-44D3-B5AE-B7BDDF8A6E62}');
DeleteSchedulerTask('{F1688B3C-2358-4D70-BB62-8C1A2EF1ECA7}');
DeleteSchedulerTask('{F72BFA9B-7FC1-4014-B734-FA90F4079337}');
DeleteSchedulerTask('{F8969739-0CE9-4350-9ECB-DBB8618121C5}');
DeleteSchedulerTask('Avast Emergency Update');
DeleteSchedulerTask('Avast Software\Overseer');
DeleteSchedulerTask('GoogleUpdateTaskMachinCore');
DeleteSchedulerTask('IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473');
DeleteSchedulerTask('Microsoft\VisualStudio\VSIX Auto Update 14');
DeleteSchedulerTask('Microsoft\Windows\Adobe Flash Player PPAPI');
DeleteSchedulerTask('Opera scheduled assistant Autoupdate 1587372085');
DeleteSchedulerTask('Opera scheduled Autoupdate 1428212941');
DeleteSchedulerTask('Opera scheduled Autoupdate 1531422167');
DeleteSchedulerTask('Opera scheduled Autoupdate 1587372084');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
Компьютер перезагрузится.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке Прислать запрошенный карантин над над первым сообщением в теме.
Если карантин не грузится по назначению, не надо его крепить к сообщению, он просто пуст.
Скачайте, распакуйте и запустите утилиту ClearLNK. Скопируйте текст ниже в окно утилиты и нажмите "Лечить".
Код:
>>> [CMD][MASK] "C:\Users\Домашний\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk" -> ["C:\Windows\system32\cmd.exe" =>> \C "c:\program files (x86)\internet]
>>> [CMD][MASK] "C:\Users\Домашний\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ореrа.lnk" -> ["C:\Windows\system32\cmd.exe" =>> \C "c:\program files]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Windows Store Apps.lnk" -> ["C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\WindowsStoreAppDevCenterLearn.url"]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Windows Store Apps.lnk" -> ["C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\WindowsStoreAppDevCenterSamples.url"]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Windows Store Apps.lnk" -> ["C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\WindowsStoreAppDevCenterToolsDocumentation.url"]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Desktop Apps.lnk" -> ["C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\DesktopDevCenterLearn.url"]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Desktop Apps.lnk" -> ["C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\DesktopDevCenterSamples.url"]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Desktop Apps.lnk" -> ["C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\DesktopDevCenterToolsDocumentation.url"]
>>> "C:\Users\Домашний\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader\Help\Русский.lnk" -> ["C:\Users\Домашний\AppData\Local\UmmyVideoDownloader\1.10.8.0\help\Ummy_rus.pdf"]
>>> "C:\Users\Домашний\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader\Help\English.lnk" -> ["C:\Users\Домашний\AppData\Local\UmmyVideoDownloader\1.10.8.0\help\Ummy_eng.pdf"]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11\Руководство пользователя.lnk" -> ["C:\Program Files (x86)\ABBYY FineReader 11\FineCmd.exe" =>> "C:\Program Files (x86)\ABBYY FineReader 11\Guide\"Guide_<uiname>.pdf -lnk]
>>> "C:\Users\Домашний\Favorites\Links\Интернет.url" -> hxxp://ikristi.ru/?utm_source=favorites03&utm_content=d5739088960ee786102b9ad382746496
Отчёт о работе прикрепите.
Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).