Перетащите лог Check_Browsers_LNK.log из папки Autologger на утилиту ClearLNK. Отчёт о работе прикрепите.
Запустите HijackThis, расположенный в папке Autologger и пофиксите только эти строки:
Код:
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A37985B-A950-4F23-8D87-A8A32CEA1993}: [NameServer] = 185.192.111.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A37985B-A950-4F23-8D87-A8A32CEA1993}: [NameServer] = 37.59.58.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{42646E3B-65D3-4467-9FA2-F022B540431F}: [NameServer] = 185.192.111.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{42646E3B-65D3-4467-9FA2-F022B540431F}: [NameServer] = 37.59.58.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D883897-25DB-4D4E-8CD1-733ECF8604B0}: [NameServer] = 185.192.111.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D883897-25DB-4D4E-8CD1-733ECF8604B0}: [NameServer] = 37.59.58.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] = 185.192.111.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] = 37.59.58.122
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{2A37985B-A950-4F23-8D87-A8A32CEA1993}: [NameServer] = 185.192.111.210
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{2A37985B-A950-4F23-8D87-A8A32CEA1993}: [NameServer] = 37.59.58.122
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{42646E3B-65D3-4467-9FA2-F022B540431F}: [NameServer] = 185.192.111.210
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{42646E3B-65D3-4467-9FA2-F022B540431F}: [NameServer] = 37.59.58.122
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5D883897-25DB-4D4E-8CD1-733ECF8604B0}: [NameServer] = 185.192.111.210
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5D883897-25DB-4D4E-8CD1-733ECF8604B0}: [NameServer] = 37.59.58.122
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] = 185.192.111.210
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] = 37.59.58.122
Выполните скрипт в AVZ из папки Autologger\AV\av_z.exe:
Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\program files (x86)\transmission\transmission-daemon.exe');
StopService('Transmission');
QuarantineFile('c:\program files (x86)\transmission\transmission-daemon.exe', '');
DeleteFile('C:\Program Files (x86)\Transmission\libcrypto-1_1.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\libcurl.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\libssl-1_1.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\platforms\qwindows.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\Qt5Core.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\Qt5DBus.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\Qt5Gui.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\Qt5Network.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\Qt5Widgets.dll', '');
DeleteFile('C:\Program Files (x86)\Transmission\Qt5WinExtras.dll', '');
DeleteFile('c:\program files (x86)\transmission\transmission-daemon.exe', '');
DeleteFile('C:\Program Files (x86)\Transmission\transmission-daemon.exe', '64');
DeleteFile('C:\Program Files (x86)\Transmission\zlib.dll', '');
DeleteService('Transmission');
DeleteFileMask('c:\program files (x86)\download studio', '*', true);
DeleteFileMask('C:\Program Files (x86)\NetShield Kit', '*', true);
DeleteFileMask('c:\program files (x86)\transmission', '*', true);
DeleteFileMask('C:\ProgramData\Package Cache\{b72e2de9-630a-4b21-b3d7-e527c01b11ac}', '*', true);
DeleteDirectory('c:\program files (x86)\download studio');
DeleteDirectory('C:\Program Files (x86)\NetShield Kit');
DeleteDirectory('c:\program files (x86)\transmission');
DeleteDirectory('C:\ProgramData\Package Cache\{b72e2de9-630a-4b21-b3d7-e527c01b11ac}');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Flow!Works Pro Server', 'x64');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\utstarter', 'x64');
DeleteSchedulerTask('{A5B6D911-3155-4087-881B-2D3AB3E21A5F}');
DeleteSchedulerTask('{FC5C96AA-41A9-4249-96CD-4EBADF59E0DE}');
DeleteSchedulerTask('DownloadStudio Service Repair');
DeleteSchedulerTask('DownloadStudio Standalone Updater');
DeleteSchedulerTask('Microsoft\Office\Office 15 Subscription Heartbeat');
DeleteSchedulerTask('Opera scheduled assistant Autoupdate 1581421972');
DeleteSchedulerTask('Opera scheduled assistant Autoupdate 1600108179');
DeleteSchedulerTask('Opera scheduled Autoupdate 1581421315');
DeleteSchedulerTask('Opera scheduled Autoupdate 1600108162');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(21);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(false);
end.
Компьютер перезагрузится.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке Прислать запрошенный карантин над над первым сообщением в теме.
Скачайте утилиту Universal Virus Sniffer отсюда и сделайте полный образ автозапуска uVS.