Посмотрю....
- Отключите антивирус/фаервол и интернет;
-
Выполните в АВЗ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\documents and settings\admin\application data\c.exe');
TerminateProcessByName('c:\documents and settings\admin\application data\regsrv64.exe');
QuarantineFile('c:\documents and settings\admin\application data\c.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Ruqaqr.exe','');
QuarantineFile('c:\documents and settings\admin\application data\regsrv64.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\2A.exe','');
QuarantineFile('c:\documents and settings\admin\application data\27.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\29.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\11.exe','');
QuarantineFile('c:\documents and settings\admin\application data\10.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\E.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\6.tmp','');
QuarantineFile('c:\documents and settings\admin\application data\9.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\8.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\15.exe','');
QuarantineFile('c:\documents and settings\admin\application data\5A.exe','');
DeleteFile('C:\Documents and Settings\Admin\Application Data\5A.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\9.exe');
DeleteFile('c:\documents and settings\admin\application data\8.tmp');
DeleteFile('c:\documents and settings\admin\application data\15.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\10.tmp');
DeleteFile('c:\documents and settings\admin\application data\E.exe');
DeleteFile('c:\documents and settings\admin\application data\6.tmp');
DeleteFile('C:\Documents and Settings\Admin\Application Data\27.exe');
DeleteFile('c:\documents and settings\admin\application data\29.exe');
DeleteFile('c:\documents and settings\admin\application data\11.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\2A.exe');
DeleteFile('c:\documents and settings\admin\application data\c.exe');
DeleteFile('c:\documents and settings\admin\application data\regsrv64.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Ruqaqr.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SterupService');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','SterupService');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SterupService');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','SterupService');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','SterupService');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Ruqaqr');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft DLL Registration');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится
После перезагрузки:
- Выполните в АВЗ:
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Файл
quarantine.zip из папки AVZ загрузите через
данную форму. Укажите ссылку на тему и ник на форуме.
Установите
новый Internet Explorer, а также все доступные
обновления для Windows
После обновлений:
- Скачайте
Malwarebytes' Anti-Malware или с
зеркала, установите, обновите базы, выберите "
Полное сканирование", нажмите "
Сканирование", после сканирования -
Ok -
Показать результаты - Откройте лог, скопируйте в блокнот и прикрепите его к следующему посту.
