Показать полную графическую версию : [решено] Проводник, автозагрузка
CtulhuTheMonster
05-01-2014, 18:05
Часто зависает проводник. В автозагрузке много лишних программ, некоторые не отключаются (pr.jpg). Когда компьютер включился, предлагает открыть файлы ms и msconfig, в автозагрузке не отключаются.
Выполните скрипт в AVZ
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\users\alexandr\appdata\local\temp\0000707d.exe');
TerminateProcessByName('c:\windows\syswow64\audiohd.exe');
TerminateProcessByName('c:\users\alexandr\appdata\local\nvidia corporation\update\daemonupd.exe');
TerminateProcessByName('c:\users\alexandr\appdata\roaming\microsoft\windows\svchost.exe');
TerminateProcessByName('c:\users\alexandr\appdata\roaming\microsoft\windows\templates\explorer.exe') ;
QuarantineFile('C:\Users\Alexandr\appdata\roaming\huycz\myxy.exe','');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\grneq.exe','');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Microsoft\Windows\Templates\MsCtfMonitor.exe','');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\WinDefender.Exe','');
QuarantineFile('C:\Users\Alexandr\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe','');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Google\Update\gupdate.exe','');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Microsoft\Windows\winupdate.exe','');
QuarantineFile('c:\users\alexandr\appdata\local\temp\rtscom.exe','');
QuarantineFile('c:\users\alexandr\appdata\roaming\microsoft\windows\svchost.exe','');
QuarantineFile('c:\users\alexandr\appdata\roaming\microsoft\windows\templates\explorer.exe','');
QuarantineFile('c:\users\alexandr\appdata\local\nvidia corporation\update\daemonupd.exe','');
QuarantineFile('c:\windows\syswow64\audiohd.exe','');
QuarantineFile('c:\users\alexandr\appdata\local\temp\0000707d.exe','');
DeleteFile('c:\users\alexandr\appdata\local\temp\0000707d.exe','32');
DeleteFile('c:\windows\syswow64\audiohd.exe','32');
DeleteFile('c:\users\alexandr\appdata\local\nvidia corporation\update\daemonupd.exe','32');
DeleteFile('c:\users\alexandr\appdata\roaming\microsoft\windows\templates\explorer.exe','32');
DeleteFile('c:\users\alexandr\appdata\roaming\microsoft\windows\svchost.exe','32');
DeleteFile('C:\Users\Alexandr\AppData\Local\Microsoft\Windows\winupdate.exe','32');
DeleteFile('C:\Users\Alexandr\AppData\Local\Google\Update\gupdate.exe','32');
DeleteFile('C:\Users\Alexandr\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe','32');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\WinDefender.Exe','32');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Microsoft\Windows\Templates\MsCtfMonitor.exe','32');
DeleteFile('C:\Windows\Tasks\At1.job','64');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\21220800FdOh','32');
DeleteFile('C:\Windows\Tasks\At2.job','64');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\47278911FdOh','32');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\grneq.exe','32');
DeleteFile('C:\Windows\Tasks\niwnnbr.job','64');
DeleteFile('C:\Windows\system32\Tasks\At1','64');
DeleteFile('C:\Windows\system32\Tasks\At2','64');
DeleteFile('C:\Windows\system32\Tasks\niwnnbr','64');
DeleteFile('C:\Users\Alexandr\appdata\roaming\huycz\myxy.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' ,'WindowsUpdate');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Activex Application Updater');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','WinDefender');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Google Update');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NvUpdService');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','system.exe');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(8);
RebootWindows(false);
end.Компьютер перезагрузится.
Выполните скрипт в AVZ
begin
CreateQurantineArchive('c:\quarantine.zip');
end.Отправьте c:\quarantine.zip при помощи этой формы (http://www.oszone.net/virusnet/)
Пофиксите в HiJack (все, что найдется)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = ttps://erterra.com/images/imglist.ebg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = &
F3 - REG:win.ini: run=C:\Users\Alexandr\AppData\Local\Temp\0000707d.exe
O1 - Hosts: 5.199.136.148 my.mail.ru
O1 - Hosts: 5.199.136.148 m.my.mail.ru
O1 - Hosts: 5.199.136.148 vk.com
O1 - Hosts: 5.199.136.148 ok.ru
O1 - Hosts: 5.199.136.148 m.vk.com
O1 - Hosts: 5.199.136.148 odnoklassniki.ru
O1 - Hosts: 5.199.136.148 vk.com
O1 - Hosts: 5.199.136.148 www.odnoklassniki.ru
O1 - Hosts: 5.199.136.148 m.odnoklassniki.ru
O1 - Hosts: 5.199.136.148 ok.ru
O1 - Hosts: 5.199.136.148 m.ok.ru
O1 - Hosts: 5.199.136.148 www.odnoklassniki.ru
O4 - HKLM\..\Run: [Windows Audio Driver] "C:\Windows\system32\audiohd.exe"
O4 - HKCU\..\Run: [WinDefender] "C:\Users\Alexandr\AppData\Local\Temp\WinDefender.Exe"
O4 - HKCU\..\Run: [Activex Application Updater] C:\Users\Alexandr\AppData\Roaming\Microsoft\Windows\Templates\MsCtfMonitor.exe
O4 - HKCU\..\Run: [{58DF8321-E3BC-901A-DB30-E5A8EA18FFF6}] C:\Users\Alexandr\AppData\Roaming\Ovokza\faeh.exe
O4 - HKCU\..\Run: [NvUpdService] C:\Users\Alexandr\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe /app 0AFE9973A781FD51DE319B6E7D8D77AE
O4 - HKCU\..\Run: [Google Update] C:\Users\Alexandr\AppData\Local\Google\Update\gupdate.exe /app 0AFE9973A781FD51DE319B6E7D8D77AE
O4 - HKCU\..\Run: [system.exe] C:\Users\Alexandr\AppData\Local\Temp\0000707d.exe
O4 - HKCU\..\Run: [ms] C
O4 - HKCU\..\Run: [msconfig] C
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE3082E-72A0-4E8C-B7B5-26BC064FEA2D}: NameServer = 96.8.125.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F52674A-3A7E-42B4-96BC-696D436C9FDA}: NameServer = 96.8.125.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF1A352-3B37-40FE-92EF-96ADBEE4CECE}: NameServer = 96.8.125.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{55E34D3B-FF02-434E-8EA6-6368A1AB0D6F}: NameServer = 96.8.125.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 96.8.125.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{940DB9B7-1FA2-48B2-88EC-E06DBEB80F12}: NameServer = 96.8.125.51
O17 - HKLM\System\CS1\Services\Tcpip\..\{2EE3082E-72A0-4E8C-B7B5-26BC064FEA2D}: NameServer = 96.8.125.51
O17 - HKLM\System\CS2\Services\Tcpip\..\{2EE3082E-72A0-4E8C-B7B5-26BC064FEA2D}: NameServer = 96.8.125.51
Сделайте новые логи
Скачайте Malwarebytes' Anti-Malware ('http://malwarebytes.org/mbam-download-exe-random.php') или с зеркала ('http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe'), установите (во время установки откажитесь от использования Пробной версии), обновите базы, выберите "Perform Full Scan" ("Полное сканирование"), нажмите "Scan" ("Сканирование"), после сканирования - Ok - Show Results ("Показать результаты") - Откройте лог, скопируйте в Блокнот и прикрепите его к следующему посту.
Самостоятельно ничего не удаляйте!!!
Если лог не открылся, то найти его можно в следующей папке:
%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Logs Файл требующегося лога имеет имя mbam-log-[data] (time).txt, например: mbam-log-2012-11-09 (07-32-51).txt
CtulhuTheMonster
06-01-2014, 17:04
ms и msconfig удалились, проводник по-прежнему зависает, MBAM, когда запускаю сканирование, тоже зависает.
Выполните скрипт в AVZ
var i: Integer;
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Qolyt\loquf.exe','');
QuarantineFile('C:\Windows\C','');
for i:= 1 to 20 do
begin
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\msup'+IntToStr(i)+'.exe','');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\msup'+IntToStr(i)+'.exe','32');
end;
DeleteFile('C:\Windows\C','32');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Qolyt\loquf.exe','32');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\92ac0b0058c0f222');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczup');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmn');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnopt');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevz');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbf');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaim');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuh');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchu');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijv');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdur');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmj');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpm');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbgh');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxa');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxatlp');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxatlpdcm');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\fypzpdt');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\ms');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\msconfig');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\niwnnbr');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\system.exe');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\{575524D7-DA66-52AB-A52B-45D3CCF0FEEE}');
QuarantineFileF('C:\Users\Alexandr\AppData\Roaming\Guzi', '*', false,'', 0, 0, '', '');
QuarantineFileF('C:\Users\Alexandr\AppData\Roaming\Ovokza', '*', false,'', 0, 0, '', '');
QuarantineFileF('C:\Users\Alexandr\AppData\Roaming\Qolyt', '*', false,'', 0, 0, '', '');
QuarantineFileF('C:\Users\Alexandr\AppData\Roaming\Ewes', '*', false,'', 0, 0, '', '');
QuarantineFileF('C:\Users\Alexandr\AppData\Roaming\Awbu', '*', false,'', 0, 0, '', '');
QuarantineFileF('C:\Users\Alexandr\AppData\Roaming\Aciz', '*', false,'', 0, 0, '', '');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. Компьютер перезагрузится.
Выполните скрипт в AVZ
begin
CreateQurantineArchive('c:\quarantine.zip');
end.Отправьте c:\quarantine.zip при помощи этой формы (http://www.oszone.net/virusnet/)
Также выложите архив с карантином на rghost.ru и пришлите ссылку на скачивание мне в личные сообщения
Сделайте новые логи
CtulhuTheMonster
06-01-2014, 18:20
В автозагрузке остался файл
C:\Users\Alexandr\AppData\Roaming\Qolyt\loquf.exe
Проводник иногда зависает, но теперь можно хотя бы создать папку))
Пробуйте сделать лог МВАМ
А также уберите из файла hosts следующие записи
127.0.0.1 hellhead.ru anonimvk.ru anonim.do.am webvpn.org unboo.ru xy4-anonymizer.ru nekontakt2.ru
127.0.0.1 urlbl.ru anonymizer.ru timp.ru workandtalk.ru dostyp.ru neklassniki.ru nemir.ru
127.0.0.1 anonimix.ru waitplay.ru nezayti.ru webmurk.ru vkanonim.ru dostupest.ru
127.0.0.1 v.vhodilka.ru o.vhodilka.ru raskruty.ru diazoom.ru razblokirovatdostup.ru anonim.ttu.su
127.0.0.1 spoolls.com jelya.ru antiblock.ru websplatt.ru dardan.ru cameleo.ru obhodilka.ru pinun.ru
127.0.0.1 ok-anonimaizer.ru netdostupa.com adminimus.ru vhodilka.ru
CtulhuTheMonster
06-01-2014, 18:33
Пробуйте сделать лог МВАМ »
Получилось запустить сканирование в безопасном режиме.
CtulhuTheMonster
06-01-2014, 19:33
MBAM лог
Выполните скрипт в AVZ (AVZ запускать от имени Администратора по правой кнопке мыши)
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ovokza\faeh.exe', 'MBAM: Trojan.Crypt.NKN');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\0029cc82.exe', 'MBAM: Malware.Generic');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\004adc4b.exe', 'MBAM: Malware.Generic');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\267.exe', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\308.exe', 'MBAM: Trojan.Crypt.NKN');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\325.exe', 'MBAM: Trojan.Agent.EDTT');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\345.exe', 'MBAM: Trojan.Agent.EDSR');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\bot1.exe', 'MBAM: Heuristics.Shuriken');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\bot4.exe', 'MBAM: Heuristics.Shuriken');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\rtscom.exe', 'MBAM: Backdoor.Messa');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Aciz\voowd.exe', 'MBAM: Trojan.Zbot');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Afedhy\toelr.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ahtuel\ewid.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Akaq\ofse.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Arox\kiat.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Artep\tebei.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Arun\icti.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Atsy\uphex.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Beex\hunug.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Bice\seazi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Bowuyw\olefu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Caowp\osegy.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ceutqe\raos.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ciyh\tofu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Codyam\guis.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Cyof\avac.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Cytaah\kado.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Dobo\yhoq.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ecti\merym.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Edcyvo\evnuu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Edsyic\papi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Edydc\fauc.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Efnuov\iqdui.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Egfuyx\ysku.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ekzero\boif.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Elfi\ekqey.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Elsi\qauds.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ennaci\erdei.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Eqexoh\bieww.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Eqofs\anuc.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Erzi\waep.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Esanac\zaly.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Evke\elkaa.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Fipit\axbao.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Fyety\ozyfe.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Giin\izbo.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Hixuum\unipb.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Hohoo\ehavv.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Hyemka\etaza.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Hyydro\nuxyf.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ibpy\quow.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Icacgy\qeny.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Icro\reoz.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ifbecu\ykfy.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Igmyyq\vyato.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Iluk\ryhug.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Imbuo\umut.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Imqyp\ivxus.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Iqqef\itgu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ivzau\amez.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Iwaqo\ytif.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ixyvew\irpiv.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Koeb\yqryo.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Liofi\iqqe.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Luih\gayk.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Maaxlo\wyur.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Meofx\qoude.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Meso\ibifi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Meto\beilh.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Miwyz\uwov.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Motu\poiw.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Neod\ycsu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Niixi\uzog.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Nyuh\koeno.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Nyyc\ebqo.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Obzau\asifs.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ocmiqu\yvwy.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ocnot\uqxay.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ofedl\wysuy.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ofyxuz\byih.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ogofmu\muaqk.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ohmue\laiss.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Olod\zeem.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Omvofe\imip.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Omyv\xiiwg.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Onan\ryyf.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Onlu\ennac.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Opivc\agco.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Opruo\upes.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Oqce\sexa.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Orew\ofnae.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Oszyl\owhu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Oterqy\died.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Oxpy\omim.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Paot\ysegg.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Puatf\nyfi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Puwuki\iftou.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Puzi\xehyi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Qokyib\dysux.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Quowmo\ibuq.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Qyorka\quocy.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Qyowuv\udik.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Roru\xuasc.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Royfe\aphap.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ruqi\taoxu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Sekeka\pevi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Suyq\qeyk.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Syyzup\voza.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Tawo\oqed.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Teen\eteg.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Toelv\huaq.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uded\rawi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uhmu\biqy.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uqnex\nofu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Urmeo\xosue.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ururq\eblus.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uvaq\ohxu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uxefen\adaw.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uxica\iteci.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uxney\hukya.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Uxomi\opigu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Vefud\moemi.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Vexod\itlo.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Vihipa\ybde.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Vuov\oqac.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Vuowvu\caty.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Wasi\ilfys.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Werii\ohfal.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Wobook\zuagr.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Womyca\zeosy.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Wuqi\ubkiu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Xais\awoze.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Xisemi\yrru.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Xosu\wobo.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ybewse\egpui.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Yfny\agsaf.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Yftoyk\kiatu.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ykbot\ezun.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Yludo\cyofr.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ymeru\ekotn.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Ynxe\irlo.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Yposo\humow.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Yqvuf\filuw.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Yvatu\etam.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Yzwie\saaw.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Zaom\osli.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Zaveaz\itaz.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Roaming\Zeamsu\omesa.exe', 'MBAM: Spyware.Zeus');
QuarantineFile('C:\Users\Alexandr\AppData\Local\wsearch\wsearch.exe', 'MBAM: Trojan.Wsearch');
QuarantineFile('C:\Windows\System32\MSDCSC\msdcsc.exe', 'MBAM: Backdoor.Agent.DC');
QuarantineFile('C:\Windows\SysWOW64\MSDCSC\msdcsc.exe', 'MBAM: Backdoor.Agent.DC');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\00007389.exe', 'MBAM: Trojan.Agent.Gen');
QuarantineFile('C:\Users\Alexandr\AppData\Local\Temp\00007963.exe', 'MBAM: Trojan.Agent.Gen');
QuarantineFile('C:\Users\Alexandr\Local Settings\Application Data\Temp\00007389.exe', 'MBAM: Trojan.Agent.Gen');
QuarantineFile('C:\Users\Alexandr\Local Settings\Application Data\Temp\00007963.exe', 'MBAM: Trojan.Agent.Gen');
QuarantineFile('C:\Users\Alexandr\Desktop\1365.tmp', 'MBAM: Trojan.FileFill');
QuarantineFile('C:\Program Files (x86)\Compan\OldProd\alene.vbs', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compan\OldProd\dancedance.txt', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compan\OldProd\lidogeneratsiya.bat', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compan\OldProd\lopera.txt', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compan\OldProd\midiiiia.bat', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compan\OldProd\pozvoni.vbs', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\abdula.txt', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\bieberfalls.bat', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\goingdown.bat', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\moimalish.vbs', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\rotokantrop.txt', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\spiahdetka.vbs', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\Uninstall.exe', 'MBAM: Trojan.Agent.VBS');
QuarantineFile('C:\Program Files (x86)\Compans\OldProi\Uninstall.ini', 'MBAM: Trojan.Agent.VBS');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ovokza\faeh.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\0029cc82.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\004adc4b.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\267.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\308.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\325.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\345.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\bot1.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\bot4.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\rtscom.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Aciz\voowd.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Afedhy\toelr.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ahtuel\ewid.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Akaq\ofse.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Arox\kiat.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Artep\tebei.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Arun\icti.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Atsy\uphex.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Beex\hunug.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Bice\seazi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Bowuyw\olefu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Caowp\osegy.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ceutqe\raos.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ciyh\tofu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Codyam\guis.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Cyof\avac.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Cytaah\kado.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Dobo\yhoq.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ecti\merym.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Edcyvo\evnuu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Edsyic\papi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Edydc\fauc.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Efnuov\iqdui.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Egfuyx\ysku.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ekzero\boif.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Elfi\ekqey.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Elsi\qauds.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ennaci\erdei.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Eqexoh\bieww.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Eqofs\anuc.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Erzi\waep.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Esanac\zaly.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Evke\elkaa.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Fipit\axbao.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Fyety\ozyfe.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Giin\izbo.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Hixuum\unipb.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Hohoo\ehavv.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Hyemka\etaza.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Hyydro\nuxyf.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ibpy\quow.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Icacgy\qeny.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Icro\reoz.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ifbecu\ykfy.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Igmyyq\vyato.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Iluk\ryhug.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Imbuo\umut.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Imqyp\ivxus.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Iqqef\itgu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ivzau\amez.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Iwaqo\ytif.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ixyvew\irpiv.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Koeb\yqryo.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Liofi\iqqe.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Luih\gayk.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Maaxlo\wyur.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Meofx\qoude.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Meso\ibifi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Meto\beilh.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Miwyz\uwov.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Motu\poiw.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Neod\ycsu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Niixi\uzog.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Nyuh\koeno.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Nyyc\ebqo.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Obzau\asifs.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ocmiqu\yvwy.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ocnot\uqxay.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ofedl\wysuy.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ofyxuz\byih.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ogofmu\muaqk.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ohmue\laiss.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Olod\zeem.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Omvofe\imip.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Omyv\xiiwg.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Onan\ryyf.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Onlu\ennac.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Opivc\agco.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Opruo\upes.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Oqce\sexa.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Orew\ofnae.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Oszyl\owhu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Oterqy\died.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Oxpy\omim.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Paot\ysegg.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Puatf\nyfi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Puwuki\iftou.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Puzi\xehyi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Qokyib\dysux.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Quowmo\ibuq.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Qyorka\quocy.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Qyowuv\udik.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Roru\xuasc.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Royfe\aphap.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ruqi\taoxu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Sekeka\pevi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Suyq\qeyk.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Syyzup\voza.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Tawo\oqed.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Teen\eteg.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Toelv\huaq.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uded\rawi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uhmu\biqy.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uqnex\nofu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Urmeo\xosue.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ururq\eblus.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uvaq\ohxu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uxefen\adaw.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uxica\iteci.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uxney\hukya.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Uxomi\opigu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Vefud\moemi.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Vexod\itlo.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Vihipa\ybde.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Vuov\oqac.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Vuowvu\caty.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Wasi\ilfys.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Werii\ohfal.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Wobook\zuagr.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Womyca\zeosy.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Wuqi\ubkiu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Xais\awoze.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Xisemi\yrru.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Xosu\wobo.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ybewse\egpui.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Yfny\agsaf.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Yftoyk\kiatu.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ykbot\ezun.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Yludo\cyofr.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ymeru\ekotn.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Ynxe\irlo.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Yposo\humow.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Yqvuf\filuw.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Yvatu\etam.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Yzwie\saaw.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Zaom\osli.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Zaveaz\itaz.exe');
DeleteFile('C:\Users\Alexandr\AppData\Roaming\Zeamsu\omesa.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\wsearch\wsearch.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\00007389.exe');
DeleteFile('C:\Users\Alexandr\AppData\Local\Temp\00007963.exe');
DeleteFile('C:\Users\Alexandr\Local Settings\Application Data\Temp\00007389.exe');
DeleteFile('C:\Users\Alexandr\Local Settings\Application Data\Temp\00007963.exe');
DeleteFile('C:\Users\Alexandr\Desktop\1365.tmp');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\alene.vbs');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\dancedance.txt');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\lidogeneratsiya.bat');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\lopera.txt');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\midiiiia.bat');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\pozvoni.vbs');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\Uninstall.exe');
DeleteFile('C:\Program Files (x86)\Compan\OldProd\Uninstall.ini');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\abdula.txt');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\bieberfalls.bat');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\goingdown.bat');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\moimalish.vbs');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\rotokantrop.txt');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\spiahdetka.vbs');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\Uninstall.exe');
DeleteFile('C:\Program Files (x86)\Compans\OldProi\Uninstall.ini');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\92ac0b0058c0f222');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczup');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmn');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnopt');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevz');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbf');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaim');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvc');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuh');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchu');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijv');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdur');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmj');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpm');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbgh');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxa');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxatlp');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxatlpdcm');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\fypzpdt');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\ms');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\msconfig');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\niwnnbr');
RegKeyDel('HKLM', 'software\microsoft\shared tools\msconfig\startupreg\system.exe');
RegKeyDel('HKCU', 'software\microsoft\shared tools\msconfig\startupreg\{575524D7-DA66-52AB-A52B-45D3CCF0FEEE}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.Компьютер перезагрузится.
Выполните скрипт в AVZ
begin
CreateQurantineArchive('c:\quarantine.zip');
end.Отправьте c:\quarantine.zip при помощи этой формы (http://www.oszone.net/virusnet/)
Внимание: выполните написанное в сообщении над этим для начала (из-за ограничений пришлось разделить на 2 сообщения)
Запустите повторное (можно быстрое) сканирование в МВАМ, отметьте и удалите все, кроме
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Действие не было предпринято.
C:\Program Files (x86)\ABBYY PDF Transformer 3.0\3.0.100.399.exe (PUP.Hacktool.Patcher) -> Действие не было предпринято.
C:\Program Files (x86)\ABBYY PDF Transformer 3.0\Crack\3.0.100.399.exe (PUP.Hacktool.Patcher) -> Действие не было предпринято.
C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Действие не было предпринято.
C:\Program Files (x86)\Common Files\WUDHost.exe (Malware.Generic) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_comctl32.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_credui.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_dmdskres.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_dsuiext.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_els.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_filemgmt.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_hhctrl.ocx.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_ieaksie.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_mapi32.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_mmc.exe.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_mstsc.exe.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_powercpl.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_scrptadm.dll.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_taskmgr.exe.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\Patch_wscript.exe.exe (Trojan.FakeAlert) -> Действие не было предпринято.
C:\Program Files (x86)\W7Elegant Black Pearl\Resources\shared\Windows\SysWOW64\ru-RU\Patch_iexpress.exe.mui.exe (Trojan.FakeAlert) -> Действие не было предпринято.
Сделайте новый комплект логов по правилам + новый лог МВАМ
CtulhuTheMonster
06-01-2014, 21:12
Логи. Проблем больше нет.
quarantine.zip весит 33мб, не загружается.
Загрузил на rghost (http://rghost.ru/private/51447423/883c9cf851c5e440b0ef53c60c2d6102).
1. Смените все пароли
2. Удалите папки (папка AppData - скрытая системная)
C:\Users\Alexandr\AppData\Roaming\Ovokza
C:\Users\Alexandr\AppData\Roaming\Aciz
C:\Users\Alexandr\AppData\Roaming\Afedhy
C:\Users\Alexandr\AppData\Roaming\Ahtuel
C:\Users\Alexandr\AppData\Roaming\Akaq
C:\Users\Alexandr\AppData\Roaming\Arox
C:\Users\Alexandr\AppData\Roaming\Artep
C:\Users\Alexandr\AppData\Roaming\Arun
C:\Users\Alexandr\AppData\Roaming\Atsy
C:\Users\Alexandr\AppData\Roaming\Beex
C:\Users\Alexandr\AppData\Roaming\Bice
C:\Users\Alexandr\AppData\Roaming\Bowuyw
C:\Users\Alexandr\AppData\Roaming\Caowp
C:\Users\Alexandr\AppData\Roaming\Ceutqe
C:\Users\Alexandr\AppData\Roaming\Ciyh
C:\Users\Alexandr\AppData\Roaming\Codyam
C:\Users\Alexandr\AppData\Roaming\Cyof
C:\Users\Alexandr\AppData\Roaming\Cytaah
C:\Users\Alexandr\AppData\Roaming\Dobo
C:\Users\Alexandr\AppData\Roaming\Ecti
C:\Users\Alexandr\AppData\Roaming\Edcyvo
C:\Users\Alexandr\AppData\Roaming\Edsyic
C:\Users\Alexandr\AppData\Roaming\Edydc
C:\Users\Alexandr\AppData\Roaming\Efnuov
C:\Users\Alexandr\AppData\Roaming\Egfuyx
C:\Users\Alexandr\AppData\Roaming\Ekzero
C:\Users\Alexandr\AppData\Roaming\Elfi
C:\Users\Alexandr\AppData\Roaming\Elsi
C:\Users\Alexandr\AppData\Roaming\Ennaci
C:\Users\Alexandr\AppData\Roaming\Eqexoh
C:\Users\Alexandr\AppData\Roaming\Eqofs
C:\Users\Alexandr\AppData\Roaming\Erzi
C:\Users\Alexandr\AppData\Roaming\Esanac
C:\Users\Alexandr\AppData\Roaming\Evke
C:\Users\Alexandr\AppData\Roaming\Fipit
C:\Users\Alexandr\AppData\Roaming\Fyety
C:\Users\Alexandr\AppData\Roaming\Giin
C:\Users\Alexandr\AppData\Roaming\Hixuum
C:\Users\Alexandr\AppData\Roaming\Hohoo
C:\Users\Alexandr\AppData\Roaming\Hyemka
C:\Users\Alexandr\AppData\Roaming\Hyydro
C:\Users\Alexandr\AppData\Roaming\Ibpy
C:\Users\Alexandr\AppData\Roaming\Icacgy
C:\Users\Alexandr\AppData\Roaming\Icro
C:\Users\Alexandr\AppData\Roaming\Ifbecu
C:\Users\Alexandr\AppData\Roaming\Igmyyq
C:\Users\Alexandr\AppData\Roaming\Iluk
C:\Users\Alexandr\AppData\Roaming\Imbuo
C:\Users\Alexandr\AppData\Roaming\Imqyp
C:\Users\Alexandr\AppData\Roaming\Iqqef
C:\Users\Alexandr\AppData\Roaming\Ivzau
C:\Users\Alexandr\AppData\Roaming\Iwaqo
C:\Users\Alexandr\AppData\Roaming\Ixyvew
C:\Users\Alexandr\AppData\Roaming\Koeb
C:\Users\Alexandr\AppData\Roaming\Liofi
C:\Users\Alexandr\AppData\Roaming\Luih
C:\Users\Alexandr\AppData\Roaming\Maaxlo
C:\Users\Alexandr\AppData\Roaming\Meofx
C:\Users\Alexandr\AppData\Roaming\Meso
C:\Users\Alexandr\AppData\Roaming\Meto
C:\Users\Alexandr\AppData\Roaming\Miwyz
C:\Users\Alexandr\AppData\Roaming\Motu
C:\Users\Alexandr\AppData\Roaming\Neod
C:\Users\Alexandr\AppData\Roaming\Niixi
C:\Users\Alexandr\AppData\Roaming\Nyuh
C:\Users\Alexandr\AppData\Roaming\Nyyc
C:\Users\Alexandr\AppData\Roaming\Obzau
C:\Users\Alexandr\AppData\Roaming\Ocmiqu
C:\Users\Alexandr\AppData\Roaming\Ocnot
C:\Users\Alexandr\AppData\Roaming\Ofedl
C:\Users\Alexandr\AppData\Roaming\Ofyxuz
C:\Users\Alexandr\AppData\Roaming\Ogofmu
C:\Users\Alexandr\AppData\Roaming\Ohmue
C:\Users\Alexandr\AppData\Roaming\Olod
C:\Users\Alexandr\AppData\Roaming\Omvofe
C:\Users\Alexandr\AppData\Roaming\Omyv
C:\Users\Alexandr\AppData\Roaming\Onan
C:\Users\Alexandr\AppData\Roaming\Onlu
C:\Users\Alexandr\AppData\Roaming\Opivc;
C:\Users\Alexandr\AppData\Roaming\Opruo
C:\Users\Alexandr\AppData\Roaming\Oqce
C:\Users\Alexandr\AppData\Roaming\Orew
C:\Users\Alexandr\AppData\Roaming\Oszyl
C:\Users\Alexandr\AppData\Roaming\Oterqy
C:\Users\Alexandr\AppData\Roaming\Oxpy
C:\Users\Alexandr\AppData\Roaming\Paot
C:\Users\Alexandr\AppData\Roaming\Puatf
C:\Users\Alexandr\AppData\Roaming\Puwuki
C:\Users\Alexandr\AppData\Roaming\Puzi
C:\Users\Alexandr\AppData\Roaming\Qokyib
C:\Users\Alexandr\AppData\Roaming\Quowmo
C:\Users\Alexandr\AppData\Roaming\Qyorka
C:\Users\Alexandr\AppData\Roaming\Qyowuv
C:\Users\Alexandr\AppData\Roaming\Roru
C:\Users\Alexandr\AppData\Roaming\Royfe
C:\Users\Alexandr\AppData\Roaming\Ruqi
C:\Users\Alexandr\AppData\Roaming\Sekeka
C:\Users\Alexandr\AppData\Roaming\Suyq
C:\Users\Alexandr\AppData\Roaming\Syyzup
C:\Users\Alexandr\AppData\Roaming\Tawo
C:\Users\Alexandr\AppData\Roaming\Teen
C:\Users\Alexandr\AppData\Roaming\Toelv
C:\Users\Alexandr\AppData\Roaming\Uded
C:\Users\Alexandr\AppData\Roaming\Uhmu
C:\Users\Alexandr\AppData\Roaming\Uqnex
C:\Users\Alexandr\AppData\Roaming\Urmeo
C:\Users\Alexandr\AppData\Roaming\Ururq
C:\Users\Alexandr\AppData\Roaming\Uvaq
C:\Users\Alexandr\AppData\Roaming\Uxefen
C:\Users\Alexandr\AppData\Roaming\Uxica
C:\Users\Alexandr\AppData\Roaming\Uxney
C:\Users\Alexandr\AppData\Roaming\Uxomi
C:\Users\Alexandr\AppData\Roaming\Vefud
C:\Users\Alexandr\AppData\Roaming\Vexod
C:\Users\Alexandr\AppData\Roaming\Vihipa
C:\Users\Alexandr\AppData\Roaming\Vuov
C:\Users\Alexandr\AppData\Roaming\Vuowvu
C:\Users\Alexandr\AppData\Roaming\Wasi
C:\Users\Alexandr\AppData\Roaming\Werii
C:\Users\Alexandr\AppData\Roaming\Wobook
C:\Users\Alexandr\AppData\Roaming\Womyca
C:\Users\Alexandr\AppData\Roaming\Wuqi
C:\Users\Alexandr\AppData\Roaming\Xais
C:\Users\Alexandr\AppData\Roaming\Xisemi
C:\Users\Alexandr\AppData\Roaming\Xosu
C:\Users\Alexandr\AppData\Roaming\Ybewse
C:\Users\Alexandr\AppData\Roaming\Yfny
C:\Users\Alexandr\AppData\Roaming\Yftoyk
C:\Users\Alexandr\AppData\Roaming\Ykbot
C:\Users\Alexandr\AppData\Roaming\Yludo
C:\Users\Alexandr\AppData\Roaming\Ymeru
C:\Users\Alexandr\AppData\Roaming\Ynxe
C:\Users\Alexandr\AppData\Roaming\Yposo
C:\Users\Alexandr\AppData\Roaming\Yqvuf
C:\Users\Alexandr\AppData\Roaming\Yvatu
C:\Users\Alexandr\AppData\Roaming\Yzwie
C:\Users\Alexandr\AppData\Roaming\Zaom
C:\Users\Alexandr\AppData\Roaming\Zaveaz
C:\Users\Alexandr\AppData\Roaming\Zeamsu
3. Запустите редактор реестра и удалите ветки (HKLM=HKEY_LOCAL_MACHINE, HKCU = HKEY_CURRENT_USER)
HKLM\software\microsoft\shared tools\msconfig\startupreg\92ac0b0058c0f222
HKLM\software\microsoft\shared tools\msconfig\startupreg\djc
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczup
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmn
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnopt
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevz
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbf
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkc
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmc
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaim
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvc
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuh
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchu
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijv
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdur
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmj
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpm
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbgh
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxa
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxatlp
HKLM\software\microsoft\shared tools\msconfig\startupreg\djczupwmnoptevzdbfkkclmcaimnvchuhchuijvdurkmjrpmbghmxatlpdcm
HKLM\software\microsoft\shared tools\msconfig\startupreg\fypzpdt
HKLM\software\microsoft\shared tools\msconfig\startupreg\ms
HKLM\software\microsoft\shared tools\msconfig\startupreg\msconfig
HKLM\software\microsoft\shared tools\msconfig\startupreg\niwnnbr
HKLM\software\microsoft\shared tools\msconfig\startupreg\system.exe
HKCU\software\microsoft\shared tools\msconfig\startupreg\{575524D7-DA66-52AB-A52B-45D3CCF0FEEE}
4. Выполните скрипт в AVZ
begin
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firew allpolicy\standardprofile\authorizedapplications\list','C:\Users\Alexandr\AppData\Roaming\Win Defender\svchost.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firew allpolicy\standardprofile\authorizedapplications\list','C:\Users\Alexandr\AppData\Roaming\Microsoft\ Windows\svchost.exe');
RebootWindows(true);
end.Компьютер перезагрузится
C:\ProgramData\acrotray.exe (файл скрытый, системный, только для чтения) проверьте на virustotal (http://www.virustotal.com/ru) Ссылку на результат проверки сообщите
© OSzone.net 2001-2012
vBulletin v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.
Available in ZeroNet 1osznRoVratMCN3bFoFpR2pSV5c9z6sTC