Ветеран
Консультант
Сообщения: 1514
Благодарности: 413
|
Профиль
|
Отправить PM
| Цитировать
Здравствуйте!
Комбофикс для чего запускали? Так и систему себе могли убить. Лог его работы покажите, посмотрим чего он там натворил.
Закройте все программы, временно выгрузите антивирус, файрволл и прочее защитное ПО.
Выполните скрипт в АВЗ (Файл - Выполнить скрипт):
Код:  begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\windows\temp\e14c.tmp');
TerminateProcessByName('c:\program files (x86)\0e7dce20-1455276182-11d5-ad56-5404a6f203ee\knsxdbd.tmp');
SetServiceStart('WajaNetEn Monitor', 4);
StopService('dujixynezbt');
StopService('WajaNetEn Monitor');
QuarantineFile('c:\windows\userprofile\Win7_x32.msi', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоme.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\google chrome (2).lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\gоogle сhromе (2).lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chromе (2).lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chromе.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorеr (2).lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Eхрlorеr.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Explorer.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Explorer (No Аdd-ons).lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Панель запуска приложений Chrome.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gоoglе Chrоme.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Легенда - Наследие Драконов (Chrome).lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Легенда - Наследие Драконов (Chrome)\Легенда - Наследие Драконов (Chrome).lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firеfоx.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game - Total Domination\Game - Total Domination.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game - Total Domination\Gаme - Totаl Dоminatiоn.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder\Wаr Thunder.lnk', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrThundеr.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin'+ #39 +'s Creed 4 - Черный Флаг\Assassin'+ #39 +'s Creed 4 - Черный Флаг.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bit2Bit загрузчик\Вit2Bit загрузчик.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DayZ Standalone\DаyZ Stаndаlonе.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivХ Рlus Соnvеrtеr.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Rеgistеr.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Сheck fоr Updates.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Соdес Sеttings.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Ultimate Team Edition\FIFA 15 Ultimate Team Edition.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Ultimate Team Edition\FIFА 15 Ultimate Teаm Edition.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V\Grand Theft Auto V.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval II Total War Gold\Мediеvаl II Тotal Wаr Gold.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat Komplete Edition\Мortal Кombаt Komрletе Еdition.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed Rivals\Need for Speed Rivals.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed Rivals\Настройка запуска.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panzer Corps\Рanzеr Соrps.(Настройки).lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Wоrld оf Tаnks.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Settings.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\SignIn with Facebook.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\SignIn with Twitter.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Wajam Website.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Search\Ask.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Search\Google.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Search\IMDb.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Search\Shopping.com.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Search\TripAdvisor.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Search\Wikipedia.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Search\Yahoo!.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Amazon.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Argos.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Ebay.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Etsy.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\HomeDepot.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Ikea.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Lowe'+ #39 +'s.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Mercadolivre.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\MyShopping.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Sears.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Target.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Tesco.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Walmart.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn\Explore Social Shopping\Zalando.lnk', '');
QuarantineFile('C:\ProgramData\TjQbbNrUzF\dFTrCDbf4.bat', '');
QuarantineFile('C:\ProgramData\AQUminTi\RAamcwoD3.bat', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Browsers\exe.xoferif.bat', '');
QuarantineFileF('C:\ProgramData\DVyFZVurW', '*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\pREPeJY', '*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\TjQbbNrUzF', '*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\AQUminTi', '*', true, '', 0, 0);
QuarantineFileF('C:\Users\PC\AppData\Roaming\Browsers', '*', true, '', 0, 0);
QuarantineFileF('c:\users\pc\appdata\roaming\newsi_1\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\windows\temp\e14c.tmp', '');
QuarantineFile('c:\program files (x86)\0e7dce20-1455276182-11d5-ad56-5404a6f203ee\knsxdbd.tmp', '');
QuarantineFile('C:\ProgramData\DVyFZVurW\CFmfbk0.bat', '');
QuarantineFile('C:\ProgramData\pREPeJY\qvZzhNg5.bat', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\newSI_1\s_inst.exe', '');
QuarantineFileF('C:\Program Files\WajaNetEn\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFile('C:\TEMP\3fc33.exe', '');
QuarantineFile('C:\TEMP\TorrentSearch_restartonfail_exe\fast-torrent-search.exe', '');
QuarantineFile('C:\Program Files (x86)\ppt\Uninst.exe', '');
QuarantineFile('C:\Program Files (x86)\ppt\ppt.exe', '');
QuarantineFile('C:\Users\PC\AppData\Roaming\Adobe\www.adobe.com.url', '');
QuarantineFile('C:\Program Files\WajaNetEn\08d114231ac8f5a3a2b948eb807a83d5.exe', '');
QuarantineFileF('C:\Program Files (x86)\ppt\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
DeleteFile('C:\ProgramData\DVyFZVurW\CFmfbk0.bat', '');
DeleteFile('C:\ProgramData\pREPeJY\qvZzhNg5.bat', '');
DeleteFile('C:\ProgramData\TjQbbNrUzF\dFTrCDbf4.bat', '');
DeleteFile('C:\ProgramData\AQUminTi\RAamcwoD3.bat', '');
DeleteFile('C:\Users\PC\AppData\Roaming\Browsers\exe.xoferif.bat', '');
DeleteFile('C:\Windows\Tasks\newSI_1.job', '64');
DeleteFile('C:\Windows\Tasks\nhw2o.job', '64');
DeleteFile('C:\Windows\Tasks\Rerun service for Torrent Search.job', '64');
DeleteFile('c:\windows\temp\e14c.tmp', '32');
DeleteFile('c:\program files (x86)\0e7dce20-1455276182-11d5-ad56-5404a6f203ee\knsxdbd.tmp', '32');
DeleteFile('C:\ProgramData\DVyFZVurW\CFmfbk0.bat', '32');
DeleteFile('C:\ProgramData\pREPeJY\qvZzhNg5.bat', '32');
DeleteFile('C:\Program Files\WajaNetEn\08d114231ac8f5a3a2b948eb807a83d5.exe', '32');
DeleteFile('C:\Users\PC\AppData\Roaming\Adobe\www.adobe.com.url', '32');
DeleteFile('C:\Program Files (x86)\ppt\ppt.exe', '32');
DeleteFile('C:\Program Files (x86)\ppt\Uninst.exe', '32');
DeleteFile('C:\Users\PC\AppData\Roaming\newSI_1\s_inst.exe', '32');
DeleteFile('C:\TEMP\3fc33.exe', '32');
DeleteFile('C:\TEMP\TorrentSearch_restartonfail_exe\fast-torrent-search.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "B3FC205C-18A3-47A8-BB60-DC1ACC590F6E" /F', 0, 15000, true);
DeleteService('WajaNetEn Monitor');
DeleteService('dujixynezbt');
DeleteFileMask('C:\ProgramData\DVyFZVurW', '*', true);
DeleteFileMask('C:\ProgramData\pREPeJY', '*', true);
DeleteFileMask('C:\ProgramData\TjQbbNrUzF', '*', true);
DeleteFileMask('C:\ProgramData\AQUminTi', '*', true);
DeleteFileMask('C:\Users\PC\AppData\Roaming\Browsers', '*', true);
DeleteFileMask('C:\Program Files\WajaNetEn\', '*', true);
DeleteFileMask('C:\Program Files (x86)\ppt\', '*', true);
DeleteFileMask('c:\users\pc\appdata\roaming\newsi_1\', '*', true);
DeleteDirectory('C:\ProgramData\DVyFZVurW');
DeleteDirectory('C:\ProgramData\pREPeJY');
DeleteDirectory('C:\ProgramData\TjQbbNrUzF');
DeleteDirectory('C:\ProgramData\AQUminTi');
DeleteDirectory('C:\Users\PC\AppData\Roaming\Browsers');
DeleteDirectory('C:\Program Files\WajaNetEn\');
DeleteDirectory('C:\Program Files (x86)\ppt\');
DeleteDirectory('c:\users\pc\appdata\roaming\newsi_1\');
DelBHO('{326E768D-4182-46FD-9C16-1449A49795F4}');
DelBHO('{8984B388-A5BB-4DF7-B274-77B879E179DB}');
DelBHO('{8E8F97CD-60B5-456F-A201-73065652D099}');
DelBHO('{9961627E-4059-41B4-8E0E-A7D6B3854ADF}');
DelBHO('{AE7CD045-E861-484f-8273-0445EE161910}');
DelBHO('{DBC80044-A445-435b-BC74-9C25C1C588A9}');
DelBHO('{F4971EE7-DAA0-4053-9964-665D8EE6A077}');
DelBHO('{47833539-D0C5-4125-9FA8-0819E2EAAC93}');
DelBHO('{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl8', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RazerGameBooster', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Guard.Mail.ru.gui', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\icq', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Philips Device Listener', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Adobe Flash Player SU');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'apphide');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'pcmgr');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Comrade.exe', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\multibar.exe', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skymonk2', 'command');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'rlloqvsfbh');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
после выполнения скрипта компьютер перезагрузится.
Файл quarantine.zip из папки AVZ отправьте с помощью этой формы или на этот почтовый ящик: quarantine <at> safezone.cc (замените <at> на @) с указанием ссылки на тему в теме (заголовке) сообщения. с указанием пароля: virus в теле письма.
остальное напишу в следующем посте. В этот уже не помещается по кол-ву символов. |
