procedure AV_block_remove;
begin
QuarantineFileF('C:\AdwCleaner', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\AVAST Software', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\AVG', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\ByteFence', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Cezurity', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Common Files\McAfee', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\COMODO', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Enigma Software Group', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\ESET', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Kaspersky Lab', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Malwarebytes', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\SpyHunter', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\360safe', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\AVAST Software', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Avira', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Doctor Web', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\ESET', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Indus', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\install', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Kaspersky Lab Setup Files', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Kaspersky Lab', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Malwarebytes', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\MB3Install', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\McAfee', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Norton', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\RealtekHD', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Setup', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Windows', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\WindowsTask', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Windows\speechstracing', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
DeleteFileMask('C:\AdwCleaner', '*', true);
DeleteFileMask('C:\Program Files\AVAST Software', '*', true);
DeleteFileMask('C:\Program Files\AVG', '*', true);
DeleteFileMask('C:\Program Files\ByteFence', '*', true);
DeleteFileMask('C:\Program Files\Cezurity', '*', true);
DeleteFileMask('C:\Program Files\Common Files\McAfee', '*', true);
DeleteFileMask('C:\Program Files\COMODO', '*', true);
DeleteFileMask('C:\Program Files\Enigma Software Group', '*', true);
DeleteFileMask('C:\Program Files\ESET', '*', true);
DeleteFileMask('C:\Program Files\Kaspersky Lab', '*', true);
DeleteFileMask('C:\Program Files\Malwarebytes', '*', true);
DeleteFileMask('C:\Program Files\SpyHunter', '*', true);
DeleteFileMask('C:\ProgramData\360safe', '*', true);
DeleteFileMask('C:\ProgramData\AVAST Software', '*', true);
DeleteFileMask('C:\ProgramData\Avira', '*', true);
DeleteFileMask('C:\ProgramData\Doctor Web', '*', true);
DeleteFileMask('C:\ProgramData\ESET', '*', true);
DeleteFileMask('C:\ProgramData\Indus', '*', true);
DeleteFileMask('C:\ProgramData\install', '*', true);
DeleteFileMask('C:\ProgramData\Kaspersky Lab Setup Files', '*', true);
DeleteFileMask('C:\ProgramData\Kaspersky Lab', '*', true);
DeleteFileMask('C:\ProgramData\Malwarebytes', '*', true);
DeleteFileMask('C:\ProgramData\MB3Install', '*', true);
DeleteFileMask('C:\ProgramData\McAfee', '*', true);
DeleteFileMask('C:\ProgramData\Norton', '*', true);
DeleteFileMask('C:\ProgramData\RealtekHD', '*', true);
DeleteFileMask('C:\ProgramData\Setup', '*', true);
DeleteFileMask('C:\ProgramData\Windows', '*', true);
DeleteFileMask('C:\ProgramData\WindowsTask', '*', true);
DeleteFileMask('C:\Windows\speechstracing', '*', true);
DeleteDirectory('C:\AdwCleaner');
DeleteDirectory('C:\Program Files\AVAST Software');
DeleteDirectory('C:\Program Files\AVG');
DeleteDirectory('C:\Program Files\ByteFence');
DeleteDirectory('C:\Program Files\Cezurity');
DeleteDirectory('C:\Program Files\Common Files\McAfee');
DeleteDirectory('C:\Program Files\COMODO');
DeleteDirectory('C:\Program Files\Enigma Software Group');
DeleteDirectory('C:\Program Files\ESET');
DeleteDirectory('C:\Program Files\Kaspersky Lab');
DeleteDirectory('C:\Program Files\Malwarebytes');
DeleteDirectory('C:\Program Files\SpyHunter');
DeleteDirectory('C:\ProgramData\360safe');
DeleteDirectory('C:\ProgramData\AVAST Software');
DeleteDirectory('C:\ProgramData\Avira');
DeleteDirectory('C:\ProgramData\Doctor Web');
DeleteDirectory('C:\ProgramData\ESET');
DeleteDirectory('C:\ProgramData\Indus');
DeleteDirectory('C:\ProgramData\install');
DeleteDirectory('C:\ProgramData\Kaspersky Lab Setup Files');
DeleteDirectory('C:\ProgramData\Kaspersky Lab');
DeleteDirectory('C:\ProgramData\Malwarebytes');
DeleteDirectory('C:\ProgramData\MB3Install');
DeleteDirectory('C:\ProgramData\McAfee');
DeleteDirectory('C:\ProgramData\Norton');
DeleteDirectory('C:\ProgramData\RealtekHD');
DeleteDirectory('C:\ProgramData\Setup');
DeleteDirectory('C:\ProgramData\Windows');
DeleteDirectory('C:\ProgramData\WindowsTask');
DeleteDirectory('C:\Windows\speechstracing');
end;
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\Programdata\RealtekHD\taskhostw.exe', '');
DeleteSchedulerTask('Microsoft\Windows\Wininet\Taskhost');
DeleteSchedulerTask('Microsoft\Windows\Wininet\Taskhostw');
AV_block_remove;
ExecuteSysClean;
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(false);
end.
Не ждите, читайте инструкции внимательно:жду что скажете
Повторите логи по правилам. Для повторной диагностики запустите снова Autologger
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [10] = Cezurity_Scanner_Pro_Free.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [11] = Cube.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [1] = eav_trial_rus.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [2] = avast_free_antivirus_setup_online.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [3] = eis_trial_rus.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [4] = essf_trial_rus.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [5] = hitmanpro_x64.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [6] = ESETOnlineScanner_UKR.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [7] = ESETOnlineScanner_RUS.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [8] = HitmanPro.exe (disabled)
O7 - Policy: HKCU\..\Policies\Explorer\DisallowRun: [9] = 360TS_Setup_Mini.exe (disabled)
O7 - Taskbar policy: HKCU\..\Policies\Explorer: [DisallowRun] = 1
O26 - Debugger: HKLM\..\CompatTelRunner.exe: [Debugger] = C:\Windows\system32\systray.exe
O26 - Debugger: HKLM\..\SecurityHealthService.exe: [Debugger] = C:\Windows\system32\systray.exe
Start::
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-19059360-2955525447-3061947606-1001\...\MountPoints2: {91615183-e4ed-11ea-9d04-a8a15929450e} - "F:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Task: {AE0CE468-AFE3-4C95-9B05-F9BED9B370D8} - \OneDrive Standalone Update Task-S-1-5-21-19059360-2955525447-3061947606-1001 -> No File <==== ATTENTION
Task: {B8926648-9F98-43B5-82F5-0F70B9DC45F5} - \OneDrive Standalone Update Task-S-1-5-21-19059360-2955525447-3061947606-1002 -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\ProgramData\RunDLL
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\ProgramData\grizzly
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\Program Files (x86)\360
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 __SHD C:\KVRT_Data
2020-09-30 18:02 - 2020-09-30 18:02 - 000000000 ____D C:\ProgramData\System32
AlternateDataStreams: C:\Users\timau\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\timau\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
FirewallRules: [{E3E470AC-1A20-4643-9CC9-73444E4B58CA}] => (Block) LPort=445
FirewallRules: [{5310553F-7780-484F-9301-53580D73EC70}] => (Block) LPort=445
FirewallRules: [{3BA3D99D-8F37-4279-83E4-AA77757F2E99}] => (Block) LPort=139
FirewallRules: [{99BBB97F-909B-41CA-9727-111ECC1D3435}] => (Block) LPort=139
FirewallRules: [{82240DBC-79EB-4091-AD2A-046CC38DF21C}] => (Block) LPort=445
FirewallRules: [{3A37E130-F46F-43B1-85F7-2C5B1DA23C68}] => (Block) LPort=445
FirewallRules: [{C01E61C1-38DD-44AF-BD9C-3E031C74E694}] => (Block) LPort=139
FirewallRules: [{E8998F8F-52CB-4D72-BD7A-8F279278E60A}] => (Block) LPort=139
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::
1) MBAM это скорее не антивирус, а дополнение к антивирусу.Смог поставить антивирус, пока ничего не помещаю в карантин и не удаляю, жду что скажете
А вы зачем-то четырежды выполнилиНажмите Fix один раз (!)
Я дурачок просто, сначала просто сделал текстовый документ и выполнил, потом, подумал что расширение файла указал в названии, потом решил проверить кодировку, в конце концов, через блокнот сделал, проверив кодировку и название файла xDА вы зачем-то четырежды выполнили
Ссылку на тот офис, можете мне в ЛС скинуть?Скачал с рутрекера офис, всё бы ничего, с ним прихватил вирусов, в том числе майнер, который грузил систему и прятался под дровами Realtek
Уже нетуСсылку на тот офис, можете мне в ЛС скинуть?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?