зайдите в папку C:\KVRT_Data\ (C:\ это обычно раздел, где установлена работающая версия Windows), упакуйте папку Reports в архив и прикрепите к теме
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\Windows\fonts\web\winlogon.exe', '');
QuarantineFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe', '');
QuarantineFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe', '');
QuarantineFileF('c:\windows\inf\netlibrariestip', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0 , 0);
DeleteFile('C:\Windows\fonts\web\winlogon.exe', '');
DeleteFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe', '64');
DeleteFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe', '64');
DeleteService('spoolsrvrs');
DeleteService('werlsfks');
DeleteFileMask('c:\windows\inf\netlibrariestip', '*', true);
DeleteDirectory('c:\windows\inf\netlibrariestip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Чужих отключите или удалите.Администратор (S-1-5-21-1059769853-3356805956-1698328376-500 - Administrator - Enabled)
programmist (S-1-5-21-2799904735-574015448-2393237492-1151 - Administrator - Enabled) => C:\Users\programmist
sql_runner (S-1-5-21-2799904735-574015448-2393237492-1156 - Administrator - Enabled) => C:\Users\sql_runner
lemma (S-1-5-21-2799904735-574015448-2393237492-1113 - Administrator - Enabled) => C:\Users\lemma
isol (S-1-5-21-2799904735-574015448-2393237492-1261 - Administrator - Enabled) => C:\Users\isol
Start::
IFEO\sethc.exe: [Debugger] seth.exe
Task: {ACA69260-5FE7-4EFD-BDCE-5CAB4E093CD5} - \Microsoft\Windows\EntityFramework\NetLibrary -> No File <==== ATTENTION
S2 spoolsrvrs; C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe [X]
S2 werlsfks; C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe [X]
C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe
C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe
End::
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?