помогите удалить расширение не от гугл магазина Adobe DTM Switch 1.0 [not-a-virus:AdWare.Win32.Agent.dujt, not-a-virus:AdWare.Win32.DealPly.y ]

[Nsnikita]

сделал как просили архив тоже вложил помогите прошуу

[Info_bot]

Уважаемый(ая) Nsnikita, спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.

[Nsnikita]

я уже сделал все как просили !

- - - - -Добавлено - - - - -

я же сделал как просили

[thyrex]

Выполните скрипт в AVZ

Код:

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
 then
  begin
   SearchRootkit(true, true);
   SetAVZGuardStatus(True);
  end;
QuarantineFile('C:\Users\user\appdata\roaming\newsi_10\s_inst.exe','');
 QuarantineFile('C:\Users\user\appdata\roaming\newsi_2\s_inst.exe','');
 QuarantineFile('C:\Users\user\AppData\Roaming\Oxy\Updater.exe','');
 QuarantineFile('C:\Users\user\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','');
 QuarantineFile('C:\Users\user\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE','');
 DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
 QuarantineFile('C:\Program Files (x86)\SupTab\SupTab.dll','');
 QuarantineFile('C:\iexplore.bat','');
 QuarantineFile('C:\Users\user\AppData\Local\Mail.ru\Sputnik\ptls\SPLyrr8cswzy.exe','');
 QuarantineFile('C:\PROGRA~2\SupTab\SEARCH~2.DLL','');
 QuarantineFile('C:\PROGRA~2\SupTab\SEARCH~1.DLL','');
 DeleteService('RgFltX64');
 QuarantineFile('C:\Users\user\AppData\Local\InterpreterLogNet\RgFltX64.sys','');
 QuarantineFile('C:\Users\user\AppData\Local\DaemonDashboardRoot\RegFltrX64.sys','');
 DeleteService('RegFltrX64');
 SetServiceStart('{7f2b4ad0-671a-477b-bcd4-79d041f50d27}w64', 4);
 DeleteService('{7f2b4ad0-671a-477b-bcd4-79d041f50d27}w64');
 SetServiceStart('{3f538614-b636-4023-9ec2-564ada4b07b3}w64', 4);
 DeleteService('{3f538614-b636-4023-9ec2-564ada4b07b3}w64');
 DeleteService('savesenselive');
 DeleteService('savesenselivem');
 QuarantineFile('C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\PythonRawSchema\PythonRawSchema.exe','');
 DeleteService('PythonRawSchema.exe');
 DeleteService('PirritDesktop');
 QuarantineFile('C:\Users\user\AppData\Local\PirritSuggestor\PirritService.exe','');
 QuarantineFile('C:\ProgramData\IePluginServices\PluginService.exe','');
 DeleteService('IePluginServices');
 DeleteService('GammaPathProcess.exe');
 QuarantineFile('C:\Users\user\AppData\Local\GammaPathProcess\GammaPathProcess.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\FirmwarePathSnapshot\FirmwarePathSnapshot.exe','');
 QuarantineFile('C:\Program Files (x86)\GamesRS\GUpdater.exe','');
 DeleteService('GamesRS');
 DeleteService('FirmwarePathSnapshot.exe');
 QuarantineFile('C:\Users\user\AppData\Local\ExportInterpreterProcess\ExportInterpreterProcess.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\FileFormatPublic\FileFormatPublic.exe','');
 DeleteService('FileFormatPublic.exe');
 DeleteService('ExportInterpreterProcess.exe');
 DeleteService('EncondingNetPrivacy.exe');
 QuarantineFile('C:\Users\user\AppData\Local\EncondingNetPrivacy\EncondingNetPrivacy.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\1d8a31c2a4d5661768b78c9960de7021\e63cc85d2a95a42.exe','');
 DeleteService('e63cc85d2a95a42.exe');
 DeleteService('e5907fa8bb95fbd.exe');
 QuarantineFile('C:\Users\user\AppData\Local\b6419cf7289e34bd4280438ad57a2050\e5907fa8bb95fbd.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\DashboardDirect3dWin32\DashboardDirect3dWin32.exe','');
 DeleteService('DashboardDirect3dWin32.exe');
 DeleteService('DashboardDebuggerWin32.exe');
 QuarantineFile('C:\Users\user\AppData\Local\DashboardDebuggerWin32\DashboardDebuggerWin32.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\CopySDKThumbnail\CopySDKThumbnail.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\CursorMotionSamba\CursorMotionSamba.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\DaemonDashboardRoot\DaemonDashboardRoot.exe','');
 DeleteService('DaemonDashboardRoot.exe');
 DeleteService('CursorMotionSamba.exe');
 DeleteService('CopySDKThumbnail.exe');
 DeleteService('ControlCursorWiget.exe');
 QuarantineFile('C:\Users\user\AppData\Local\ControlCursorWiget\ControlCursorWiget.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\CompileDebugRuntime\CompileDebugRuntime.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\CompilerFrozenWiget\CompilerFrozenWiget.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\ContextualDebugEnconding\ContextualDebugEnconding.exe','');
 DeleteService('ContextualDebugEnconding.exe');
 DeleteService('CompilerFrozenWiget.exe');
 DeleteService('CompileDebugRuntime.exe');
 SetServiceStart('CommandOpenSyntax.exe', 4);
 DeleteService('CommandOpenSyntax.exe');
 QuarantineFile('C:\Users\user\AppData\Local\CommandOpenSyntax\CommandOpenSyntax.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\CommandDefaultMotion\CommandDefaultMotion.exe','');
 DeleteService('CommandDefaultMotion.exe');
 DeleteService('bebe4cf6302fe81.exe');
 QuarantineFile('C:\Users\user\AppData\Local\98a8cbe41449d5e7e077db1ebc736e5f\bebe4cf6302fe81.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\BackupQuickRuby\BackupQuickRuby.exe','');
 DeleteService('BackupQuickRuby.exe');
 DeleteService('AppStartText.exe');
 QuarantineFile('C:\Users\user\AppData\Local\AppStartText\AppStartText.exe','');
 QuarantineFile('C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe','');
 DeleteService('AdobeActiveFileMonitor11.0');
 QuarantineFile('C:\Users\user\AppData\Local\6e0e44ea72c6370ce712ec4de848b1d2\9ceefa9015041bf.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\6545388f8d80595780c692fafc99c425\6545388f8d80595780c692fafc99c425.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\c1d8e9c386eba04dd411286a5572ce7c\4a1871f42c5ee3a.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\17616387603d36c8f00809a3f27b9d49\250baf8bc0a4b82.exe','');
 SetServiceStart('InterpreterLogNet.exe', 4);
 DeleteService('InterpreterLogNet.exe');
 DeleteService('9ceefa9015041bf.exe');
 DeleteService('6545388f8d80595780c692fafc99c425.exe');
 DeleteService('4a1871f42c5ee3a.exe');
 DeleteService('250baf8bc0a4b82.exe');
 TerminateProcessByName('c:\users\user\appdata\local\interpreterlognet\interpreterlognet.exe');
 QuarantineFile('c:\users\user\appdata\local\interpreterlognet\interpreterlognet.exe','');
 QuarantineFile('C:\Windows\system32\drivers\{7f2b4ad0-671a-477b-bcd4-79d041f50d27}w64.sys','');
 QuarantineFile('C:\Windows\system32\drivers\{3f538614-b636-4023-9ec2-564ada4b07b3}w64.sys','');
 TerminateProcessByName('c:\users\user\appdata\local\microsoft\windows\system.exe');
 QuarantineFile('c:\users\user\appdata\local\microsoft\windows\system.exe','');
 DeleteFile('c:\users\user\appdata\local\microsoft\windows\system.exe','32');
 DeleteFile('C:\Windows\system32\drivers\{3f538614-b636-4023-9ec2-564ada4b07b3}w64.sys','32');
 DeleteFile('C:\Windows\system32\drivers\{7f2b4ad0-671a-477b-bcd4-79d041f50d27}w64.sys','32');
 DeleteFile('c:\users\user\appdata\local\interpreterlognet\interpreterlognet.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\17616387603d36c8f00809a3f27b9d49\250baf8bc0a4b82.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\c1d8e9c386eba04dd411286a5572ce7c\4a1871f42c5ee3a.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\6545388f8d80595780c692fafc99c425\6545388f8d80595780c692fafc99c425.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\6e0e44ea72c6370ce712ec4de848b1d2\9ceefa9015041bf.exe','32');
 DeleteFile('C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\AppStartText\AppStartText.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\BackupQuickRuby\BackupQuickRuby.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\98a8cbe41449d5e7e077db1ebc736e5f\bebe4cf6302fe81.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\CommandDefaultMotion\CommandDefaultMotion.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\CommandOpenSyntax\CommandOpenSyntax.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\ContextualDebugEnconding\ContextualDebugEnconding.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\CompilerFrozenWiget\CompilerFrozenWiget.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\CompileDebugRuntime\CompileDebugRuntime.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\ControlCursorWiget\ControlCursorWiget.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\DaemonDashboardRoot\DaemonDashboardRoot.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\CursorMotionSamba\CursorMotionSamba.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\CopySDKThumbnail\CopySDKThumbnail.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\DashboardDebuggerWin32\DashboardDebuggerWin32.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\DashboardDirect3dWin32\DashboardDirect3dWin32.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\b6419cf7289e34bd4280438ad57a2050\e5907fa8bb95fbd.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\1d8a31c2a4d5661768b78c9960de7021\e63cc85d2a95a42.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\EncondingNetPrivacy\EncondingNetPrivacy.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\FileFormatPublic\FileFormatPublic.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\ExportInterpreterProcess\ExportInterpreterProcess.exe','32');
 DeleteFile('C:\Program Files (x86)\GamesRS\GUpdater.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\FirmwarePathSnapshot\FirmwarePathSnapshot.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\GammaPathProcess\GammaPathProcess.exe','32');
 DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\PirritSuggestor\PirritService.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\PythonRawSchema\PythonRawSchema.exe','32');
 DeleteFile('C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe','32');
 DeleteFile('C:\Users\user\AppData\Local\DaemonDashboardRoot\RegFltrX64.sys','32');
 DeleteFile('C:\Users\user\AppData\Local\InterpreterLogNet\RgFltX64.sys','32');
 DeleteFile('C:\PROGRA~2\SupTab\SEARCH~1.DLL','32');
 DeleteFile('C:\PROGRA~2\SupTab\SEARCH~2.DLL','32');
 DeleteFile('C:\Users\user\AppData\Local\Mail.ru\Sputnik\ptls\SPLyrr8cswzy.exe','32');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SPLyrr8cswzy');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
 DeleteFile('C:\iexplore.bat','32');
 DeleteFile('C:\Program Files (x86)\SupTab\SupTab.dll','32');
 DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
 DeleteFile('C:\Windows\Tasks\APSnotifierCA.job','64');
 DeleteFile('C:\Windows\Tasks\Digital Sites.job','64');
 DeleteFile('C:\Windows\Tasks\SaveSense.job','64');
 DeleteFile('C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job','64');
 DeleteFile('C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job','64');
 DeleteFile('C:\Users\user\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE','32');
 DeleteFile('C:\Users\user\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','32');
 DeleteFile('C:\Windows\system32\Tasks\APSnotifierCA','64');
 DeleteFile('C:\Windows\system32\Tasks\Digital Sites','64');
 DeleteFile('C:\Windows\system32\Tasks\SaveSense','64');
 DeleteFile('C:\Windows\system32\Tasks\SaveSenseLiveUpdateTaskMachineCore','64');
 DeleteFile('C:\Windows\system32\Tasks\SaveSenseLiveUpdateTaskMachineUA','64');
 DeleteFile('C:\Windows\system32\Tasks\SystemScript','64');
 DeleteFile('C:\Users\user\appdata\roaming\newsi_2\s_inst.exe','32');
 DeleteFile('C:\Users\user\appdata\roaming\newsi_10\s_inst.exe','32');
 BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.

Компьютер перезагрузится.

Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин вверху темы

Сделайте новые логи

Сделайте лог ComboFix

[CyberHelper]

Статистика проведенного лечения:

• Получено карантинов: 1
• Обработано файлов: 10
• В ходе лечения обнаружены вредоносные программы:
  
  1. c:\program files (x86)\suptab\suptab.dll - not-a-virus:AdWare.Win32.Agent.aljt ( DrWEB: Trojan.Click3.8536, BitDefender: Adware.Agent.OFO, AVAST4: Win32:SupTab-G [Adw] )
  2. c:\users\user\appdata\local\microsoft\windows\syst em.exe - Trojan.Win32.Agentb.bhdk ( BitDefender: Trojan.GenericKD.1936258, AVAST4: Win32:Malware-gen )
  3. c:\users\user\appdata\roaming\digitalsites\updatep roc\updatetask.exe - not-a-virus:AdWare.Win32.DealPly.y ( DrWEB: Adware.Shopper.391, AVAST4: Win32:Rotbrow-B [Trj] )
  4. c:\users\user\appdata\roaming\digita~1\update~1\up date~1.exe - not-a-virus:AdWare.Win32.DealPly.y ( DrWEB: Adware.Shopper.391, AVAST4: Win32:Rotbrow-B [Trj] )
  5. c:\users\user\appdata\roaming\newsi_10\s_inst.exe - not-a-virus:AdWare.Win32.MMag.k ( DrWEB: Adware.Plugin.248, BitDefender: Adware.Generic.1036930 )
  6. c:\users\user\appdata\roaming\newsi_2\s_inst.exe - not-a-virus:AdWare.Win32.Agent.aljo ( DrWEB: Adware.Downware.4998 )
  7. c:\users\user\applic~1\digitalsites\updateproc\upd atetask.exe - not-a-virus:AdWare.Win32.DealPly.y ( DrWEB: Adware.Shopper.391, AVAST4: Win32:Rotbrow-B [Trj] )
  8. c:\users\user\applic~1\digita~1\update~1\update~1. exe - not-a-virus:AdWare.Win32.DealPly.y ( DrWEB: Adware.Shopper.391, AVAST4: Win32:Rotbrow-B [Trj] )
  9. c:\users\user\applic~1\savese~1\update~1\update~1. exe - not-a-virus:AdWare.Win32.Agent.dujt