Помогите, прогамы и браузеры устанавливаються сами по себе, тьма вирусов и троянов, ничего не помагает.
Помогите, прогамы и браузеры устанавливаються сами по себе, тьма вирусов и троянов, ничего не помагает.
Уважаемый(ая) F1la, спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
YAC (Yet Another Cleaner!) удалите через Установку программ
Выполните скрипт в AVZ
Будет выполнена перезагрузка компьютера.Код:begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); if not IsWOW64 then begin SearchRootkit(true, true); SetAVZGuardStatus(True); end; QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\psuser.dll',''); QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\psmachine.dll',''); QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll',''); QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdateres_en.dll',''); QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll',''); QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe',''); QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe',''); QuarantineFile('C:\Program Files\elex-tech\yac\libcurl.dll',''); QuarantineFile('C:\Program Files\elex-tech\yac\isafechlp.dll',''); QuarantineFile('C:\Program Files\elex-tech\yac\ipcproxy.dll',''); QuarantineFile('C:\Program Files\elex-tech\yac\curlpp.dll',''); QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe',''); QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe',''); QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-5.exe',''); QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-11.exe',''); QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-10.exe',''); QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-7.exe',''); QuarantineFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-6.exe',''); QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe',''); QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe',''); QuarantineFile('C:\Program Files\CinemaPlus-3.2cV16.10\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.exe',''); QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.10\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.exe',''); QuarantineFile('C:\Program Files\CinemaPlus-3.2cV06.10\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.xoferif.bat',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.erolpxei.bat',''); QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.emorhc.bat',''); QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010075\upgmsd_re_005010075.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010073\upgmsd_re_005010073.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010071\upgmsd_re_005010071.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010070\upgmsd_re_005010070.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010066\upgmsd_re_005010066.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010064\upgmsd_re_005010064.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010038\upgmsd_re_005010038.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010024\upgmsd_re_005010024.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010023.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010022.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010001\upgmsd_re_005010001.exe',''); QuarantineFile('C:\Program Files\gmsd_re_005010075\gmsd_re_005010075.exe',''); QuarantineFile('C:\Program Files\gmsd_re_005010073\gmsd_re_005010073.exe',''); QuarantineFile('C:\Program Files\gmsd_re_005010071\gmsd_re_005010071.exe',''); QuarantineFile('C:\Program Files\gmsd_re_005010070\gmsd_re_005010070.exe',''); QuarantineFile('C:\Program Files\gmsd_re_005010066\gmsd_re_005010066.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe',''); QuarantineFile('c:\docume~1\alluse~1\dxlorckjz.exe',''); QuarantineFile('C:\DOCUME~1\ALENA_~1\LOCALS~1\Temp\hnszs0.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010111\upgmsd_re_005010111.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010109\upgmsd_re_005010109.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010099\upgmsd_re_005010099.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010090\upgmsd_re_005010090.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010089\upgmsd_re_005010089.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010087\upgmsd_re_005010087.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010083\upgmsd_re_005010083.exe',''); DeleteService('QMUdisk'); DeleteService('TSSK'); DeleteService('iSafeKrnlBoot'); SetServiceStart('iSafeKrnl', 4); SetServiceStart('iSafeKrnlKit', 4); SetServiceStart('iSafeKrnlMon', 4); SetServiceStart('iSafeKrnlR3', 4); SetServiceStart('iSafeNetFilter', 4); DeleteService('iSafeNetFilter'); DeleteService('iSafeKrnlR3'); DeleteService('iSafeKrnlMon'); DeleteService('iSafeKrnlKit'); DeleteService('iSafeKrnl'); SetServiceStart('cicebyfe', 4); SetServiceStart('fequqegu', 4); SetServiceStart('gyfywiky', 4); SetServiceStart('hyqerywy', 4); SetServiceStart('myfohexe', 4); SetServiceStart('lomuxexu', 4); SetServiceStart('rutexypo', 4); SetServiceStart('SSFK', 4); SetServiceStart('tifunuvo', 4); SetServiceStart('totetucy', 4); SetServiceStart('tukyhohi', 4); SetServiceStart('velykupe', 4); SetServiceStart('WdsManPro', 4); SetServiceStart('xifekule', 4); SetServiceStart('xohihegy', 4); DeleteService('zedepory'); DeleteService('zegylute'); DeleteService('xohihegy'); DeleteService('xifekule'); DeleteService('WdsManPro'); DeleteService('velykupe'); DeleteService('tukyhohi'); DeleteService('totetucy'); DeleteService('tifunuvo'); DeleteService('SSFK'); DeleteService('rutexypo'); DeleteService('myfohexe'); DeleteService('lomuxexu'); DeleteService('hyqerywy'); DeleteService('gyfywiky'); DeleteService('fequqegu'); DeleteService('cicebyfe'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsb169.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd103f.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd6dd.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knse261.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsg5f6.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsh3fd.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knslef8.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsm11a9.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn850.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn88e.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsp3a0.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knss77f.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsw367.tmp'); TerminateProcessByName('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsy1db.tmp'); TerminateProcessByName('c:\program files\sfk\ssfk.exe'); TerminateProcessByName('c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe'); QuarantineFile('c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe',''); QuarantineFile('c:\program files\sfk\ssfk.exe',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsy1db.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsw367.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knss77f.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsp3a0.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn88e.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn850.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsm11a9.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knslef8.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsh3fd.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsg5f6.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knse261.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd6dd.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd103f.tmp',''); QuarantineFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsb169.tmp',''); TerminateProcessByName('c:\program files\elex-tech\yac\isafetray.exe'); QuarantineFile('c:\program files\elex-tech\yac\isafetray.exe',''); DeleteFile('c:\program files\elex-tech\yac\isafetray.exe','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsb169.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd103f.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsd6dd.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knse261.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsg5f6.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsh3fd.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knslef8.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsm11a9.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn850.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsn88e.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsp3a0.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knss77f.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsw367.tmp','32'); DeleteFile('c:\program files\c8fd3271-1434113784-11e0-8319-10e12c0000fd\knsy1db.tmp','32'); DeleteFile('c:\program files\sfk\ssfk.exe','32'); DeleteFile('c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\curlpp.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iCommon.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iCommu.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iImportLib.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\ipcproxy.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeAdless.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeBase.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\isafesopt.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeSrvMon.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\isafeupbiz.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSvc.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\tws\twsupd.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\tws\twsdk.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\tws\tsc.dll','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys','32'); DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys','32'); DeleteFile('C:\WINDOWS\system32\DRIVERS\iSafeNetFilter.sys','32'); DeleteFile('zedepory.sys','32'); DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMUdisk.sys','32'); DeleteFile('C:\WINDOWS\system32\tssk.sys','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010083\upgmsd_re_005010083.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010087\upgmsd_re_005010087.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010089\upgmsd_re_005010089.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010090\upgmsd_re_005010090.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010099\upgmsd_re_005010099.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010109\upgmsd_re_005010109.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010111\upgmsd_re_005010111.exe','32'); DeleteFile('C:\DOCUME~1\ALENA_~1\LOCALS~1\Temp\hnszs0.exe','32'); DeleteFile('c:\docume~1\alluse~1\dxlorckjz.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','11106'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','System'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','AppsHat'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010111.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010109.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010099.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010090.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010089.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010087.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_005010083.exe'); DeleteFile('C:\Program Files\gmsd_re_005010066\gmsd_re_005010066.exe','32'); DeleteFile('C:\Program Files\gmsd_re_005010070\gmsd_re_005010070.exe','32'); DeleteFile('C:\Program Files\gmsd_re_005010071\gmsd_re_005010071.exe','32'); DeleteFile('C:\Program Files\gmsd_re_005010073\gmsd_re_005010073.exe','32'); DeleteFile('C:\Program Files\gmsd_re_005010075\gmsd_re_005010075.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010075','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010073','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010071','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010070','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_re_005010066','command'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010001\upgmsd_re_005010001.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010022.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010022\upgmsd_re_005010023.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010024\upgmsd_re_005010024.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010038\upgmsd_re_005010038.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010064\upgmsd_re_005010064.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010066\upgmsd_re_005010066.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010070\upgmsd_re_005010070.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010071\upgmsd_re_005010071.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010075\upgmsd_re_005010075.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\gmsd_re_005010073\upgmsd_re_005010073.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010075.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010073.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010071.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010070.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010066.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010064.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010038.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010024.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010023.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010022.exe','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_re_005010001.exe','command'); DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.emorhc.bat','32'); DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.erolpxei.bat','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Browsers\exe.xoferif.bat','32'); DeleteFile('C:\Program Files\CinemaPlus-3.2cV06.10\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.exe','32'); DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.10\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.exe','32'); DeleteFile('C:\Program Files\CinemaPlus-3.2cV16.10\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.exe','32'); DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32'); DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32'); DeleteFile('C:\WINDOWS\Tasks\Crossbrowse.job','32'); DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP3.job','32'); DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP2.job','32'); DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP1.job','32'); DeleteFile('C:\WINDOWS\Tasks\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.job','32'); DeleteFile('C:\WINDOWS\Tasks\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.job','32'); DeleteFile('C:\WINDOWS\Tasks\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.job','32'); DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-6.exe','32'); DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-7.exe','32'); DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-10.exe','32'); DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-11.exe','32'); DeleteFile('C:\Program Files\App Lid\f7371477-9fb3-4b54-b09a-6c71da393cf5-5.exe','32'); DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32'); DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe','32'); DeleteFile('C:\WINDOWS\Tasks\MyBrowser.job','32'); DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job','32'); DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job','32'); DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-5.job','32'); DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-11.job','32'); DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-10_user.job','32'); DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-7.job','32'); DeleteFile('C:\WINDOWS\Tasks\f7371477-9fb3-4b54-b09a-6c71da393cf5-1-6.job','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsc144.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsd553.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nse130.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nseA6.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsg10B.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsgAC.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsgD5.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nshDB.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nslD05.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsmEA.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsnF0.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nso129.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsp389.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsq7D4.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsr135A.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsrAF.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsrFE.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsu108.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsuF2.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsx551.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsy104.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsyCA.tmp\blowfish.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Temp\nsz120.tmp\blowfish.dll','32'); DeleteFile('C:\Program Files\elex-tech\yac\curlpp.dll','32'); DeleteFile('C:\Program Files\elex-tech\yac\ipcproxy.dll','32'); DeleteFile('C:\Program Files\elex-tech\yac\isafechlp.dll','32'); DeleteFile('C:\Program Files\elex-tech\yac\libcurl.dll','32'); DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe','32'); DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe','32'); DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll','32'); DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdateres_en.dll','32'); DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll','32'); DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\psmachine.dll','32'); DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\psuser.dll','32'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(false); end.
Выполните скрипт в AVZ
c:\quarantine.zip пришлите по красной ссылке Прислать запрошенный карантин над первым сообщением в Вашей теме.Код:begin CreateQurantineArchive('c:\quarantine.zip'); end.
Сделайте лог CheckBrowsers' Lnk
Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
День добрый! YAC удалился только с помощью Uninstall tool. Остальные инструкции выполнил. Карантин переслал. Вот новые логи. :
- - - - -Добавлено - - - - -
Этот лог добавляю тоже -
Выполните скрипт в AVZ:
После перезагрузки выполните скрипт:Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); TerminateProcessByName('c:\documents and settings\alena_kharchenko\application data\tsv\tsvr.exe'); TerminateProcessByName('c:\documents and settings\alena_kharchenko\local settings\application data\c8fd3271-1445009795-11e0-8319-10e12c0000fd\qnsu4e1.tmp'); TerminateProcessByName('c:\program files\mybrowser\mybrowser\application\mybrowser.exe'); SetServiceStart('IhPul', 4); SetServiceStart('hidekoqe', 4); StopService('IhPul'); StopService('hidekoqe'); QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk',''); QuarantineFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk',''); QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_elf.dll',''); QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome.dll',''); QuarantineFile('c:\documents and settings\alena_kharchenko\application data\tsv\tsvr.exe',''); QuarantineFile('c:\documents and settings\alena_kharchenko\local settings\application data\c8fd3271-1445009795-11e0-8319-10e12c0000fd\qnsu4e1.tmp',''); QuarantineFile('c:\program files\mybrowser\mybrowser\application\mybrowser.exe',''); DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk'); DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome.dll','32'); DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_elf.dll','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Local Settings\Application Data\C8FD3271-1445009795-11E0-8319-10E12C0000FD\qnsu4E1.tmp','32'); DeleteFile('C:\Documents and Settings\alena_kharchenko\Application Data\TSv\TSvr.exe','32'); DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe','32'); DeleteFile('C:\WINDOWS\Tasks\MyBrowser.job','32'); DeleteFile('C:\Program Files\mybrowser\mybrowser\application\utility.exe','32'); DelBHO('{f9bf7bc2-f584-4dd2-af27-4600ec3c82da}'); DelBHO('{f51af219-4450-4d70-ac72-35c7a5cb2c27}'); DelBHO('{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}'); DelBHO('{cae4b0cb-e8de-49bf-b683-59846133444a}'); DelBHO('{8984B388-A5BB-4DF7-B274-77B879E179DB}'); DelBHO('{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}'); DelBHO('{40ea9bfb-e783-4497-83ea-41faccc128dd}'); DelBHO('{35c3a411-0be7-4910-90dd-ee7b434ab503}'); DelBHO('{10921475-03CE-4E04-90CE-E2E7EF20C814}'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_4DE953975DDD8C6998A57FF365CA943F'); DeleteService('IhPul'); DeleteService('hidekoqe'); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(3); ExecuteRepair(4); ExecuteWizard('SCU',2,2,true); RebootWindows(true); end.
Загрузите quarantine.zip из папки AVZ по красной ссылке вверху темы Прислать запрошенный карантинКод:begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end.
- Сделайте повторные логи по правилам п.2 и 3 раздела Диагностика.(virusinfo_syscheck.zip;hijackthis.log )
- Скачайте ClearLNK и сохраните архив с утилитой на рабочем столе.
- Распакуйте архив с утилитой в отдельную папку.
- Перенесите Check_Browsers_LNK.log на ClearLNK как показано на рисунке
- Отчет о работе ClearLNK-<Дата>.log будет сохранен в папке LOG.
- Прикрепите этот отчет к своему следующему сообщению.
Virusinfo - за чистый Интернет.
Делай добро и бросай его в воду.
Извините за накладки, далек просто от этой сферы.
Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
- Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
- Убедитесь, что под окном Optional Scan отмечены "List BCD", "Driver MD5" и "90 Days Files".
- Нажмите кнопку Scan.
- После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
- Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.
Virusinfo - за чистый Интернет.
Делай добро и бросай его в воду.
Спасибо за терпение. Вот сделал сканы -
- Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
Код:CreateRestorePoint: CloseProcesses: CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms} SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21073&r=2015/01/12&hid=831997748575875411&lg=EN&cc=UA&unqvl=74 SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439994324&z=478b2ecdde686cfcbef1323g2z9cet0tft6z0g4b5z&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {77F2B683-BFE4-4140-A5D5-3004C16E3A8F} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {77F2B683-BFE4-4140-A5D5-3004C16E3A8F},Codepage,0x10001,e3,04,00,00 URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {E54128C6-3DD5-434B-ABE0-37640C57F572} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHM320HJ_S2AUJDNB208641&ts=1438684126&type=default&q={searchTerms} Toolbar: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File Toolbar: HKU\S-1-5-21-1993962763-1060284298-1417001333-1003 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File CinemaPlus-3.2cV06.10 (HKLM\...\CinemaPlus-3.2cV06.10) (Version: 1.36.01.22 - Cinema PlusV06.10) <==== ATTENTION CinemaPlus-3.2cV14.10 (HKLM\...\CinemaPlus-3.2cV14.10) (Version: 1.36.01.22 - Cinema PlusV14.10) <==== ATTENTION CinemaPlus-3.2cV16.10 (HKLM\...\CinemaPlus-3.2cV16.10) (Version: 1.36.01.22 - Cinema PlusV16.10) <==== ATTENTION MSCONFIG\startupreg: gmsd_re_005010001 => MSCONFIG\startupreg: gmsd_re_005010023 => MSCONFIG\startupreg: gmsd_re_005010024 => MSCONFIG\startupreg: gmsd_re_005010038 => MSCONFIG\startupreg: gmsd_re_005010050 => MSCONFIG\startupreg: gmsd_re_005010064 => MSCONFIG\startupreg: gmsd_re_005010066 => MSCONFIG\startupreg: gmsd_re_005010070 => MSCONFIG\startupreg: gmsd_re_005010071 => MSCONFIG\startupreg: gmsd_re_005010073 => MSCONFIG\startupreg: gmsd_re_005010075 => MSCONFIG\startupreg: upgmsd_re_005010001.exe => MSCONFIG\startupreg: upgmsd_re_005010022.exe => MSCONFIG\startupreg: upgmsd_re_005010023.exe => MSCONFIG\startupreg: upgmsd_re_005010024.exe => MSCONFIG\startupreg: upgmsd_re_005010038.exe => MSCONFIG\startupreg: upgmsd_re_005010064.exe => MSCONFIG\startupreg: upgmsd_re_005010066.exe => MSCONFIG\startupreg: upgmsd_re_005010070.exe => MSCONFIG\startupreg: upgmsd_re_005010071.exe => MSCONFIG\startupreg: upgmsd_re_005010073.exe => MSCONFIG\startupreg: upgmsd_re_005010075.exe => EmptyTemp: Reboot:- Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
- Обратите внимание, что компьютер будет перезагружен.
Virusinfo - за чистый Интернет.
Делай добро и бросай его в воду.
Вот, все сделал -
Сделайте лог полного сканирования МВАМ
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Здравствуйте, вот лог -
Он пустой, переделайте нормально.
Virusinfo - за чистый Интернет.
Делай добро и бросай его в воду.
MBAM обновил, все сделал по инструкции, в тхт не сохраняет, только в хмл.
Снимок3.jpg
Снимок4.jpg
Задаем Имя файлу. В случае на картинке "MBAM"
Снимок5.jpg
Результат.
Virusinfo - за чистый Интернет.
Делай добро и бросай его в воду.
Статистика проведенного лечения:
- Получено карантинов: 2
- Обработано файлов: 195
- В ходе лечения обнаружены вредоносные программы:
- c:\documents and settings\alena_kharchenko\application data\browsers\exe.emorhc.bat - Trojan-Clicker.BAT.Small.bv ( DrWEB: BAT.Hosts.147 )
- c:\documents and settings\alena_kharchenko\application data\browsers\exe.erolpxei.bat - Trojan-Clicker.BAT.Small.bv ( DrWEB: BAT.Hosts.147 )
- c:\documents and settings\alena_kharchenko\application data\microsoft\internet explorer\quick launch\mail.ru.lnk - HEUR:Trojan.WinLNK.StartPage.gena
- c:\documents and settings\alena_kharchenko\application data\microsoft\internet explorer\quick launch\запустить обозреватель internet explorer.lnk - HEUR:Trojan.WinLNK.StartPage.gena
- c:\documents and settings\alena_kharchenko\local settings\application data\c8fd3271-1445009795-11e0-8319-10e12c0000fd\qnsu4e1.tmp - not-a-virus:AdWare.Win32.ConvertAd.bai ( AVAST4: Win32:Rootkit-gen [Rtk] )
- c:\documents and settings\all users\application data\wwdsmanprow\wdsmanpro.exe - not-a-virus:AdWare.Win32.WProtManager.bw
- c:\program files\cinemaplus-3.2cv06.10\04a128ed-6b7c-4870-bbd3-2b33d649d584-5.exe - not-a-virus:WebToolbar.Win32.CrossRider.amqa ( BitDefender: Gen:Application.Heur.hv1@k0WdKEiO )
- c:\program files\cinemaplus-3.2cv14.10\32f044ed-0bad-4d7c-bc31-f8791b2e73f0-5.exe - not-a-virus:WebToolbar.Win32.CrossRider.amqa ( BitDefender: Gen:Application.Heur.@u1@kyYs8EpO )
- c:\program files\cinemaplus-3.2cv16.10\55b2c7e1-18fb-4ea8-b9b0-598855c4764c-5.exe - not-a-virus:WebToolbar.Win32.CrossRider.amqa ( BitDefender: Gen:Application.Heur.@u1@kORN3!fO )
- c:\program files\globalupdate\update\1.3.25.0\globalupdatebro ker.exe - not-a-virus:AdWare.Win32.Goopdate.a ( DrWEB: Adware.Boxore.2 )
- c:\program files\globalupdate\update\1.3.25.0\globalupdateond emand.exe - not-a-virus:AdWare.Win32.Goopdate.b ( DrWEB: Adware.Boxore.2 )
- c:\program files\globalupdate\update\1.3.25.0\goopdate.dll - not-a-virus:AdWare.Win32.Goopdate.c
- c:\program files\globalupdate\update\1.3.25.0\goopdateres_en. dll - not-a-virus:AdWare.Win32.Goopdate.d
- c:\program files\globalupdate\update\1.3.25.0\npglobalupdateu pdate4.dll - not-a-virus:AdWare.Win32.Goopdate.e
- c:\program files\globalupdate\update\1.3.25.0\psmachine.dll - not-a-virus:AdWare.Win32.Goopdate.f
- c:\program files\globalupdate\update\1.3.25.0\psuser.dll - not-a-virus:AdWare.Win32.Goopdate.f
- c:\program files\mybrowser\mybrowser\application\utility.exe - not-a-virus:WebToolbar.Win32.CrossRider.anvj
- c:\program files\sfk\ssfk.exe - not-a-virus:AdWare.Win32.ELEX.el
Уважаемый(ая) F1la, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.