Проблема с автозапуском браузера хром с адресом "maprut"

Printable View

02.05.2015, 11:05
Антон Лабзеев

Проблема с автозапуском браузера хром с адресом "maprut"

Здравствуйте. Помогите пожалуйста избавиться от автозагрузки браузера хром с адресом "maprut....". Лечение утилитой DrWEb к сожалению не помогло.
02.05.2015, 11:07
Info_bot

Уважаемый(ая) [B]Антон Лабзеев[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
02.05.2015, 11:37
thyrex

[url]http://virusinfo.info/pravila.html[/url]
02.05.2015, 22:04
Антон Лабзеев

Логи

[ATTACH]559141[/ATTACH][ATTACH]559142[/ATTACH][ATTACH]559143[/ATTACH]
03.05.2015, 11:32
thyrex

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files (x86)\YTDownloader\YTDownloader.exe','');
QuarantineFile('C:\Program Files (x86)\YTDownloader\updater.exe','');
QuarantineFile('C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1444\jsdrv.exe','');
QuarantineFile('C:\Program Files (x86)\ShopperPro\ShopperPro.exe','');
QuarantineFile('C:\Program Files (x86)\ShopperPro\updater.exe','');
QuarantineFile('C:\Users\user\AppData\Roaming\Dorrible\Ribble\d.exe','');
QuarantineFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','');
QuarantineFile('C:\Users\user\AppData\Roaming\ZZZzltPTE23ET3uqP.exe','');
QuarantineFile('C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe','');
QuarantineFile('C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe','');
QuarantineFile('C:\Users\user\AppData\Roaming\newSI_651\s_inst.exe','');
QuarantineFile('C:\Program Files (x86)\kong games\kong_games_updating_service.exe','');
QuarantineFile('C:\Program Files (x86)\kong games\kong_games_notification_service.exe','');
QuarantineFile('C:\Program Files (x86)\green game\green_game_updating_service.exe','');
QuarantineFile('C:\Program Files (x86)\green game\green_game_notification_service.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-7.exe','');
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-4.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-3.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-2.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-11.exe','');
QuarantineFile('C:\Program Files (x86)\Sense\Sense-codedownloader.exe','');
QuarantineFile('C:\Program Files (x86)\coupons and fun\coupons_and_fun_updating_service.exe','');
QuarantineFile('C:\Program Files (x86)\coupons and fun\coupons_and_fun_notification_service.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\c156bda9-04bd-481a-9a92-a48043392a25.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-6.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-7.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-5.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-4.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-2.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-11.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\bc3e5259-216b-45ab-922d-6380dea9f0d0.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\9e8bdad3-94bd-4f60-82df-08fea530a44b.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-7.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-6.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-5.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-4.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-3.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-2.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-11.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\CinemaPro-1.5cV14.12-codedownloader.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\3c8f6f0e-6368-414d-8f45-87b0fd282a1d.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-7.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-6.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-5.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-4.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-2.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-11.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe','');
DelBHO('{11111111-1111-1111-1111-110611191111}');
DelBHO('{11111111-1111-1111-1111-110611341129}');
DelBHO('{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}');
QuarantineFile('C:\ProgramData\ShopperPro\ShopperPro.dll','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-bho.dll','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\Ge-Force-bho.dll','');
QuarantineFile('C:\Users\user\AppData\Local\Kometa\kometaup.exe','');
DeleteService('SPDRIVER_1.38.0.1444');
QuarantineFile('C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1444\jsdrv.sys','');
QuarantineFile('C:\PROGRA~2\YTDOWN~1\sbmntr.sys','');
DeleteService('sbmntr');
TerminateProcessByName('c:\users\user\appdata\roaming\newsi_651\s_inst.exe');
QuarantineFile('c:\users\user\appdata\roaming\newsi_651\s_inst.exe','');
TerminateProcessByName('c:\program files (x86)\savepass 1.1\c156bda9-04bd-481a-9a92-a48043392a25.exe');
QuarantineFile('c:\program files (x86)\savepass 1.1\c156bda9-04bd-481a-9a92-a48043392a25.exe','');
DeleteFile('c:\program files (x86)\savepass 1.1\c156bda9-04bd-481a-9a92-a48043392a25.exe','32');
DeleteFile('c:\users\user\appdata\roaming\newsi_651\s_inst.exe','32');
DeleteFile('C:\PROGRA~2\YTDOWN~1\sbmntr.sys','32');
DeleteFile('C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1444\jsdrv.sys','32');
DeleteFile('C:\Program Files (x86)\Mobogenie\DaemonProcess.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon','command');
DeleteFile('C:\Users\user\AppData\Local\Kometa\kometaup.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kometaup','command');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','fskpggafre');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Search Protection','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','x64');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','x86');
DeleteFile('C:\Program Files (x86)\Ge-Force\Ge-Force-bho.dll','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-bho.dll','32');
DeleteFile('C:\ProgramData\ShopperPro\ShopperPro.dll','32');
DeleteFile('C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe','32');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-1.job','64');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-11.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-11.exe','32');
DeleteFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-2.exe','32');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-2.job','64');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-4.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-4.exe','32');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-5.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-5.exe','32');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-5_user.job','64');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-6.job','64');
DeleteFile('C:\Windows\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-7.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-6.exe','32');
DeleteFile('C:\Program Files (x86)\Ge-Force\18398d3a-475a-4d97-90a6-13c87cbed488-7.exe','32');
DeleteFile('C:\Windows\Tasks\3c8f6f0e-6368-414d-8f45-87b0fd282a1d.job','64');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-1.job','64');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\3c8f6f0e-6368-414d-8f45-87b0fd282a1d.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\CinemaPro-1.5cV14.12-codedownloader.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-11.exe','32');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-11.job','64');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-2.job','64');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-2.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-3.exe','32');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-3.job','64');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-4.job','64');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-4.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-5.exe','32');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-5.job','64');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-5_user.job','64');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-6.job','64');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-6.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\7991c6f5-120b-4a21-b081-8bc89b71c7f1-7.exe','32');
DeleteFile('C:\Windows\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-7.job','64');
DeleteFile('C:\Windows\Tasks\9e8bdad3-94bd-4f60-82df-08fea530a44b.job','64');
DeleteFile('C:\Program Files (x86)\CinemaPro-1.5cV14.12\9e8bdad3-94bd-4f60-82df-08fea530a44b.exe','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\bc3e5259-216b-45ab-922d-6380dea9f0d0.exe','32');
DeleteFile('C:\Windows\Tasks\bc3e5259-216b-45ab-922d-6380dea9f0d0.job','64');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-1.job','64');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-11.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-11.exe','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-2.exe','32');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-2.job','64');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-4.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-4.exe','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-5.exe','32');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-5.job','64');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-5_user.job','64');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-6.job','64');
DeleteFile('C:\Windows\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-7.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-7.exe','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\bd235320-55b3-4b4c-b65d-42e16109800c-6.exe','32');
DeleteFile('C:\Windows\Tasks\c156bda9-04bd-481a-9a92-a48043392a25.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\c156bda9-04bd-481a-9a92-a48043392a25.exe','32');
DeleteFile('C:\Windows\Tasks\coupons_and_fun_notification_service.job','64');
DeleteFile('C:\Program Files (x86)\coupons and fun\coupons_and_fun_notification_service.exe','32');
DeleteFile('C:\Windows\Tasks\coupons_and_fun_updating_service.job','64');
DeleteFile('C:\Program Files (x86)\coupons and fun\coupons_and_fun_updating_service.exe','32');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-1.job','64');
DeleteFile('C:\Program Files (x86)\Sense\Sense-codedownloader.exe','32');
DeleteFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-11.exe','32');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-11.job','64');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-2.job','64');
DeleteFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-2.exe','32');
DeleteFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-3.exe','32');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-3.job','64');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-4.job','64');
DeleteFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-4.exe','32');
DeleteFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5.exe','32');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5.job','64');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5_user.job','64');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.job','64');
DeleteFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe','32');
DeleteFile('C:\Windows\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-7.job','64');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','64');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe','32');
DeleteFile('C:\Program Files (x86)\Sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-7.exe','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','64');
DeleteFile('C:\Windows\Tasks\green_game_notification_service.job','64');
DeleteFile('C:\Program Files (x86)\green game\green_game_notification_service.exe','32');
DeleteFile('C:\Windows\Tasks\green_game_updating_service.job','64');
DeleteFile('C:\Program Files (x86)\green game\green_game_updating_service.exe','32');
DeleteFile('C:\Windows\Tasks\kong_games_notification_service.job','64');
DeleteFile('C:\Program Files (x86)\kong games\kong_games_notification_service.exe','32');
DeleteFile('C:\Program Files (x86)\kong games\kong_games_updating_service.exe','32');
DeleteFile('C:\Windows\Tasks\kong_games_updating_service.job','64');
DeleteFile('C:\Windows\Tasks\newSI_651.job','64');
DeleteFile('C:\Users\user\AppData\Roaming\newSI_651\s_inst.exe','32');
DeleteFile('C:\Windows\Tasks\quiz_games_notification_service.job','64');
DeleteFile('C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe','32');
DeleteFile('C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe','32');
DeleteFile('C:\Windows\Tasks\quiz_games_updating_service.job','64');
DeleteFile('C:\Windows\Tasks\ZZZzltPTE23ET3uqP.job','64');
DeleteFile('C:\Users\user\AppData\Roaming\ZZZzltPTE23ET3uqP.exe','32');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-1','64');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-11','64');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-2','64');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-4','64');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-5','64');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-6','64');
DeleteFile('C:\Windows\system32\Tasks\18398d3a-475a-4d97-90a6-13c87cbed488-7','64');
DeleteFile('C:\Windows\system32\Tasks\3c8f6f0e-6368-414d-8f45-87b0fd282a1d','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-1','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-11','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-2','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-3','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-4','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-5','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-6','64');
DeleteFile('C:\Windows\system32\Tasks\7991c6f5-120b-4a21-b081-8bc89b71c7f1-7','64');
DeleteFile('C:\Windows\system32\Tasks\9e8bdad3-94bd-4f60-82df-08fea530a44b','64');
DeleteFile('C:\Windows\system32\Tasks\bc3e5259-216b-45ab-922d-6380dea9f0d0','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-1','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-11','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-2','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-4','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-5','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-6','64');
DeleteFile('C:\Windows\system32\Tasks\bd235320-55b3-4b4c-b65d-42e16109800c-7','64');
DeleteFile('C:\Windows\system32\Tasks\c156bda9-04bd-481a-9a92-a48043392a25','64');
DeleteFile('C:\Windows\system32\Tasks\coupons_and_fun_notification_service','64');
DeleteFile('C:\Windows\system32\Tasks\coupons_and_fun_updating_service','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-1','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-11','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-2','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-3','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-4','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6','64');
DeleteFile('C:\Windows\system32\Tasks\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-7','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\green_game_notification_service','64');
DeleteFile('C:\Windows\system32\Tasks\green_game_updating_service','64');
DeleteFile('C:\Windows\system32\Tasks\kong_games_notification_service','64');
DeleteFile('C:\Windows\system32\Tasks\kong_games_updating_service','64');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Maintenance\SMupdate2','64');
DeleteFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Multimedia\SMupdate3','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_651','64');
DeleteFile('C:\Windows\system32\Tasks\quiz_games_notification_service','64');
DeleteFile('C:\Windows\system32\Tasks\quiz_games_updating_service','64');
DeleteFile('C:\Windows\system32\Tasks\Ribble','64');
DeleteFile('C:\Users\user\AppData\Roaming\Dorrible\Ribble\d.exe','32');
DeleteFile('C:\Windows\system32\Tasks\ShopperPro','64');
DeleteFile('C:\Windows\system32\Tasks\ShopperProJSUpd','64');
DeleteFile('C:\Program Files (x86)\ShopperPro\updater.exe','32');
DeleteFile('C:\Program Files (x86)\ShopperPro\ShopperPro.exe','32');
DeleteFile('C:\Windows\system32\Tasks\SMupdate1','64');
DeleteFile('C:\Windows\system32\Tasks\SPDriver','64');
DeleteFile('C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1444\jsdrv.exe','32');
DeleteFile('C:\Windows\system32\Tasks\YTDownloader','64');
DeleteFile('C:\Windows\system32\Tasks\YTDownloaderUpd','64');
DeleteFile('C:\Program Files (x86)\YTDownloader\updater.exe','32');
DeleteFile('C:\Program Files (x86)\YTDownloader\YTDownloader.exe','32');
DeleteFile('C:\Windows\system32\Tasks\ZZZzltPTE23ET3uqP','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 2[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

[B][COLOR="Blue"]Сделайте новые логи по правилам[/COLOR][/B]
03.05.2015, 15:22
Антон Лабзеев

Вложений: 3

Ура. Спасибо огромное.

Ура. Спасибо огромное. Обязательно поддержу данный проект. Карантин и логи высылаю. [ATTACH]559238[/ATTACH][ATTACH]559240[/ATTACH][ATTACH]559241[/ATTACH]
04.05.2015, 23:19
thyrex

Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.

[b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
[list][*]Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.[*]Убедитесь, что в окне [b]Optional Scan[/b] отмечены [i]"List BCD"[/i] и [i]"Driver MD5"[/i].
[img]http://i.imgur.com/B92LqRQ.png[/img][*]Нажмите кнопку [b]Scan[/b].[*]После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.[*]Если программа была запущена в первый раз, будет создан отчет ([b]Addition.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении.[/list]
07.05.2015, 12:56
Антон Лабзеев

Вложений: 2

[ATTACH=CONFIG]560268[/ATTACH]

[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]

[ATTACH=CONFIG]560272[/ATTACH]
09.05.2015, 10:25
thyrex

Скопируйте приведенный ниже текст в Блокнот и сохраните файл как [b]fixlist.txt[/b] в ту же папку, откуда была запущена утилита Farbar Recovery Scan Tool:
[code]
CreateRestorePoint:
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4151602389-844062856-604740464-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
HKU\S-1-5-21-4151602389-844062856-604740464-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://maprut.ru/?utm_source=startpage03&utm_content=8b57e55a9fa404f8e9335910c2b7269e
HKU\S-1-5-21-4151602389-844062856-604740464-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&text={searchTerms}
HKU\S-1-5-21-4151602389-844062856-604740464-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&text={searchTerms}
HKU\S-1-5-21-4151602389-844062856-604740464-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13898&tm=461&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://search.speedbit.com/search.aspx?aff=svd_0&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13898&tm=461&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4151602389-844062856-604740464-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4151602389-844062856-604740464-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4151602389-844062856-604740464-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13898&tm=461&src=ds&p={searchTerms}
BHO: Ge-Force -> {11111111-1111-1111-1111-110611191111} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll No File
BHO: SavePass 1.1 -> {11111111-1111-1111-1111-110611341129} -> C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-bho64.dll No File
BHO: CinemaPro-1.5cV14.12 -> {11111111-1111-1111-1111-110611571183} -> C:\Program Files (x86)\CinemaPro-1.5cV14.12\CinemaPro-1.5cV14.12-bho64.dll No File
BHO: Sense -> {11111111-1111-1111-1111-110611901159} -> C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File
HO-x32: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File
BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-4151602389-844062856-604740464-1000 -> No Name - {405DFEAE-1D2F-4649-BE08-C92313C3E1CE} - No File
Toolbar: HKU\S-1-5-21-4151602389-844062856-604740464-1000 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418552675&from=sky&uid=ST2000DM001-9YN164_Z1E0FCY7XXXXZ1E0FCY7
FF SearchEngineOrder.1: default-search.net
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jndhi8ep.default\searchplugins\default-search.xml [2014-09-05]
CHR Extension: (Поделиться ВКонтакте) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneggodalbcmgdkkfhbhbicbbahnacjb [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (bfipfkeoidmndggnnpobeenlamiclald) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfipfkeoidmndggnnpobeenlamiclald [2015-04-08]
CHR Extension: (CinemaPro-1.5cV14.12) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccnkbaeamfbhdnmilamlkagpfgimgppo [2014-12-14]
CHR Extension: (cgaknhmchnjaphondjciheacngggiclo) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgaknhmchnjaphondjciheacngggiclo [2015-04-02]
CHR Extension: (gllmkcahdekdbapmdfnffclacbpnicaj) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj [2015-04-02]
CHR Extension: (hlngmmdolgbdnnimbmblfhhndibdipaf) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-04-06]
CHR Extension: (coupons and fun) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnhiokdidpkighjkankkbahmeheadohg [2015-04-03]
CHR Extension: (inoeonmfapjbbkmdafoankkfajkcphgd) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2015-04-08]
CHR Extension: (kong games) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlinpflaifheoeohbdffhfnnpghdnlel [2015-04-02]
CHR Extension: (ljppcglljemjablfhgjdhndlpallobpl) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljppcglljemjablfhgjdhndlpallobpl [2014-12-18]
CHR Extension: (lomkpheldlbkkfiifcbfifipaofnmnkn) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lomkpheldlbkkfiifcbfifipaofnmnkn [2015-04-03]
CHR Extension: (lphojmgkbcmdjpaepolkjeienkacpjpi) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lphojmgkbcmdjpaepolkjeienkacpjpi [2015-04-10]
CHR Extension: (Переводчик для Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nhgnamkeifalaboccicnfjgpcielbfma [2014-01-13]
CHR Extension: (GreyGray) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nhogbcndagiknbfomjgdeghehkljalhi [2013-11-30]
CHR Extension: (oalbifknmclbnmjlljdemhjjlkmppjjl) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oalbifknmclbnmjlljdemhjjlkmppjjl [2015-04-14]
CHR Extension: (green game) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\obbfamljbihbcghcciagdafdpbgcmkne [2015-04-02]
CHR Extension: (quiz games) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\obhekfgkiebcdiemikbpipliohcokogk [2015-04-10]
CHR Extension: (ogalaicobgnjddfiiananilkfdecfcki) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ogalaicobgnjddfiiananilkfdecfcki [2014-12-21]
CHR HKU\S-1-5-21-4151602389-844062856-604740464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kneggodalbcmgdkkfhbhbicbbahnacjb] - http://vkplayerpro.ru/index.xml
CHR HKLM-x32\...\Chrome\Extension: [kifonanmkilecibbfhmdcoeonomahncd] - C:\Program Files (x86)\Crx\Files\kifonanmkilecibbfhmdcoeonomahncd_0.0.3.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kneggodalbcmgdkkfhbhbicbbahnacjb] - http://vkplayerpro.ru/index.xml
CHR HKLM-x32\...\Chrome\Extension: [kojodkdnpiidbiicdjbfkoknpekkikpb] - C:\Program Files (x86)\Crx\Files\kojodkdnpiidbiicdjbfkoknpekkikpb_0.0.3.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lmicjbmidollmgbnjfecbdakfocmpoie] - C:\Program Files (x86)\Crx\Files\lmicjbmidollmgbnjfecbdakfocmpoie_0.1.2.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ophghbbpfljnihcblbjblolkfeilimpj] - C:\Program Files (x86)\Crx\Files\ophghbbpfljnihcblbjblolkfeilimpj_0.0.1.crx [Not Found]
2015-04-24 11:04 - 2015-04-24 17:22 - 00000000 ____D () C:\Users\user\AppData\Local\Kometa
2015-04-24 10:58 - 2015-04-24 10:58 - 00000000 ____D () C:\Users\user\AppData\Local\Вoйти в Интeрнет
2015-04-24 10:53 - 2015-05-03 14:13 - 00000000 ____D () C:\Users\user\AppData\Roaming\newSI_651
2015-04-24 10:52 - 2015-04-24 10:52 - 00000000 ____D () C:\Users\user\AppData\Local\Поиcк в Интeрнете
2015-05-02 10:38 - 2015-05-02 10:38 - 00000000 ____D () C:\Device
2015-05-07 12:32 - 2013-11-20 10:34 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-05-03 14:13 - 2015-04-03 17:23 - 00000000 ____D () C:\Program Files (x86)\coupons and fun
2015-05-03 14:13 - 2015-04-02 23:23 - 00000000 ____D () C:\Program Files (x86)\kong games
2015-05-03 14:13 - 2015-04-02 17:23 - 00000000 ____D () C:\Program Files (x86)\green game
2015-05-03 14:13 - 2014-12-16 23:16 - 00000000 ____D () C:\Program Files (x86)\SavePass 1.1
2015-05-02 10:38 - 2014-12-14 13:24 - 00000000 ____D () C:\Users\Все пользователи\WindowsMangerProtect
2015-05-02 10:38 - 2014-12-14 13:24 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
C:\Users\user\AppData\Local\Temp\Qo5yG1U7NOtG.exe
C:\Users\user\AppData\Local\Temp\RMoMfKy5j5qJ.exe
C:\Users\user\AppData\Local\Temp\RpE5Un2bmKKw.exe
C:\Users\user\AppData\Local\Temp\tmpCCA1.exe
C:\Users\user\AppData\Local\Temp\tmpF5AF.exe
C:\Users\user\AppData\Local\Temp\toolbar1729271.exe
C:\Users\user\AppData\Local\Temp\toolbar1766882.exe
C:\Users\user\AppData\Local\Temp\unelevate.exe
C:\Users\user\AppData\Local\Temp\uninstall3151906.exe
C:\Users\user\AppData\Local\Temp\unsB0F6.tmp.exe
Task: {041E641E-49DD-4F85-8C38-98A07F1018FA} - \green_game_updating_service No Task File <==== ATTENTION
Task: {121EEC09-2C55-4B9A-BE01-F5E90CA8CE0C} - \quiz_games_updating_service No Task File <==== ATTENTION
Task: {15C1FFBF-C7A3-4B65-857F-C75C9C999058} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-1 No Task File <==== ATTENTION
Task: {16D5020C-F4F6-4C7F-B967-C67250EE1066} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6 No Task File <==== ATTENTION
Task: {1A2B0A87-1A9E-4C7E-B3A1-342738833A05} - \bd235320-55b3-4b4c-b65d-42e16109800c-4 No Task File <==== ATTENTION
Task: {3544C37E-3545-43C5-B64A-75111D576A37} - \newSI_651 No Task File <==== ATTENTION
Task: {363BADA8-98C1-4B96-83AC-361B53C0E540} - \SMupdate1 No Task File <==== ATTENTION
Task: {3F1802F2-34E5-4B4E-B6B0-5E57DBB91F55} - \YTDownloader No Task File <==== ATTENTION
Task: {44FEE08A-3857-45B5-8B08-164B2449DA75} - \bd235320-55b3-4b4c-b65d-42e16109800c-6 No Task File <==== ATTENTION
Task: {4A08559A-3EDD-4FB3-B129-288F3DAF4915} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
Task: {548A4017-E4FB-431B-B5D4-668078864BAE} - \bd235320-55b3-4b4c-b65d-42e16109800c-5_user No Task File <==== ATTENTION
Task: {5B181260-63C8-4294-A0F2-149F32D76ACA} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {6B9BAE04-EFA7-4D52-BD60-4DCA0E7522A9} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5_user No Task File <==== ATTENTION
Task: {6FAD7C60-7BE7-456F-B71B-3F896AC89F25} - \coupons_and_fun_notification_service No Task File <==== ATTENTION
Task: {70276D86-DE89-4543-A25F-C14493433C01} - \SPDriver No Task File <==== ATTENTION
Task: {7E9E3684-9FD3-414B-8DCF-587AA5E376AB} - System32\Tasks\AmiUpdXp => C:\Users\user\AppData\Local\SwvUpdater\Updater.exe [2013-11-20] (Amonetizé Ltd) <==== ATTENTION
Task: {847AF64C-C0B4-4F6F-B9B2-1FEFD313D476} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {85769436-AB77-4EE3-8E22-8C107884F8AC} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {95D03DCB-385C-4579-B390-082206F5B01A} - \quiz_games_notification_service No Task File <==== ATTENTION
Task: {9E6018CF-FCA3-4845-B14A-669FAD04AF24} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-2 No Task File <==== ATTENTION
Task: {A1C57154-242A-4D0C-873E-C0A747FA3726} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-3 No Task File <==== ATTENTION
Task: {AAA80234-D32F-4350-9B69-EDBBD6BB7D46} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {ABC029FD-7566-4AED-A11A-7CFBA336586D} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-11 No Task File <==== ATTENTION
Task: {AF6BD5BB-C6C9-4807-800B-BB05F6D28233} - \bd235320-55b3-4b4c-b65d-42e16109800c-2 No Task File <==== ATTENTION
Task: {B5597739-0EA6-4A57-B9BE-CD9E57E7B0EC} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-7 No Task File <==== ATTENTION
Task: {B9B34358-0F14-4EB7-B16B-364B145F49ED} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
Task: {BD0A6AC8-E658-4E87-AA82-3B46D8D6AEDD} - \coupons_and_fun_updating_service No Task File <==== ATTENTION
Task: {C17228BC-5403-4EE0-90AB-F2C7073CAF27} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-4 No Task File <==== ATTENTION
Task: {C3484976-33F7-4A78-AC9D-8283F1BE6A03} - \Ribble No Task File <==== ATTENTION
Task: {C7197A85-ACFD-44F0-A29C-5101871958C6} - \kong_games_updating_service No Task File <==== ATTENTION
Task: {C90AD872-451F-46B2-9866-97785D588C04} - \kong_games_notification_service No Task File <==== ATTENTION
Task: {CDEE1951-1D1E-489D-83FE-B02CF8C1C55C} - \YTDownloaderUpd No Task File <==== ATTENTION
Task: {D0BF1BE0-C405-4165-A03F-0CDBF830A1CD} - \e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-5 No Task File <==== ATTENTION
Task: {D8D3AF3F-2AE0-4A80-8F99-E59CE5AB0A6A} - \bd235320-55b3-4b4c-b65d-42e16109800c-7 No Task File <==== ATTENTION
Task: {DD15FEE6-B68B-4F46-BBE2-2837CE6F88AE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {ED62DE6B-9B68-4664-A98E-3C192F65EC02} - \green_game_notification_service No Task File <==== ATTENTION
Task: {F22F5F88-AE3E-4E84-A5A6-13B959713913} - \bd235320-55b3-4b4c-b65d-42e16109800c-5 No Task File <==== ATTENTION
Task: {F7C673A3-48AE-48B3-BA04-22578AE61CDA} - \c156bda9-04bd-481a-9a92-a48043392a25 No Task File <==== ATTENTION
Task: {FF86AEFF-6558-414F-A2F7-CC3934F1672E} - \ShopperPro No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\user\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Reboot:
[/code]
[list][*]Запустите FRST, нажмите один раз на кнопку [b]Fix[/b] и подождите. Программа создаст лог-файл ([b]Fixlog.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении![*]Обратите внимание, что компьютер будет [b]перезагружен[/b].[/list]
16.05.2015, 18:46
Антон Лабзеев

Вложений: 1

[ATTACH=CONFIG]562366[/ATTACH][QUOTE][/QUOTE]
17.05.2015, 23:11
thyrex

Что с проблемой?
20.05.2015, 12:27
Антон Лабзеев

Ответ

[QUOTE=thyrex;1273301]Что с проблемой?[/QUOTE] Прооблема решена. Спасибо!!!!
20.05.2015, 12:37
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]1[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]