Китайский вирус Tencent

Printable View

30.04.2016, 19:19
Mr.Paff

Вложений: 3

Китайский вирус Tencent

Поймал какой-то вирус. Установились пять сетевых игр, программа Tencent, появилась реклама в нижнем углу рабочего стола.
Удалил игры, удалил программу Tencent (запустил деинсталлятор C:\Program Files\Tencent\QQPCMgr\11.5.17490.219/Uninst.exe , в панеле управления не отображается), но остались папки связанные с ним и не удалялись, проверил на вирусы с помощью Dr.Web CureIt! и AVPTool, вирусы нашлись, удалились.
Реклама пропала, игр нет, но после перезагрузки Tencent снова в процессах.
Помогите удалить Tencent и явно ещё что-то лишнее грузиться
30.04.2016, 19:20
Info_bot

Уважаемый(ая) [B]Mr.Paff[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="http://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
01.05.2016, 10:56
thyrex

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll','');
QuarantineFile('C:\Users\AE36~1\AppData\Local\Temp\04818\tim.exe','');
SetServiceStart('QMIEProtect', 4);
SetServiceStart('QMUdisk', 4);
SetServiceStart('QQSysMon', 4);
SetServiceStart('softaal', 4);
SetServiceStart('SRepairDrv', 4);
SetServiceStart('TAOAccelerator', 4);
SetServiceStart('TAOKernelDriver', 4);
SetServiceStart('TFsFlt', 4);
SetServiceStart('TsFltMgr', 4);
SetServiceStart('TSKSP', 4);
SetServiceStart('tsnethlp', 4);
DeleteService('tsnethlp');
DeleteService('TSKSP');
DeleteService('TsFltMgr');
DeleteService('TFsFlt');
DeleteService('TAOKernelDriver');
DeleteService('TAOAccelerator');
DeleteService('SRepairDrv');
DeleteService('softaal');
DeleteService('QQSysMon');
DeleteService('QMUdisk');
DeleteService('QMIEProtect');
QuarantineFile('C:\ProgramData\Windows Update\svrupg.exe','');
QuarantineFile('C:\ProgramData\service.exe','');
DeleteService('GoogleChromeUpSvc');
DeleteService('GoogleChromeUpService');
DeleteService('QQRepairFixSVC');
SetServiceStart('QQPCRTP', 4);
DeleteService('QQPCRTP');
TerminateProcessByName('c:\program files\tencent\qqpcmgr\11.5.17490.219\plugins\qmnetmon\qqpcnetflow.exe');
TerminateProcessByName('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpcpatch.exe');
TerminateProcessByName('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpcrealtimespeedup.exe');
TerminateProcessByName('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpcrtp.exe');
TerminateProcessByName('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpctray.exe');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\plugins\qmnetmon\qqpcnetflow.exe','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpcpatch.exe','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpcrealtimespeedup.exe','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpcrtp.exe','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qqpctray.exe','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\7z.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\AndroidAssistHelper.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\arkGraphic.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\CheckSysHung.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\Common.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\communic.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\dr.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\exnscan.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\GameUpgrade.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\GarbageCleaner.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\GF.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\GFCustom.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\GFFtsysCustom.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\jgImage.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\jgIOStub.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\MemDefrag.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\NetflowMgr.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\oDayProtect.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMBDScanner.dat','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMCloudInter\QMCloudInter.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMHipsEngine.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\arkGraphic.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\Common.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\GF.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgImage.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgIOStub.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\tinyxml.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\xGraphic32.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMonPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMRepairPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\ProcessManager.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\ptrate.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAntiInject.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAssocScan.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAVProxy.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMCommon.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMDlder.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMDns.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMEmMat.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMExt.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMFileMon.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMForbiddenWinKey.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMHIPSHeart.dll','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qmhipslogpolicy.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMHIPSPolicyEng.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMHIPSService.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMIEProtectIo.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmiesafedll.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMInfoEng.DLL','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMIpc.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMMain.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMNetworkMgr.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMRtpCheck.dll','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qmrtpcontroller.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMRtpDLL.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMSafeBoxHelperDll.dll','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qmscripthost.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMSkinMgr.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMSpeedupPlugin\SpeedupRocket\SpeedupRocket.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMSSO\Bin\SSOCommon.DLL','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMSSO\Bin\SSOLUIControl.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMSSO\Bin\SSOPlatform.dll','32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.5.17490.219\qmsysrepprov.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\GameUpgradeTrayPlugin\GameUpgradeTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMAutoTaskPlugin\QMAutoTaskPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupExposure.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\SpeedupMsg.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMBJTrayPlugin\QMBJTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMClinicTrayPlugin\QMClinicTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMCmcTrayPlugin\QMCmcTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMDnsMonitor\QMDnsMonitor.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMHwFloatWnd\QMHwFloatWnd.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMLogCtrl\QMLogCtrl.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMMobileTrayPlugin\QMMobileTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMNewsTips\QMNewsTips.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMPerfCtrl\QMPerf.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMPerfCtrl\QMPerfCtrl.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMPreDownload\QMPreDownload.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMQQLoginPlugin\QMQQLoginPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMRtpPlugin\QMRtpPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMSccTrayPlugin\QMSccTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMSoftPlugin\QMSoftPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMStartupMonitorNotify\QMStartupMonitorNotify.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMSwitchesMgrPlugin\QMSwitchesMgrPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMSXTrayPlugin\QMSXTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMSysOptimizeAssist\QMSysOptimizeAssist.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMTpkTrayPlugin\QMTpkTrayPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMTrayDetector\QMTrayDetector.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMTrojanPlugin\QMTrojanPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMUDiskMgr\QMUDiskMgr.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMUpdateModule\QMUpdateModule.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMVulPlugin\QMVulPlugin.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\qmtrayplugin\QMWebFWCtrl\QMWebFWCtrl.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUl.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMWlanMacDll.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQFileFlt.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCFIXATDLL.DLL','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\RefuseInject.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\scc.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\SoftMgr\processlogdll.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\sqlite.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\StartupMgrDll.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\SXCombase.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAOBase.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\xImage.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\xGraphic32.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\Win10ToastNotification.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\UDiskShellExt.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSZip.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSSysKitProxy.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\tinyxml.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAVUpload.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAVInterface.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAVEng.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\tave.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAVCache.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAOWorkFlowMgr.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAOKernelControl.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TAOClient.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMIEProtect.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUdisk.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQSysMon.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\softaal.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMGR\Plugins\SRepairDrv','32');
DeleteFile('C:\WINDOWS\system32\Drivers\TAOAccelerator.sys','32');
DeleteFile('C:\WINDOWS\system32\Drivers\TAOKernelEx.sys','32');
DeleteFile('C:\WINDOWS\system32\Drivers\TFsFlt.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\TsFltMgr.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSKsp.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TsNetHlp.sys','32');
DeleteFile('C:\ProgramData\service.exe','32');
DeleteFile('C:\ProgramData\Windows Update\svrupg.exe','32');
DeleteFile('C:\Program Files\Tencent\QQPCMGR\Plugins\QQRepairFixSVC','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe','32');
DeleteFile('C:\Users\AE36~1\AppData\Local\Temp\04818\tim.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','QQPCTray');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tim.exe -start');
DeleteFile('C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','taskhost');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Будет выполнена перезагрузка компьютера.

Выполните скрипт в AVZ
[code]begin
CreateQurantineArchive('c:\quarantine.zip');
end.[/code][b]c:\quarantine.zip[/b] пришлите по красной ссылке [color="Red"][u][b]Прислать запрошенный карантин[/b][/u][/color] [b]над первым сообщением[/b] в Вашей теме.

[B][COLOR="Red"]Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи[/COLOR][/B]
01.05.2016, 22:22
Mr.Paff

Вложений: 3

новые логи
02.05.2016, 18:11
thyrex

Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.
[list][*][b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.[/list]

1. Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.
2. Убедитесь, что в окне [b]Optional Scan[/b] отмечены [i]List BCD[/i], [i]Driver MD5[/i] и [i]90 Days Files[/i].
[img]http://i.imgur.com/3munStB.png[/img]
3. Нажмите кнопку [b]Scan[/b].
4. После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа.
5. Если программа была запущена в первый раз, также будет создан отчет ([b]Addition.txt[/b]).
6. Полученные в пп. 4 и 5 логи заархивируйте (в [b]один архив[/b]) и прикрепите к сообщению.
03.05.2016, 17:12
Mr.Paff

Вложений: 1

Farbar Recovery Scan Tool
04.05.2016, 19:07
thyrex

1. Откройте [b]Блокнот[/b] и скопируйте в него приведенный ниже текст
[code]
CreateRestorePoint:
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92552456_hao_pg
HKU\S-1-5-21-286023530-686724533-4289141944-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92552456_hao_pg
FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll [2016-04-29] (Tencent Technology (Shenzhen) Company Limited)
R1 QQPCHelper; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCHelper.sys [34936 2016-04-29] (Tencent)
S3 TS888; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TS888.sys [39928 2016-04-30] (Tencent)
R1 TSDefenseBt; C:\WINDOWS\System32\DRIVERS\TSDefenseBt.sys [14008 2016-04-27] (Tencent)
2016-04-30 15:36 - 2016-04-30 15:36 - 00039928 _____ (Tencent) C:\WINDOWS\system32\Drivers\TS888.sys
2016-04-29 18:32 - 2016-04-29 18:32 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-04-28 12:32 - 2016-04-30 16:01 - 00000000 ____D C:\Users\ПКК\AppData\Roaming\Tencent
2016-04-28 12:30 - 2016-04-28 12:30 - 00000000 ____D C:\Users\ПКК\AppData\Roaming\Babylon
2016-04-28 12:30 - 2016-04-28 12:30 - 00000000 ____D C:\Users\ПКК\AppData\Local\Babylon
2016-04-28 12:30 - 2016-04-28 12:30 - 00000000 ____D C:\Users\Все пользователи\Babylon
2016-04-28 12:30 - 2016-04-28 12:30 - 00000000 ____D C:\ProgramData\Babylon
2016-04-27 13:46 - 2016-04-30 15:36 - 00000000 ____D C:\Users\Все пользователи\TXQMPC
2016-04-27 13:46 - 2016-04-30 15:36 - 00000000 ____D C:\ProgramData\TXQMPC
2016-04-27 13:46 - 2016-04-27 13:46 - 00005120 _____ C:\Users\ПКК\AppData\Roaming\GiftBag.db
2016-04-27 13:46 - 2016-04-27 13:45 - 00014008 _____ (Tencent) C:\WINDOWS\system32\Drivers\TSDefenseBt.sys
2016-04-27 13:45 - 2016-04-29 19:28 - 00000000 ____D C:\Users\Все пользователи\WindowsMsg
2016-04-27 13:45 - 2016-04-29 19:28 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-04-27 13:44 - 2016-04-29 19:29 - 00000000 ____D C:\Users\Все пользователи\Windows Update
2016-04-27 13:44 - 2016-04-29 19:29 - 00000000 ____D C:\ProgramData\Windows Update
2016-04-27 13:44 - 2016-04-29 18:27 - 00002303 _____ C:\Users\Все пользователи\webad.xml
2016-04-27 13:44 - 2016-04-29 18:27 - 00002303 _____ C:\ProgramData\webad.xml
2016-04-27 13:43 - 2016-04-29 19:22 - 00000000 ____D C:\Users\Все пользователи\Tencent
2016-04-27 13:43 - 2016-04-29 19:22 - 00000000 ____D C:\ProgramData\Tencent
2016-04-26 17:24 - 2016-04-26 17:24 - 00000009 _____ C:\Users\Все пользователи\a.bat
2016-04-26 17:24 - 2016-04-26 17:24 - 00000009 _____ C:\ProgramData\a.bat
C:\ProgramData\adb.exe
2016-04-27 13:42 - 2016-04-27 13:42 - 0114632 _____ (深圳市迅雷网络技术有限公司) C:\Users\ПКК\AppData\Roaming\xldl.dll
Task: {006238DD-B00A-4C25-8B47-D6E3F303EA50} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {00B293E2-2524-4E02-B5FB-8564DDFC1FDD} - \Microsoft\Windows\Diagnosis\Scheduled -> No File <==== ATTENTION
Task: {00CAD877-B37D-4CF7-AB20-EA117AB69A06} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {017EE08E-9AF3-48BB-AA72-50C4420C3B93} - \Microsoft\Windows\WCM\WiFiTask -> No File <==== ATTENTION
Task: {03F81D90-EF28-49D3-BC5A-FFA6F9E3B415} - \Microsoft\Windows\SettingSync\NetworkStateChangeTask -> No File <==== ATTENTION
Task: {05134FD6-A288-46F5-AB78-8FAA6889CB10} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {07310375-8CA0-4E47-A42F-F9E1908B69B1} - \Microsoft\Windows\License Manager\TempSignedLicenseExchange -> No File <==== ATTENTION
Task: {07440E31-D245-4807-82FC-1A1FDE50C530} - \Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup -> No File <==== ATTENTION
Task: {07690C4B-7E80-43EA-8E0E-701514D92890} - \Microsoft\Windows\Work Folders\Work Folders Maintenance Work -> No File <==== ATTENTION
Task: {0A7009E1-174B-41B8-A644-14DE32A98630} - \Microsoft\Windows\PI\Sqm-Tasks -> No File <==== ATTENTION
Task: {0ACBA31C-FD9F-4E97-880A-97CE066C4745} - \Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate -> No File <==== ATTENTION
Task: {0B796E4C-1044-4834-A4D7-0111414AA60B} - \Microsoft\Windows\Shell\IndexerAutomaticMaintenance -> No File <==== ATTENTION
Task: {0C943D35-4A9F-4B05-8C0C-3CFE238D6D6C} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION
Task: {0CD511B0-1E82-42E8-98FD-69A8C4B06CCC} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader -> No File <==== ATTENTION
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {113FFAB9-D6AE-4734-88D0-8C54F596B419} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {13478243-923A-4FA8-BA9A-9FADA500902B} - \Microsoft\Windows\Multimedia\SystemSoundsService -> No File <==== ATTENTION
Task: {14F84C79-3AA1-4572-AB18-3B04E643264B} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {17770B86-14DB-44AD-B57C-9C35E7C7AA46} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {18ED317D-67F2-411D-9BE6-E68AA892F9F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {19691035-2311-43F0-A5F6-515EE2FB0FBF} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {1A580F8F-B6F3-457B-99B3-53A1F9BF569B} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {1A6A5F30-3D1B-4C9B-98AF-1295F53ACD08} - \Microsoft\Windows\WOF\WIM-Hash-Management -> No File <==== ATTENTION
Task: {1D1D9729-41CA-4683-AF90-C3FE0B3F4916} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam -> No File <==== ATTENTION
Task: {1D4BFAFA-BF0A-446C-B02F-39CBCA0CFB80} - \Microsoft\Windows\CertificateServicesClient\SystemTask -> No File <==== ATTENTION
Task: {1D97BC4A-24A0-4CB0-B655-01ED3AC365E3} - \Microsoft\Windows\CertificateServicesClient\KeyPreGenTask -> No File <==== ATTENTION
Task: {1FEF9567-63A5-4FBB-8952-F965F7EB091F} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {204719EA-BF34-4D36-B61D-A9B45E0237EC} - \Microsoft\Windows\Work Folders\Work Folders Logon Synchronization -> No File <==== ATTENTION
Task: {231F9670-E069-4449-A99B-D082889DDCDF} - \Microsoft\Windows\Sysmain\ResPriStaticDbSync -> No File <==== ATTENTION
Task: {24000B7B-B224-4E49-937F-0A7619A7D069} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {24684C85-3A42-4A8C-AA89-8E8DB51F2029} - \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic -> No File <==== ATTENTION
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {257C458D-9591-4628-837F-B856CB1AA3A7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {268704AA-12C6-4788-AB71-DC628774F8C9} - \Microsoft\Windows\ApplicationData\DsSvcCleanup -> No File <==== ATTENTION
Task: {26CECBB5-EA11-424E-AA03-D0F8F7851D73} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff -> No File <==== ATTENTION
Task: {27680876-978C-4D68-9C5F-350F2442C046} - \Microsoft\Windows\Workplace Join\Automatic-Device-Join -> No File <==== ATTENTION
Task: {2771B8BE-AE03-4E7C-B10D-D32ED31F7D6E} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {285F7E56-A033-46F8-8AD7-DEC2CE41F4D8} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {2A43CFEB-776F-49DC-9216-BFCB996D52DA} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {2C82BD31-7D81-4D54-9C45-E1EC586F6A87} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {2E53D6F4-6150-4F64-8177-BE80E263384D} - \Soft installer -> No File <==== ATTENTION
Task: {2EB8283D-399E-46CC-A0B0-5DE1C740C101} - \Microsoft\Windows\Ras\MobilityManager -> No File <==== ATTENTION
Task: {2EFF6322-C770-418F-BA4B-D292F9BE2D4E} - \Microsoft\Windows\Plug and Play\Device Install Group Policy -> No File <==== ATTENTION
Task: {33A77031-4C00-4DA8-BC48-A9043973FA32} - \klcp_update -> No File <==== ATTENTION
Task: {35989215-618C-401A-8090-833BEEFC7D7A} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {35D447AC-5B12-436A-A140-7C8C7393CBF6} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {3A7044AD-AB10-4071-974B-BE0FC067B882} - \Microsoft\Windows\DUSM\dusmtask -> No File <==== ATTENTION
Task: {3E935018-591F-40BB-AC6B-1444421D2A14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3ECD8885-05A4-4B93-BF48-21AEB7DA2F5F} - \Microsoft\Windows\Offline Files\Background Synchronization -> No File <==== ATTENTION
Task: {4073FE4D-206F-46D4-9632-ADC1EE20E684} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {414B2E57-1513-4C59-9FEA-A6D1A341F633} - \Microsoft\Windows\Maps\MapsUpdateTask -> No File <==== ATTENTION
Task: {4247CA1B-0220-4452-8303-2069A7D8D69B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {45016F5B-D1A0-41F1-8E39-8CA8C2D580EE} - \Microsoft\Windows\Task Manager\Interactive -> No File <==== ATTENTION
Task: {4656B6E6-AF43-4CFA-A9BF-7B500267CA84} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {4769D497-3E12-4797-BFDE-597D94141188} - \Microsoft\Windows\Plug and Play\Device Install Reboot Required -> No File <==== ATTENTION
Task: {4F8188B0-AD29-4FEE-B76E-D646D2F3D376} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {4FC1E3EC-090F-4D6B-8146-FC267C6E8B25} - \Microsoft\Windows\Location\WindowsActionDialog -> No File <==== ATTENTION
Task: {511E14CA-1F45-4634-8FF0-EA030E4A127B} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {53299B14-E09B-4CB5-B8AF-CA7E22B42EEF} - \Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck -> No File <==== ATTENTION
Task: {54C3B37B-030D-437E-8B30-70884959FC73} - \Microsoft\Windows\WindowsUpdate\Automatic App Update -> No File <==== ATTENTION
Task: {559FEB61-EA58-4EB9-AFC5-BEB330A605F4} - \Microsoft\Windows\DiskCleanup\SilentCleanup -> No File <==== ATTENTION
Task: {5612FF9C-74BB-4FBA-BC7D-84265CA4EEEF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> No File <==== ATTENTION
Task: {567DD8A0-BE7C-4DBF-AB5B-0B019DC1C30D} - \Microsoft\Windows\LanguageComponentsInstaller\Uninstallation -> No File <==== ATTENTION
Task: {570CA720-7476-444A-8C2F-E67DA1CD62D7} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {57DC5FC5-D2AC-4242-9518-EDF27B7D9943} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {57E852AE-43B9-45B2-8B02-C5697D6F039A} - \Microsoft\Windows\Shell\CreateObjectTask -> No File <==== ATTENTION
Task: {581026B1-F818-4A07-BD50-A4E711B40EF9} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
Task: {58CAC980-7ECB-4269-8F35-491D660606A3} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {59C5424F-4391-4C7F-9175-1DF1B546E459} - \Microsoft\Windows\Registry\RegIdleBackup -> No File <==== ATTENTION
Task: {59F5AD56-6239-4A7B-91FE-CD4CEE4EE4CA} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {5AAFAE5A-CE14-4F85-BB4E-866E94949307} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {5B4118DF-E6FE-4ADB-B36F-7A3375DBBD61} - \Microsoft\Windows\WindowsUpdate\Scheduled Start -> No File <==== ATTENTION
Task: {5F266701-FC50-43CA-BBF8-6CFB559963FC} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector -> No File <==== ATTENTION
Task: {619B5A8A-5D31-47C1-BDF3-1A6A091E5B9A} - \Microsoft\Windows\PI\Secure-Boot-Update -> No File <==== ATTENTION
Task: {61A8CE77-31E1-4DDB-B91A-DF0CF5C30F1B} - \Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization -> No File <==== ATTENTION
Task: {62D23725-88D9-4ED4-9AF5-D7FAA3A22140} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION
Task: {630F6BC7-A5F2-4414-B19B-A90784B3DCE8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6406CF3F-4733-43A8-B385-E3CAA5FF2768} - \Microsoft\Windows\Sysmain\HybridDriveCacheRebalance -> No File <==== ATTENTION
Task: {657B4A29-C214-47D1-988C-175E7DD876A8} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {69B01C56-6F39-4C75-9863-9D3667AC71B9} - \Microsoft\Windows\FileHistory\File History (maintenance mode) -> No File <==== ATTENTION
Task: {6BFB8009-01FB-4968-87B6-35DD5FE0E324} - \Microsoft\Windows\Servicing\StartComponentCleanup -> No File <==== ATTENTION
Task: {6BFBBE49-9BBE-4708-820B-706680085F02} - \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery -> No File <==== ATTENTION
Task: {6E36C558-D8CE-4A6F-A8E4-7049D438C5A8} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange -> No File <==== ATTENTION
Task: {6F6316BA-BC8C-40D0-B11F-2B83E968AC62} - \Microsoft\Windows\CloudExperienceHost\CreateObjectTask -> No File <==== ATTENTION
Task: {70333C3D-F504-440F-B651-69D4B89685CD} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {70AD6786-B2A1-4B5E-B64B-2509A7EDE3DD} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {70CAC138-42B5-4361-BC0D-1EF71558286B} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {71EF9060-CB02-485E-9186-323BCEAEC002} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {7402AF94-D912-434B-A6F2-4CE877F3BBBB} - \Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask -> No File <==== ATTENTION
Task: {75159E26-DC96-4ECC-BFCB-7530F6F7E389} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {764FC32F-37B5-40A2-8798-007AF3D34E28} - \Microsoft\Windows\LanguageComponentsInstaller\Installation -> No File <==== ATTENTION
Task: {77559C66-8E75-4DCC-B615-71FEFF42C183} - \Microsoft\Windows\Offline Files\Logon Synchronization -> No File <==== ATTENTION
Task: {7927ABCA-64D2-44FF-82FD-B80C9066C843} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {79C6E074-2E64-47AB-B719-138CF9EED575} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask -> No File <==== ATTENTION
Task: {7A535B00-EBD4-40EC-A58F-000ACEA4DBB0} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {7A5CC9D5-294F-4265-BA9B-C3FC666913C5} - \Microsoft\Windows\Location\Notifications -> No File <==== ATTENTION
Task: {7BEC5592-52BD-45EC-9A3B-0C5A2BC2729F} - \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser -> No File <==== ATTENTION
Task: {7C03926E-1EFD-46FA-B062-9EA37A4B6C22} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {7CC91E61-2A60-4416-ADCF-E71FA1750C57} - \Microsoft\Windows\WindowsUpdate\sihboot -> No File <==== ATTENTION
Task: {7DC231DA-2C57-4282-AC92-64BBF3287C70} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon -> No File <==== ATTENTION
Task: {84B397F7-89B4-4D86-907E-B8DD7132294F} - \Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers -> No File <==== ATTENTION
Task: {8520B45C-E676-4A48-83FE-CBF8A96A1063} - \Microsoft\Windows\WS\License Validation -> No File <==== ATTENTION
Task: {862D1EED-3358-4263-B661-4E9D879FF4E1} - \Microsoft\Windows\Time Synchronization\ForceSynchronizeTime -> No File <==== ATTENTION
Task: {8A0961EE-F47E-4E19-8C8A-4D20D841B75A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> No File <==== ATTENTION
Task: {8A3475DE-7872-4F1F-8A82-4D39447AFB87} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {8A38CA05-3D73-4B13-A6C9-FDCCCFC40AD5} - \Microsoft\Windows\Shell\FamilySafetyMonitor -> No File <==== ATTENTION
Task: {9168D806-7D2B-4DE2-8ABC-F49E8C304AD4} - \Microsoft\Windows\SettingSync\BackgroundUploadTask -> No File <==== ATTENTION
Task: {92FC3743-EF37-43FA-B6A7-3E0845695309} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {93A53D80-4541-48BF-89F4-729F160AB6F2} - \Microsoft\Windows\Clip\License Validation -> No File <==== ATTENTION
Task: {975C1983-9327-42B9-A562-66C273EA6653} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {976B3ACD-D3F5-4DD0-A26A-2739379765D3} - \svchost -> No File <==== ATTENTION
Task: {97AF3206-AEEB-4FEC-B480-1FC78940A47C} - \Microsoft\Windows\Feedback\Siuf\DmClient -> No File <==== ATTENTION
Task: {9A089F02-0833-47B9-84B7-5D51A6ACC570} - \Microsoft\Windows\ApplicationData\CleanupTemporaryState -> No File <==== ATTENTION
Task: {9C0B4693-6472-4A34-A17F-9CDC31C653D2} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {9D55FA98-FEB2-4FC5-92F3-1580460100FA} - \Microsoft\Windows\DiskFootprint\Diagnostics -> No File <==== ATTENTION
Task: {9FA45990-2E71-4FC7-B381-1B9717BE1736} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {A110445F-81E5-4283-96E1-C5AF4688A6F2} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {A24CFCA2-90E0-4747-BE49-98A93654500A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A2EC2266-2AF4-4E7D-94B8-A6E76EC5EB65} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {A4E93C39-D98C-4AF7-B50F-8E134B949FCC} - \Microsoft\Windows\Sysmain\WsSwapAssessmentTask -> No File <==== ATTENTION
Task: {A50C2BC2-2B78-4FDC-B388-B9EA338224F4} - \Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice -> No File <==== ATTENTION
Task: {A713030D-6DA6-404A-B4F1-F5D77A9E22E5} - \Microsoft\Windows\Device Setup\Metadata Refresh -> No File <==== ATTENTION
Task: {A7189AC7-5247-4121-AC24-C0E42C0C262D} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {A7CFDF3B-BE57-4DBA-B802-3FD3F728EAC0} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24 -> No File <==== ATTENTION
Task: {A89BB49A-CB06-45C6-B79A-5BEA8A32FAE0} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {ABC8FAA8-FB4D-48A4-95B1-E116BFFECA3C} - \Microsoft\Windows\SystemRestore\SR -> No File <==== ATTENTION
Task: {AC24014F-4D5F-45EE-AA33-91019E5240EA} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {B27CD7EA-70CB-4DD4-A3F9-24FF5CCE2B50} - \Microsoft\Windows\Chkdsk\ProactiveScan -> No File <==== ATTENTION
Task: {B33663C6-0DEE-434A-9B58-13068CD03F61} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {B4643584-0DD8-4263-AC77-0D85D1A6E0DC} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange -> No File <==== ATTENTION
Task: {B8FA08F5-D91F-4C25-AA7D-50360BB55395} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {B955C086-8727-4AD3-A92C-FACC87065FB1} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor -> No File <==== ATTENTION
Task: {C1850E7B-8A87-414B-B727-94852B0C6641} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {C34412BF-E6A9-403D-9E5D-48B5D27FBD9A} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
Task: {C3EBBBC2-8040-429A-A029-EC92DA5672EF} - \Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask -> No File <==== ATTENTION
Task: {C5D94C58-864C-42A6-BE5E-0CA92866F089} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
Task: {C5DB35D6-8809-4F0B-9A2B-5F2B8A23484B} - \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents -> No File <==== ATTENTION
Task: {C61A5BB6-8937-484C-BBE1-426A0613223B} - \Microsoft\Windows\WS\WSTask -> No File <==== ATTENTION
Task: {C629D080-0D09-4110-B8FD-67FFA485EE00} - \Microsoft\Windows\Shell\FamilySafetyRefresh -> No File <==== ATTENTION
Task: {C831DE06-282B-44F1-9C7C-580E7914B12A} - \Microsoft\Windows\Application Experience\StartupAppTask -> No File <==== ATTENTION
Task: {C9B14B69-4506-4CD7-A736-CFA0AF7DBDAC} - \Microsoft\Windows\Maps\MapsToastTask -> No File <==== ATTENTION
Task: {C9B9218D-E2E7-40AF-BC60-6B13BCF40E13} - \Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization -> No File <==== ATTENTION
Task: {CA0A9A18-CFC7-47A2-A548-A34F711DBBF5} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CAD6C4CD-D042-42E9-BA44-A55760E461E2} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {D244059B-B8B5-4016-A6DB-81F50F031B38} - \Microsoft\Windows\DiskFootprint\StorageSense -> No File <==== ATTENTION
Task: {D3A72ED4-0CBF-4AC0-9B03-21D8E536D376} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {D3BBAAE1-8B40-4415-A718-9E400D8F4EA6} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {D53E01D0-0918-4A08-8877-2E651223AE0E} - \Microsoft\Windows\SpacePort\SpaceManagerTask -> No File <==== ATTENTION
Task: {D5D83CB3-032E-4FAC-A6BF-B4150247FC54} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {D8DF3507-7200-4FAA-82AA-5A6568C194EB} - \Microsoft\Windows\TPM\Tpm-Maintenance -> No File <==== ATTENTION
Task: {DA815374-6CA6-4A7A-BF99-ACE9FA78408A} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {DAA91931-4D1E-492C-9C14-7AF5401AB0B2} - \Microsoft\Windows\User Profile Service\HiveUploadTask -> No File <==== ATTENTION
Task: {DB0EE834-073C-49C2-BFAA-90E152F11909} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 -> No File <==== ATTENTION
Task: {DCA820D7-D9AE-49B3-8612-BC9B2C97E126} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork -> No File <==== ATTENTION
Task: {DF79C73D-8134-43B7-8A09-EE4B55595ED2} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
Task: {E1AA29F8-90F6-43F8-82D0-313E9C0B4B9B} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {E27E8157-D2DA-4D6D-AA6F-19109DF583DE} - \Microsoft\Windows\RecoveryEnvironment\VerifyWinRE -> No File <==== ATTENTION
Task: {E294ADB4-D275-424B-8DD0-233F161540B4} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {E39EF92A-7F73-4CF5-B552-39F5FF42DC06} - \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan -> No File <==== ATTENTION
Task: {E3F3AF12-70A1-4222-939F-3B79ED268C37} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {E7068007-0C85-4C3B-9E74-53FC9C4285BE} - \WPD\SqmUpload_S-1-5-21-286023530-686724533-4289141944-1000 -> No File <==== ATTENTION
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {E96734C3-A682-4E6A-8B9A-7AC0E4C7FEFC} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> No File <==== ATTENTION
Task: {E9721AC1-1707-4029-8FAF-CC06C623A968} - \Microsoft\Windows\Management\Provisioning\Logon -> No File <==== ATTENTION
Task: {EA70AB58-CB24-45A1-914D-CDCD06EFD8C7} - \Microsoft\Windows\WDI\ResolutionHost -> No File <==== ATTENTION
Task: {EABF19F1-B2F9-408F-B40F-9A526FE86099} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EB712554-10E7-4951-AE3F-E2D89E3A242B} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {EBEC828A-0C6B-4404-A876-E6D9994BF911} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EC71AFD6-BEEF-4A7B-9D56-51F19F3DB150} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {EC8C311F-3C40-4BCD-8F50-52EFE40BDFA8} - \Microsoft\Windows\CertificateServicesClient\UserTask -> No File <==== ATTENTION
Task: {ECC2ADF9-380B-44E6-A646-0F902FDE014E} - \Microsoft\Windows\Maintenance\WinSAT -> No File <==== ATTENTION
Task: {EE3819FA-00D4-4186-9EDE-443FAC4E573F} - \Microsoft\Windows\AppID\EDP Policy Manager -> No File <==== ATTENTION
Task: {EEE11692-9857-4A1B-9D74-14247CC6323F} - \Microsoft\Windows\TPM\Tpm-HASCertRetr -> No File <==== ATTENTION
Task: {F400CAE7-9152-4086-BA04-510C817DADBC} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork -> No File <==== ATTENTION
Task: {F4853FE6-7B4D-4462-9664-5A6DB667FFDC} - \Microsoft\Windows\WOF\WIM-Hash-Validation -> No File <==== ATTENTION
Task: {F66FC637-89D3-4BF3-B297-3FBABCC252F6} - \Microsoft\Windows\NlaSvc\WiFiTask -> No File <==== ATTENTION
Task: {FB4832D3-8595-431D-A407-6248570C427D} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FC084C81-5B41-4F2B-99EB-A6CC661EC50D} - \Microsoft\Windows\SpacePort\SpaceAgentTask -> No File <==== ATTENTION
Task: {FD8EB16E-FD83-4B12-92DD-43F3B58790E2} - \Microsoft\Windows\Time Zone\SynchronizeTimeZone -> No File <==== ATTENTION
Reboot:
[/code]
2. Нажмите [b]Файл[/b] – [b]Сохранить как[/b]
3. Выберите папку, откуда была запущена утилита [b]Farbar Recovery Scan Tool[/b]
4. Укажите [b]Тип файла[/b] – [b]Все файлы (*.*)[/b]
5. Введите имя файла [b]fixlist.txt[/b] и нажмите кнопку [b]Сохранить[/b]
6. Запустите FRST, нажмите один раз на кнопку [b]Fix[/b] и подождите. Программа создаст лог-файл ([b]Fixlog.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении!
[list][*]Обратите внимание, что компьютер будет [b]перезагружен[/b].[/list]
05.05.2016, 17:25
Mr.Paff

Вложений: 1

Готово
05.05.2016, 20:26
thyrex

Сделайте [URL="http://virusinfo.info/showthread.php?t=146192&p=1041844&viewfull=1#post1041844"]лог AdwCleaner[/URL]
06.05.2016, 16:54
Mr.Paff

Вложений: 1

лог AdwCleaner
06.05.2016, 17:31
thyrex

Отметьте и удалите все найденное
06.05.2016, 20:22
Mr.Paff

Благодарю! Всё удалилось
06.05.2016, 20:32
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]8[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]