Реклама в браузере на китайском [not-a-virus:Downloader.Win32.ZxrLoader.el, UDS:DangerousObject.Multi.Generic ]

При загрузке Windows выскакивает реклама на китайском. В браузере открываются окна китайских сайтов. Прошу проверить логи.

Уважаемый(ая) [B]Ilya2009[/B], спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

Антивирус от Kingsoft сами устанавливали? Если нет - удалите. Если да - тоже :>

[url="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/url]:[code]begin
TerminateProcessByName('C:\Program Files\R0OIFHG4UG\4PVXNGM5T.exe');
TerminateProcessByName('C:\Program Files\9684X01WQN\9684X01WQ.exe');
TerminateProcessByName('C:\Program Files\AHQ5FIN2ES\AHQ5FIN2E.exe');
TerminateProcessByName('C:\Windows\Temp\g3A6B.tmp.exe');
TerminateProcessByName('C:\Windows\Temp\gFB53.tmp.exe');
TerminateProcessByName('C:\Program Files\HQ6JRYEDIV\HQ6JRYEDI.exe');
TerminateProcessByName('c:\users\nataly\appdata\roaming\hwmonitorapp\hwmonitorapp.exe');
TerminateProcessByName('c:\program files (x86)\kingsoft\shoujizhushou\kphonetray.exe');
TerminateProcessByName('C:\Users\Nataly\AppData\Roaming\TestService\llkq.exe');
TerminateProcessByName('c:\program files (x86)\yubealckie\m3d5qeir4.exe');
TerminateProcessByName('c:\program files (x86)\mediaserchie\m8i8rxaq.exe');
TerminateProcessByName('c:\users\nataly\appdata\local\mail.ru\mailruupdater.exe');
TerminateProcessByName('c:\program files (x86)\system tools 9.0.0\systemtools.exe');
TerminateProcessByName('c:\program files (x86)\ucbrowser\application\6.1.2716.5\ucagent.exe');
TerminateProcessByName('c:\program files (x86)\ucbrowser\application\ucbrowser.exe');
TerminateProcessByName('c:\program files (x86)\ucbrowser\application\ucservice.exe');
StopService('UCBrowserSvc');
StopService('ckjrpvkqf.sys');
StopService('ucdrv');
StopService('wfcre');
QuarantineFileF('c:\program files\9684x01wqn', '*.exe', false, '', 0 , 0);
QuarantineFileF('c:\program files\hq6jryediv', '*.exe', false, '', 0 , 0);
QuarantineFileF('c:\users\nataly\appdata\roaming\hwmonitorapp', '*.exe', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\kingsoft\shoujizhushou', '*.exe', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\mediaserchie', '*.exe', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\vkontodnblockie', '*.exe', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\zaxar', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\users\nataly\appdata\local\hostinstaller', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\vkontodnblocku2', '*.dll', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\yubealcku2', '*.dll', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\mediaserchu2', '*.dll', false, '', 0 , 0);
QuarantineFile('C:\Program Files\R0OIFHG4UG\4PVXNGM5T.exe', '');
QuarantineFile('C:\Program Files\9684X01WQN\9684X01WQ.exe', '');
QuarantineFile('C:\Program Files\AHQ5FIN2ES\AHQ5FIN2E.exe', '');
QuarantineFile('C:\Windows\Temp\g3A6B.tmp.exe', '');
QuarantineFile('C:\Windows\Temp\gFB53.tmp.exe', '');
QuarantineFile('C:\Program Files\HQ6JRYEDIV\HQ6JRYEDI.exe', '');
QuarantineFile('c:\users\nataly\appdata\roaming\hwmonitorapp\hwmonitorapp.exe', '');
QuarantineFile('c:\program files (x86)\kingsoft\shoujizhushou\kphonetray.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\TestService\llkq.exe', '');
QuarantineFile('c:\program files (x86)\yubealckie\m3d5qeir4.exe', '');
QuarantineFile('c:\program files (x86)\mediaserchie\m8i8rxaq.exe', '');
QuarantineFile('c:\users\nataly\appdata\local\mail.ru\mailruupdater.exe', '');
QuarantineFile('c:\program files (x86)\system tools 9.0.0\systemtools.exe', '');
QuarantineFile('c:\program files (x86)\ucbrowser\application\6.1.2716.5\ucagent.exe', '');
QuarantineFile('c:\program files (x86)\ucbrowser\application\ucbrowser.exe', '');
QuarantineFile('c:\program files (x86)\ucbrowser\application\ucservice.exe', '');
QuarantineFile('C:\Program Files (x86)\VKontOdnBlockIE\kJwGsiwD.dll', '');
QuarantineFile('C:\Program Files (x86)\YubeAlckIE\k42rheDK2.dll', '');
QuarantineFile('C:\Program Files (x86)\MediaSerchIE\k5MPaBO.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfoc.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\krapidservice.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\LIBEAY32.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\SSLEAY32.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\keasyipcn.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobiletray.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kcomponent.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmq.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksoft\softmgr.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfocache.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspmediator.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kadbtool.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\knewsfeed.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksfskin.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpopclt.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\passnetwork.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobilescan.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcore.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kconnectengine.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcorecloud.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kexamclear.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\floatapp.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\skhelper.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kusbcore.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\zlib1.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphquery.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphonebackup.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspclient.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi2.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinUsbApi.dll', '');
QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ktoolupd.dll', '');
QuarantineFile('c:\program files (x86)\kingsoft\kingsoft antivirus\keasyipcn.dll', '');
QuarantineFile('c:\program files (x86)\kingsoft\kingsoft antivirus\zlib1.dll', '');
QuarantineFile('C:\Program Files (x86)\YubeAlckIE\h42Ia.dll', '');
QuarantineFile('C:\Program Files (x86)\MediaSerchIE\9UBp2gB.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_elf.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_child.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libmp3lame.DLL', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libglesv2.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libegl.dll', '');
QuarantineFile('C:\WINDOWS\system32\drivers\ckjrpvkqf.sys', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\wfcre.sys', '');
QuarantineFile('C:\WINDOWS\system32\drivers\pjruwblhx.sys', '');
QuarantineFile('C:\WINDOWS\system32\drivers\wxvguqyos.sys', '');
QuarantineFile('C:\Program Files (x86)\DiskWMpower\DiskPower.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe', '');
QuarantineFile('C:\Program Files\OCA3I5J7OH\OCA3I5J7O.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\TestService\TestService.vbs', '');
QuarantineFile('C:\Program Files\X1D3BFQEPV\X1D3BFQEP.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\novezum55hv\mx5n2zxahur.exe', '');
QuarantineFile('C:\Program Files\N0PJKE050W\N0PJKE050.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\3nl2z4fln2w\0hm5risbftv.exe', '');
QuarantineFile('C:\Program Files (x86)\jysvzipv42u\I70VW.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\wadsbo1hx5o\eyxp5fboe2x.exe', '');
QuarantineFile('C:\Program Files\E610M0SV61\E610M0SV6.exe', '');
QuarantineFile('C:\Program Files\BN3G220HZ9\BN3G220HZ.exe', '');
QuarantineFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\yuw3oo200hw\gdrnbbmjuda.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\rqcxetn05kh\t3wbjgke5q2.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Roaming\gplyra\gplyra.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll', '');
QuarantineFile('C:\Program Files (x86)\VKontOdnBlockU\9RuiTJd.dll', '');
QuarantineFile('C:\Program Files (x86)\YubeAlckU\Dh81QPf.dll', '');
QuarantineFile('C:\Program Files (x86)\MediaSerchU\oJjiJzR.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\update_task.exe', '');
QuarantineFile('C:\Users\Nataly\AppData\Local\Hostinstaller\2330996817_installcube.exe', '');
QuarantineFile('C:\Program Files (x86)\VKontOdnBlockU2\pfbpw0L.dll', '');
QuarantineFile('C:\Program Files (x86)\YubeAlckU2\jqaOdxC.dll', '');
QuarantineFile('C:\Program Files (x86)\MediaSerchU2\IpNLGvm.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe', '');
QuarantineFile('C:\Program Files\XE MXFOSB\XE MXFOSB.dll', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe', '');
QuarantineFileF('C:\Windows\Temp', '*.tmp.exe', false, '', 0, 0);
DeleteFile('C:\Windows\Tasks\290924A7-DF44-4580-A66C-EED007367EC3.job', '64');
DeleteFile('C:\Windows\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job', '64');
DeleteFile('C:\Windows\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511.job', '64');
DeleteFile('C:\Windows\Tasks\UCBrowserUpdater.job', '64');
DeleteFile('C:\Windows\Tasks\UCBrowserUpdaterCore.job', '64');
DeleteFile('C:\Program Files\R0OIFHG4UG\4PVXNGM5T.exe', '32');
DeleteFile('C:\Program Files\9684X01WQN\9684X01WQ.exe', '32');
DeleteFile('C:\Program Files\AHQ5FIN2ES\AHQ5FIN2E.exe', '32');
DeleteFile('C:\Windows\Temp\g3A6B.tmp.exe', '32');
DeleteFile('C:\Windows\Temp\gFB53.tmp.exe', '32');
DeleteFile('C:\Program Files\HQ6JRYEDIV\HQ6JRYEDI.exe', '32');
DeleteFile('c:\users\nataly\appdata\roaming\hwmonitorapp\hwmonitorapp.exe', '32');
DeleteFile('c:\program files (x86)\kingsoft\shoujizhushou\kphonetray.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\TestService\llkq.exe', '32');
DeleteFile('c:\program files (x86)\yubealckie\m3d5qeir4.exe', '32');
DeleteFile('c:\program files (x86)\mediaserchie\m8i8rxaq.exe', '32');
DeleteFile('c:\users\nataly\appdata\local\mail.ru\mailruupdater.exe', '32');
DeleteFile('c:\program files (x86)\system tools 9.0.0\systemtools.exe', '32');
DeleteFile('c:\program files (x86)\ucbrowser\application\6.1.2716.5\ucagent.exe', '32');
DeleteFile('c:\program files (x86)\ucbrowser\application\ucbrowser.exe', '32');
DeleteFile('c:\program files (x86)\ucbrowser\application\ucservice.exe', '32');
DeleteFile('C:\Program Files (x86)\VKontOdnBlockIE\kJwGsiwD.dll', '32');
DeleteFile('C:\Program Files (x86)\YubeAlckIE\k42rheDK2.dll', '32');
DeleteFile('C:\Program Files (x86)\MediaSerchIE\k5MPaBO.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfoc.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\krapidservice.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\LIBEAY32.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\SSLEAY32.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\keasyipcn.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobiletray.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kcomponent.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmq.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksoft\softmgr.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfocache.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspmediator.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kadbtool.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\knewsfeed.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksfskin.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpopclt.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\passnetwork.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobilescan.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcore.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kconnectengine.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcorecloud.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kexamclear.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\floatapp.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\skhelper.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kusbcore.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\zlib1.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphquery.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphonebackup.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspclient.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi2.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinUsbApi.dll', '32');
DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ktoolupd.dll', '32');
DeleteFile('c:\program files (x86)\kingsoft\kingsoft antivirus\keasyipcn.dll', '32');
DeleteFile('c:\program files (x86)\kingsoft\kingsoft antivirus\zlib1.dll', '32');
DeleteFile('C:\Program Files (x86)\YubeAlckIE\h42Ia.dll', '32');
DeleteFile('C:\Program Files (x86)\MediaSerchIE\9UBp2gB.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_elf.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_child.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libmp3lame.DLL', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libglesv2.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libegl.dll', '32');
DeleteFile('C:\WINDOWS\system32\drivers\ckjrpvkqf.sys', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\wfcre.sys', '32');
DeleteFile('C:\WINDOWS\system32\drivers\pjruwblhx.sys', '32');
DeleteFile('C:\WINDOWS\system32\drivers\wxvguqyos.sys', '32');
DeleteFile('C:\Program Files (x86)\DiskWMpower\DiskPower.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe', '32');
DeleteFile('C:\Program Files\OCA3I5J7OH\OCA3I5J7O.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\TestService\TestService.vbs', '32');
DeleteFile('C:\Program Files\X1D3BFQEPV\X1D3BFQEP.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\novezum55hv\mx5n2zxahur.exe', '32');
DeleteFile('C:\Program Files\N0PJKE050W\N0PJKE050.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\3nl2z4fln2w\0hm5risbftv.exe', '32');
DeleteFile('C:\Program Files (x86)\jysvzipv42u\I70VW.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\wadsbo1hx5o\eyxp5fboe2x.exe', '32');
DeleteFile('C:\Program Files\E610M0SV61\E610M0SV6.exe', '32');
DeleteFile('C:\Program Files\BN3G220HZ9\BN3G220HZ.exe', '32');
DeleteFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\yuw3oo200hw\gdrnbbmjuda.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\rqcxetn05kh\t3wbjgke5q2.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\gplyra\gplyra.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll', '32');
DeleteFile('C:\Program Files (x86)\VKontOdnBlockU\9RuiTJd.dll', '32');
DeleteFile('C:\Program Files (x86)\YubeAlckU\Dh81QPf.dll', '32');
DeleteFile('C:\Program Files (x86)\MediaSerchU\oJjiJzR.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\update_task.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Local\Hostinstaller\2330996817_installcube.exe', '32');
DeleteFile('C:\Program Files (x86)\VKontOdnBlockU2\pfbpw0L.dll', '32');
DeleteFile('C:\Program Files (x86)\YubeAlckU2\jqaOdxC.dll', '32');
DeleteFile('C:\Program Files (x86)\MediaSerchU2\IpNLGvm.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe', '32');
DeleteFile('C:\Program Files\XE MXFOSB\XE MXFOSB.dll', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe', '32');
DeleteFile('C:\Users\Nataly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk');
DeleteService('UCBrowserSvc');
DeleteService('ckjrpvkqf.sys');
DeleteService('ucdrv');
DeleteService('wfcre');
DeleteService('pjruwblhx.sys');
DeleteService('wxvguqyos.sys');
DeleteFileMask('c:\program files\r0oifhg4ug', '*', true);
DeleteFileMask('c:\program files\9684x01wqn', '*', true);
DeleteFileMask('c:\program files\ahq5fin2es', '*', true);
DeleteFileMask('c:\program files\hq6jryediv', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\hwmonitorapp', '*', true);
DeleteFileMask('c:\program files (x86)\kingsoft\shoujizhushou', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\testservice', '*', true);
DeleteFileMask('c:\program files (x86)\yubealckie', '*', true);
DeleteFileMask('c:\program files (x86)\mediaserchie', '*', true);
DeleteFileMask('c:\users\nataly\appdata\local\mail.ru', '*', true);
DeleteFileMask('c:\program files (x86)\system tools 9.0.0', '*', true);
DeleteFileMask('c:\program files (x86)\ucbrowser', '*', true);
DeleteFileMask('c:\program files (x86)\vkontodnblockie', '*', true);
DeleteFileMask('c:\program files (x86)\diskwmpower', '*', true);
DeleteFileMask('c:\program files\oca3i5j7oh', '*', true);
DeleteFileMask('c:\program files\x1d3bfqepv', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\novezum55hv', '*', true);
DeleteFileMask('c:\program files\n0pjke050w', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\3nl2z4fln2w', '*', true);
DeleteFileMask('c:\program files (x86)\jysvzipv42u', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\wadsbo1hx5o', '*', true);
DeleteFileMask('c:\program files\e610m0sv61', '*', true);
DeleteFileMask('c:\program files\bn3g220hz9', '*', true);
DeleteFileMask('c:\program files (x86)\yeadesktop', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\yuw3oo200hw', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\rqcxetn05kh', '*', true);
DeleteFileMask('c:\users\nataly\appdata\roaming\gplyra', '*', true);
DeleteFileMask('c:\program files (x86)\zaxar', '*', true);
DeleteFileMask('c:\program files (x86)\vkontodnblocku', '*', true);
DeleteFileMask('c:\program files (x86)\yubealcku', '*', true);
DeleteFileMask('c:\program files (x86)\mediaserchu', '*', true);
DeleteFileMask('c:\users\nataly\appdata\local\hostinstaller', '*', true);
DeleteFileMask('c:\program files (x86)\vkontodnblocku2', '*', true);
DeleteFileMask('c:\program files (x86)\yubealcku2', '*', true);
DeleteFileMask('c:\program files (x86)\mediaserchu2', '*', true);
DeleteFileMask('c:\program files\xe mxfosb', '*', true);
DeleteFileMask('C:\Windows\Temp', '*.tmp.exe', true);
DeleteDirectory('c:\program files\r0oifhg4ug');
DeleteDirectory('c:\program files\9684x01wqn');
DeleteDirectory('c:\program files\ahq5fin2es');
DeleteDirectory('c:\program files\hq6jryediv');
DeleteDirectory('c:\users\nataly\appdata\roaming\hwmonitorapp');
DeleteDirectory('c:\program files (x86)\kingsoft\shoujizhushou');
DeleteDirectory('c:\users\nataly\appdata\roaming\testservice');
DeleteDirectory('c:\program files (x86)\yubealckie');
DeleteDirectory('c:\program files (x86)\mediaserchie');
DeleteDirectory('c:\users\nataly\appdata\local\mail.ru');
DeleteDirectory('c:\program files (x86)\system tools 9.0.0');
DeleteDirectory('c:\program files (x86)\ucbrowser');
DeleteDirectory('c:\program files (x86)\vkontodnblockie');
DeleteDirectory('c:\program files (x86)\diskwmpower');
DeleteDirectory('c:\program files\oca3i5j7oh');
DeleteDirectory('c:\program files\x1d3bfqepv');
DeleteDirectory('c:\users\nataly\appdata\roaming\novezum55hv');
DeleteDirectory('c:\program files\n0pjke050w');
DeleteDirectory('c:\users\nataly\appdata\roaming\3nl2z4fln2w');
DeleteDirectory('c:\program files (x86)\jysvzipv42u');
DeleteDirectory('c:\users\nataly\appdata\roaming\wadsbo1hx5o');
DeleteDirectory('c:\program files\e610m0sv61');
DeleteDirectory('c:\program files\bn3g220hz9');
DeleteDirectory('c:\program files (x86)\yeadesktop');
DeleteDirectory('c:\users\nataly\appdata\roaming\yuw3oo200hw');
DeleteDirectory('c:\users\nataly\appdata\roaming\rqcxetn05kh');
DeleteDirectory('c:\users\nataly\appdata\roaming\gplyra');
DeleteDirectory('c:\program files (x86)\zaxar');
DeleteDirectory('c:\program files (x86)\vkontodnblocku');
DeleteDirectory('c:\program files (x86)\yubealcku');
DeleteDirectory('c:\program files (x86)\mediaserchu');
DeleteDirectory('c:\users\nataly\appdata\local\hostinstaller');
DeleteDirectory('c:\program files (x86)\vkontodnblocku2');
DeleteDirectory('c:\program files (x86)\yubealcku2');
DeleteDirectory('c:\program files (x86)\mediaserchu2');
DeleteDirectory('c:\program files\xe mxfosb');
DelBHO('{290924A7-DF44-4580-A66C-EED007367EC3}');
DelBHO('{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}');
DelBHO('{8E8F97CD-60B5-456F-A201-73065652D099}');
DelBHO('{B3A986DC-C2DD-40A0-8C0C-FEF66B783511}');
DelBHO('{17FE002F-FCF8-4B85-BEA7-5E551B7D4010}');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "290924A7-DF44-4580-A66C-EED007367EC3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "290924A7-DF44-4580-A66C-EED007367EC32" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "2C6A44CB-AD42-4731-A544-3FBD3D83AB5B" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "B3A986DC-C2DD-40A0-8C0C-FEF66B783511" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "B3A986DC-C2DD-40A0-8C0C-FEF66B7835112" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "MailRuUpdater" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "U2_290924A7-DF44-4580-A66C-EED007367EC3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserSecureUpdater" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserUpdater" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserUpdaterCore" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "XE MXFOSB" /F', 0, 15000, true);
DelCLSID('{65122CB0-EA0F-47DF-A953-017170ED12F9}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'DiskPower');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'AppHelperV7.exe');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MailRuUpdater');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SystemTools');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZUCCE7SGPLU4QFV');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'TestService.vbs');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '9HHK41T8TWI4N7I');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'r11bi5comwy');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GRPH05D5QHIMY4K');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gs41dggspi5');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '11DYAWSCOXTTZYD');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'luqmaxjvdax');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '3VFIH9T9V0ZHFZS');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GKMXP9ZAUXSYEAZ');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YeaDesktop');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'HwmonitorApp');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'K4J6NXR2PKYJ9Q1');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'huhgitjpyul');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '0oq44bcfoap');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'HY5XQ3LPEARYL1S');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Z3XEHWJ1UWGVH8J');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Z6F10AYWNM2K9EW');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gplyra');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 3, 3, true);
RebootWindows(true);
end.[/code]Компьютер перезагрузится.

В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.

Скачайте утилиту Universal Virus Sniffer [URL="https://yadi.sk/d/6A65LkI1WEuqC"]отсюда[/URL] и [url=http://virusinfo.info/showthread.php?t=121767]сделайте полный образ автозапуска uVS[/url].

Сделал как Вы сказали. Основные симптомы ушли, но в браузере самопроизвольно открываются окна и в трее висит строка поиска рекламы.

Ну, не всё сразу, установили себе целый зоопарк китайских вирусов + ещё китайский антивирус для их поддержки :P Удалить штатно Kingsoft Antivirus не получится, так хоть отключите его, если сможете.

Удалите программы EnjoyWiFi, Unity Web Player, Амиго и Служба автоматического обновления программ.
OneClick, версия 1.2.4.0 - знаете что, зачем нужно? Деинсталлируйте тоже для верности.

Отключите до перезагрузки антивирус Касперского.
Скопируйте скрипт ниже в буфер обмена (выделить и нажать Ctrl-C):[code];uVS v4.0.6 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
cexec tools\CreateRestorePoint.exe BeforeCure
;------------------------autoscript---------------------------

sreg

zoo %SystemRoot%\C_02IU47.DAT
addsgn BA652BBE5D22C5062FC4F9F9E724324CAE72772CC171EEFB7FC2B0B9B861744C235B4890B586D5C2E5C80FC36226017109FBD03AD61E9073C4005AD038CAEEBF 58 variant of Win64/CoinMiner.BO [ESET] 6

zoo %Sys32%\DRIVERS\SJELBOIAX.SYS
addsgn BA6F9BB219E18E3E801D46249B37ED4CAE5AB57D40B29CBCAD2AC3BCAE29BD80F307C1573E559D492B80849F940C4BFA6DBFE97295CAB22C2D77A42FC7062273 64 W32.Trojan.Gen [Webroot] 7

chklst
delvir

deldir %SystemDrive%\PROGRAM FILES (X86)\MAIL.RU\MAILRUUPDATER

deldir %SystemDrive%\USERS\NATALY\APPDATA\LOCAL\AMIGO\APPLICATION

delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KRCMDSEXT64.DLL
del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KRCMDSEXT64.DLL
delref %SystemDrive%\PROGRAMDATA\KINGSOFT\KSALPHA64.DLL
del %SystemDrive%\PROGRAMDATA\KINGSOFT\KSALPHA64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KDUMP64.DLL
del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KDUMP64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KISFDPRO64.DLL
del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KISFDPRO64.DLL
delref HTTPS://CHROME.GOOGLE.COM/WEBSTORE/DETAIL/FHOIBNPONJCGJGCNFACEKAIJDBBPLHIB
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KXESCAN\KDHACKER64_EV.SYS
del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KXESCAN\KDHACKER64_EV.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KSNETM\KISNETM64_EV.SYS
del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KSNETM\KISNETM64_EV.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
delref %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER\INSTALL.RDF
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
deldir %SystemDrive%\PROGRAMDATA\KINGSOFT
uidel "C:\Program Files (x86)\YeaDesktop\unins000.exe"
uidel C:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe /uC:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe
uidel "C:\Program Files (x86)\DiskWMpower\unins000.exe"
uidel C:\Users\Nataly\AppData\Roaming\HwmonitorApp\uninstaller.exe
uidel "C:\Program Files (x86)\System Tools 9.0.0\unins000.exe"
uidel C:\Program Files (x86)\MediaSerchUn\uninstall.exe
uidel C:\Program Files (x86)\VKontOdnBlockUn\uninstall.exe
uidel C:\Program Files (x86)\YubeAlckUn\uninstall.exe
uidel "C:\Program Files (x86)\Zaxar\unins000.exe"
delref %Sys32%\DRIVERS\LMJBQOGEJ.SYS
delref %Sys32%\DRIVERS\KSAPI64.SYS
del %Sys32%\DRIVERS\KSAPI64.SYS
delref %Sys32%\DRIVERS\BOOTSAFE64_EV.SYS
delref HTTP://MAIL.RU/CNT/10445?GP=821115
delref HTTP://GO.MAIL.RU/DISTIB/EP/?Q={SEARCHTERMS}&PRODUCT_ID=%7B5C6463A0-0956-47DA-B33B-6D65EFCD2D56%7D&GP=821116
delref %SystemDrive%\USERS\NATALY\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\YUBEALCKIE\K42RHEDK2.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MEDIASERCHIE\K5MPABO.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\VKONTODNBLOCKIE\KJWGSIWD.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\VKONTODNBLOCKIE\T84PZHL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\YUBEALCKIE\TBGV9T7GW.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MEDIASERCHIE\TF1G8WO4A.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]
delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]
zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\{A38384B3-2D1D-4F36-BC22-0F7AE402BCD7}\INSTALL.RDF
delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\{A38384B3-2D1D-4F36-BC22-0F7AE402BCD7}\INSTALL.RDF
zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF
delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF
zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF
delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF
zoo %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{5C3FD6D1-9185-4195-B5E1-FAB622427F59}\INSTALL.RDF
delall %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{5C3FD6D1-9185-4195-B5E1-FAB622427F59}\INSTALL.RDF
zoo %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33}\INSTALL.RDF
delall %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33}\INSTALL.RDF
zoo %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{430144B3-1DBC-4C4B-925E-8A7A98AEEBC8}\INSTALL.RDF
delall %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{430144B3-1DBC-4C4B-925E-8A7A98AEEBC8}\INSTALL.RDF
delref HTTPS://MAIL.RU/CNT/11956636?FR=FFHP1.0.3&GP=820321
delref HTTP://GO.MAIL.RU/DISTIB/EP/?PRODUCT_ID=%7B94B580BC-8B19-4D3F-8FDA-974F0A8DC4FB%7D&GP=821116
zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER\INSTALL.RDF
delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER\INSTALL.RDF
delref %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\TESTSERVICE\KJASDJKAS.VBS
delref %SystemDrive%\PROGRAM FILES\XE MXFOSB\XE MXFOSB.DLL
delref {35EF4182-F900-4632-B072-8639E4478A61}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KDESKMENU64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KWANSVC64.DLL
delref %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\HWMONITORAPP\HWMONITORAPP\HWMONITOR2.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\NPKWS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\VKONTODNBLOCKIE\MAWVAVARR.EXE
del %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\UC浏览器.LNK
del %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\STARTMENU\UC浏览器.LNK
del %SystemDrive%\USERS\NATALY\DESKTOP\HWMONITOR2.LNK
del %SystemDrive%\USERS\PUBLIC\DESKTOP\UC浏览器.LNK
apply
czoo
deltmp
areg
;-------------------------------------------------------------
[/code]
Запустите файл start.exe из папки с uVS, выберите "Запустить под текущим пользователем", в главном меню программы - Скрипты -> выполнить скрипт из буфера обмена.
Компьютер перезагрузится.

В папке с uVS появится архив ZIP с именем, начинающимся с ZOO_ и далее из даты и времени, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.

В папке с UVS будет лог выполнения скрипта, текстовый файл с именем из даты и времени выполнения, прикрепите его с своему сообщению.

Скачайте [URL="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/"]Farbar Recovery Scan Tool[/URL] и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Кроме уже установленных, отметьте галочками также "90 Days Files".

Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше все в одном архиве).

Сделал как сказали. UVS лог не создал, в папке с программой не было ничего похожего даже близко. В паке ZOO два файла, но они без расширения *zip. Программа FRST логи создала, они во вложении.

Запустите FRST/FRST64. Нажмите комбинацию Ctrl+Y - откроется Блокнот. Скопируйте в него следующий код:[CODE]Powershell: enable-computerrestore "C:\"
CreateRestorePoint:
HKLM-x32\...\Run: [kxesc] => "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKU\S-1-5-21-2788805853-238867396-2225834899-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=821115
SearchScopes: HKU\S-1-5-21-2788805853-238867396-2225834899-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B5C6463A0-0956-47DA-B33B-6D65EFCD2D56%7D&gp=821116
SearchScopes: HKU\S-1-5-21-2788805853-238867396-2225834899-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B5C6463A0-0956-47DA-B33B-6D65EFCD2D56%7D&gp=821116
BHO: VKOKAdBlock -> {290924A7-DF44-4580-A66C-EED007367EC3} -> C:\Program Files (x86)\VKontOdnBlockIE\t84PZHl.dll => No File
BHO: YoutubeAdBlock -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> C:\Program Files (x86)\YubeAlckIE\tbgv9T7gw.dll => No File
BHO: TSearch -> {B3A986DC-C2DD-40A0-8C0C-FEF66B783511} -> C:\Program Files (x86)\MediaSerchIE\tF1g8wo4a.dll => No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\whka7qs7.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\whka7qs7.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\whka7qs7.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=820321
FF Extension: (Fast search) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\amcontextmenu@loucypher [2017-07-07]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\[email protected] [2017-07-08]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\[email protected] [2017-07-08]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-07-08]
FF SearchPlugin: C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\searchplugins\mailru.xml [2017-07-08]
FF Extension: (VK+OK AdBlock) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{430144B3-1DBC-4C4B-925E-8A7A98AEEBC8} [2017-07-07] [not signed]
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-07-07] [not signed]
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4155096 2017-07-03] (Mail.Ru)
R1 lmjbqogej.sys; C:\WINDOWS\system32\drivers\lmjbqogej.sys [121200 2017-07-10] () [File not signed]
S1 peyymvvgx.sys; C:\WINDOWS\system32\drivers\peyymvvgx.sys [15424 2017-07-10] () [File not signed]
S1 psogygfry.sys; C:\WINDOWS\system32\drivers\psogygfry.sys [15424 2017-07-10] () [File not signed]
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S1 wxhrcgsga.sys; C:\WINDOWS\system32\drivers\wxhrcgsga.sys [15424 2017-07-10] () [File not signed]
2017-07-10 23:08 - 2017-07-10 23:08 - 00015424 _____ C:\Windows\system32\Drivers\wxhrcgsga.sys
2017-07-10 22:58 - 2017-07-10 22:58 - 00015424 _____ C:\Windows\system32\Drivers\peyymvvgx.sys
2017-07-10 22:52 - 2017-07-10 22:52 - 00015424 _____ C:\Windows\system32\Drivers\psogygfry.sys
2017-07-10 13:39 - 2017-07-10 22:51 - 00121200 _____ C:\Windows\system32\Drivers\lmjbqogej.sys
2017-07-10 13:37 - 2017-07-09 11:43 - 02409648 _____ (Kingsoft Corporation) C:\Windows\system32\kisedgehmpg.dll
2017-07-09 00:05 - 2017-07-09 00:05 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\kcleaner
2017-07-08 23:26 - 2017-07-08 23:26 - 00000000 ____D C:\Users\Nataly\AppData\LocalLow\TbeAckSt
2017-07-08 23:26 - 2017-07-08 23:26 - 00000000 ____D C:\Users\Nataly\AppData\LocalLow\MedSerch
2017-07-08 22:23 - 2017-07-08 22:23 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\shoujizhushou
2017-07-08 20:46 - 2017-07-10 13:40 - 00000000 ____D C:\ProgramData\KRSHistory
2017-07-08 20:42 - 2017-07-08 20:42 - 00000000 ____D C:\Users\Nataly\AppData\Local\Kingsoft
017-07-07 20:39 - 2017-07-08 20:45 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\jibgcg01wsg
2017-07-07 20:39 - 2017-07-08 20:45 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\35z31as1wzg
2017-07-07 20:39 - 2017-07-07 20:39 - 00000192 _____ C:\Users\Nataly\Desktop\Искать в Интернете.url
2017-07-07 20:39 - 2017-07-07 20:39 - 00000000 ____D C:\Program Files\C3W0OU81CH
2017-07-07 20:39 - 2017-07-07 20:39 - 00000000 ____D C:\Program Files\82IFG6TBX1
2017-07-07 20:36 - 2017-07-10 13:40 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\Kingsoft
2017-07-07 20:36 - 2017-07-08 20:47 - 00000000 ____D C:\Program Files (x86)\kingsoft
2017-07-07 20:36 - 2017-07-07 20:36 - 00000000 ____D C:\Users\Все пользователи\kdesk
2017-07-07 20:36 - 2017-07-07 20:36 - 00000000 ____D C:\ProgramData\kdesk
2017-07-07 20:36 - 2017-07-07 20:36 - 00000000 ____D C:\Program Files (x86)\Tencent
2017-07-07 20:35 - 2017-07-10 22:52 - 00000000 ____D C:\ProgramData\Kingsoft
2017-07-07 20:35 - 2017-07-07 20:36 - 00000000 ____D C:\Users\Все пользователи\Tencent
2017-07-07 20:35 - 2017-07-07 20:36 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\Tencent
2017-07-07 20:35 - 2017-07-07 20:36 - 00000000 ____D C:\ProgramData\Tencent
2017-07-07 20:28 - 2017-07-07 20:28 - 01525110 _____ (Bomoh ) C:\Users\Nataly\Downloads\HDSetup_0958303584.exe
2017-07-07 20:10 - 2017-07-07 20:10 - 00001595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2017-07-07 20:10 - 2017-07-07 20:10 - 00001583 _____ C:\Users\Public\Desktop\UC浏览器.lnk
2017-07-07 20:10 - 2017-07-07 20:10 - 00000000 ____D C:\Users\Nataly\AppData\Local\UCBrowser
2017-07-07 20:10 - 2017-07-07 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2017-07-07 20:09 - 2017-07-10 23:10 - 00000075 _____ C:\Windows\system32\r6lstmp4.dat
2017-07-07 20:09 - 2017-07-10 13:31 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-07-07 20:09 - 2017-07-07 20:09 - 00001180 _____ C:\Users\Nataly\Desktop\Hwmonitor2.lnk
2017-07-07 20:09 - 2017-07-07 20:09 - 00000000 ____D C:\Program Files (x86)\VKontOdnBlockUn
2017-07-07 20:08 - 2017-07-07 20:08 - 00000000 ____D C:\Program Files (x86)\YubeAlckUn
2017-07-07 20:08 - 2017-07-07 20:08 - 00000000 ____D C:\Program Files (x86)\Mail.Ru
2017-07-07 20:08 - 2017-07-05 14:22 - 02017280 ___SH (Micrasaft Carparation) C:\Windows\C_02iu47.dat
2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\LocalLow\Unity
2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\Local\Unity
2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\Local\OneClick
2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\Local\Amigo
2017-05-18 14:51 - 2017-07-10 13:30 - 00000000 ____D C:\Users\Nataly\AppData\Local\Mail.Ru
2017-05-18 14:50 - 2017-05-18 15:51 - 00000000 ____D C:\Users\Все пользователи\Mail.Ru
2017-07-10 13:35 - 2016-07-16 09:04 - 00000000 ____D C:\Program Files\XE MXFOSB
ContextMenuHandlers01: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers01: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers02: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File
ContextMenuHandlers04: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers04: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [KDeskMenuShell] -> {B5E436BC-642A-4BF6-B725-26038AF26E89} => c:\program files (x86)\kingsoft\kingsoft antivirus\kdeskmenu64.dll -> No File
ContextMenuHandlers05: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {1516B8C5-1E14-4045-84C9-04A5A270E188} - System32\Tasks\XE MXFOSB => Rundll32.exe "C:\Program Files\XE MXFOSB\XE MXFOSB.dll",wLxoJnmxUFka <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1223458]
FirewallRules: [{C138DC87-9F11-4906-B4A2-5361BF515664}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{D12D0581-B842-41FA-98A5-FC9EC50D6955}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{2C12F18A-99FE-449B-83A4-69CAC6BF3227}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{3EB1D861-ECA1-40E8-9703-05D4DFFDFB50}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{79E88048-4B72-41CA-969A-E732FCC22FAC}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{29EE5DBF-E9BE-410F-BD19-F707376B1132}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{6A7E5C71-FADD-4686-BD6F-FD79A802C785}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{4369D162-59EE-47BE-8E3A-87AB30E2126B}] => (Allow) C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\UCBrowser
Reboot:[/CODE]
Сохраните (Ctrl+S) и закройте.
Отключите до перезагрузки антивирус, [U]закройте все браузеры[/U], в FRST нажмите [B]Fix[/B] и подождите. Программа создаст лог-файл ([B]Fixlog.txt[/B]). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Сделайте лог [URL="http://virusinfo.info/showthread.php?t=146192&p=1041844&viewfull=1#post1041844"]Malwarebytes AdwCleaner[/URL].

Сделал. Логи во вложении - в одной файле.

[url="http://virusinfo.info/showthread.php?t=146192&p=1041864&viewfull=1#post1041864"]Удалите всё найденное в [B]AdwCleaner[/B][/URL], дождитесь окончания удаления и перезагрузите систему по требованию программы.
После входа в систему откроется отчёт AdwCleaner - файл AdwCleaner[C0].txt, прикрепите к своему следующему сообщению.
[URL="http://virusinfo.info/showthread.php?t=128635"]Очистите кэш и cookies-файлы браузеров[/URL] и сообщите, что с проблемами.

Сделал, лог во вложении.

Что с проблемами?

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]132[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\program files (x86)\system tools 9.0.0\systemtools.exe - [B]not-a-virus:RiskTool.Win32.Agent.aomn[/B][*] c:\program files (x86)\zaxar\update.dll - [B]not-a-virus:Downloader.Win32.ZxrLoader.el[/B][*] c:\program files\ahq5fin2es\ahq5fin2e.exe - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\program files\hq6jryediv\hq6jryedi.exe - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\program files\hq6jryediv\uninstaller.exe - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\program files\r0oifhg4ug\4pvxngm5t.exe - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\program files\xe mxfosb\xe mxfosb.dll - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\program files\9684x01wqn\uninstaller.exe - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\program files\9684x01wqn\9684x01wq.exe - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\users\nataly\appdata\local\temp\apphelperv7.exe - [B]UDS:DangerousObject.Multi.Generic[/B][*] c:\users\nataly\appdata\roaming\testservice\llkq.exe - [B]not-a-virus:RiskTool.Win64.BitCoinMiner.cqa[/B][*] c:\windows\temp\geb91.tmp.exe - [B]UDS:DangerousObject.Multi.Generic[/B][*] c:\windows\temp\g3a6b.tmp.exe - [B]Trojan.Win64.Eroyee.aod[/B][*] c:\windows\temp\g5b18.tmp.exe - [B]UDS:DangerousObject.Multi.Generic[/B][/LIST][/LIST]