Решил полечить, а наткнулся на вирус. Вот теперь пытаюсь через вас.
Printable View
Решил полечить, а наткнулся на вирус. Вот теперь пытаюсь через вас.
Уважаемый(ая) [B]Plem9wa[/B], спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].
[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\Cruddit\Cruddit.dll','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\cid25r3qloo\fdb2t4xm1lv.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\z5ix21cqo5t\uozrbo3w0my.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\rip1soeqhxm\up2nol2mjbe.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\jyqdkcgh4ri\iyw3ijdktbo.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\bou1vl3ww1d\1blxhj1j1tp.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\gxjsqj02v0d\i30g5emyhwr.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\wnjvka3h2s3\syraaokwofj.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\ktkfzyvj1ye\s33eviyouuj.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\x1xmolryn2y\piuq1r535he.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\2d2xzywfj3h\f3tw5zt5r25.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\wkshb0jrgwg\h21m5yogrzn.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\gwl4jnntdlu\cj3h1vq1tj5.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\g310theqkrs\4obh4hlgq4a.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\xdg310evwyb\mdv5akfabw5.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\544k4uajycy\fpq4r3qugtr.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\mzd5qzt3hks\rs2jzyzrbe2.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\vkufednj2hd\lnvg322wubx.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\fz5g55f3ic0\5eat4tdnfel.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\jrk0lybejg1\2gdtirw4yos.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\zlduhqxvqtq\imupe4kd4rq.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\vzgv2voqabc\jpugrfkuwum.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\jbjslkitkb0\crpe3v4ebif.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\fr1nyiopdti\neschaddblx.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\imurnwf3tgf\5p3eqzvlbpp.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\tqtrsekslqu\3oq1setcscb.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\s0qhbuos2tg\32jhupo2c32.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\wnhehe3h5mz\i4snmwntnx4.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\x0vw0bybesj\cjls2cnxysa.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\sqkzcaoozuf\lbolume3ln4.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\cajd0zwfien\y5snjgdl2sb.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\erlmsnwbnpn\0jvvka1kb4j.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\rb3gclgylzn\3bkkw2ytvhp.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\rzmx3cowxjz\fctph1jefgd.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\4ukbfyolslm\3tnmdmtj4xl.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\sewp3r1xdow\oxt41gw2gnu.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\4n5zy000zi4\vnv0in2hxmc.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\r3cystrrsbi\0o3rphnwkl2.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\cuv3cnmp0rw\hwohist00ow.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\dknblin5khi\tteuwxraalu.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\2avlmytcirl\p1beh4aung4.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\1mcbzw0sk3n\lfvkzbdvtbe.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\bd2doqcuvcz\u4ljfp1eabe.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\u4iwyksy1ux\vwru1da2ud5.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\thahicvij1a\iupmqfneqy4.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\metfm4th00l\qyopexhszxh.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\ihirhomnek4\1jtghccywfr.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\1hn2avqnhmj\lkdphtyspal.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\0ds3dh0uepc\u2qqqyalet1.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\2hr0zosbuva\vjoqskm31z5.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\vsqaphtlfna\mekh434wzb0.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\lywhp4v3xx5\vs5y5qsbsba.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\v4gfw3d01xm\4fa22msme0r.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\4zonptwesg0\aje4y124muo.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\5o4ngz2nspx\hguwzxs3t5r.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\3kp1b3wu11e\w1csx5vwp1l.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\t0xl4eny1dn\e3sqcqsgcud.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\z2gtkpm5ur2\ca5qimd1a5q.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\eykrlw05vt1\vblphv3y2gl.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\jr00tbxvckr\khtsc4laduj.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\111bmxxkcbk\4ozum1nxlu5.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\klwtsvhstkk\sqqeuokyv4z.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\ab2b2begowy\r5xv04kgcga.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\kbdmobudebv\5g1moonit4e.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\yktnfwofioq\lk22hodjgcn.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\wpsw1a0m5gi\xvbx3mmuqpe.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\qjlcenbpfls\qqdgkugy2wd.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\xiqn1jkiamx\fhjbviqpghf.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\rdgabhhdspf\s2sxwa1wazo.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\4synrdjfumj\dzulgwzm52f.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\zlbegcmh3md\hb3xfcx3zhx.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\1sksvkrh0vl\o0uk4w53sdm.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\5xvilszhead\dbz2bdlhpcp.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\fbpkfqikpd2\bdki03lsrmd.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\vwb1reqza5n\ihqd0uyie13.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\5pivq4iwp1a\ic5gh0xs3iq.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\e4j4hcdrd4z\cax2zj2m3k0.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\ebpkrrdjkrs\rqduqkdam30.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\r4g1vy4qnyn\4a2viqkr4fy.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\jivadqf13nq\lajfkzs1cso.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\njiqpffl3h5\54zhsa3wwt2.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\aspw20oxury\o5yojx42nqh.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\fvoxz0f3fp4\0vablrliuz4.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\jowxobwocds\skyy1ruegph.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\42bbqnmujvp\pdsm22lcfua.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\tshadkfjdkf\g035dgtknag.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\sofgpblcl0k\d1rvsz2err2.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\n3bmtlffdeg\ztgg2koedms.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\b3o4bwpqsix\gro3qvk413w.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\geomb4exezr\gtaqd5a5gtg.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\ul0c4z0024k\4hqo13zgdlc.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\hrqy50mpiyv\uirgi2nxr4o.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\snzo2berzl4\hkj1oymkkt1.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\my14eqkf5na\13dzuvmtsct.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\djzofe3fv4p\qaeytunfohm.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\jkkrzvj5ljm\fuiusiuctha.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\xs3pxinh5s3\4wrvw4o3nxa.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\oyril5kk4fh\35nockdt5bx.exe','');
QuarantineFile('C:\Users\Яра\AppData\Roaming\usyg3mooiof\0lphc53jbyu.exe','');
DeleteFile('C:\Users\Яра\AppData\Roaming\usyg3mooiof\0lphc53jbyu.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\oyril5kk4fh\35nockdt5bx.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\xs3pxinh5s3\4wrvw4o3nxa.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\jkkrzvj5ljm\fuiusiuctha.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\djzofe3fv4p\qaeytunfohm.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\my14eqkf5na\13dzuvmtsct.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\snzo2berzl4\hkj1oymkkt1.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\hrqy50mpiyv\uirgi2nxr4o.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\ul0c4z0024k\4hqo13zgdlc.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','v05knqx3sso');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ubfrqmedefl');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','qrqmsrke3un');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','unbcccupos2');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','qjwuvy4ulxg');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','uqvsufdg34o');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','gu52dv20213');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','sgwbylz44nu');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','rhslza0sziq');
DeleteFile('C:\Users\Яра\AppData\Roaming\geomb4exezr\gtaqd5a5gtg.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\b3o4bwpqsix\gro3qvk413w.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\n3bmtlffdeg\ztgg2koedms.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\sofgpblcl0k\d1rvsz2err2.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\tshadkfjdkf\g035dgtknag.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\42bbqnmujvp\pdsm22lcfua.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\jowxobwocds\skyy1ruegph.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\fvoxz0f3fp4\0vablrliuz4.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\aspw20oxury\o5yojx42nqh.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\njiqpffl3h5\54zhsa3wwt2.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','eqqvdwct5e3');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','uy4kamhhiqn');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','dkzduckdvcq');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','55cgxqqvdfl');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','drintnkp2ra');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','541bjxs4duu');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','h2ldidw1z2q');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','03eblpyksvu');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','gypqg22zn31');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','z0wbwbtr3p4');
DeleteFile('C:\Users\Яра\AppData\Roaming\jivadqf13nq\lajfkzs1cso.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\r4g1vy4qnyn\4a2viqkr4fy.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\ebpkrrdjkrs\rqduqkdam30.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\e4j4hcdrd4z\cax2zj2m3k0.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\5pivq4iwp1a\ic5gh0xs3iq.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\vwb1reqza5n\ihqd0uyie13.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\fbpkfqikpd2\bdki03lsrmd.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\5xvilszhead\dbz2bdlhpcp.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\1sksvkrh0vl\o0uk4w53sdm.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\zlbegcmh3md\hb3xfcx3zhx.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kqk153yoo5c');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','412g0wuf0p5');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','yrk1jsfzvfn');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','qpcqmsuu5dw');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','0f3ebygw4d1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','orlcdeg5ngn');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','gd2ti1rm155');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kcouodehskc');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zdsgjf022oc');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','lg02kg4hwo5');
DeleteFile('C:\Users\Яра\AppData\Roaming\4synrdjfumj\dzulgwzm52f.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\rdgabhhdspf\s2sxwa1wazo.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\xiqn1jkiamx\fhjbviqpghf.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\qjlcenbpfls\qqdgkugy2wd.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\wpsw1a0m5gi\xvbx3mmuqpe.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\yktnfwofioq\lk22hodjgcn.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\kbdmobudebv\5g1moonit4e.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\ab2b2begowy\r5xv04kgcga.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\klwtsvhstkk\sqqeuokyv4z.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\111bmxxkcbk\4ozum1nxlu5.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','bmi51tdf1vl');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','y3swdixmwws');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','e1ogzgrripv');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mu5hgrhbcgr');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ghfymb3opxo');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','f2a2fhgx0xv');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','x0eoz41ortx');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','pckh2wiprn4');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kv2o5kcifgw');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1ebxy5guiqy');
DeleteFile('C:\Users\Яра\AppData\Roaming\jr00tbxvckr\khtsc4laduj.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\eykrlw05vt1\vblphv3y2gl.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\z2gtkpm5ur2\ca5qimd1a5q.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\t0xl4eny1dn\e3sqcqsgcud.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\3kp1b3wu11e\w1csx5vwp1l.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\5o4ngz2nspx\hguwzxs3t5r.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\4zonptwesg0\aje4y124muo.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\v4gfw3d01xm\4fa22msme0r.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\lywhp4v3xx5\vs5y5qsbsba.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\vsqaphtlfna\mekh434wzb0.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ddfogvvxg1e');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','swghv2hiysp');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','nfte0lvm4ah');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wguxt2dnwui');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','n1khxtgv0qh');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','c1m5gtxlklv');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wmjxzedihq1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','s0nycapohuj');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','hbuxbqtqwps');
DeleteFile('C:\Users\Яра\AppData\Roaming\2hr0zosbuva\vjoqskm31z5.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wnbsysxkq5w');
DeleteFile('C:\Users\Яра\AppData\Roaming\0ds3dh0uepc\u2qqqyalet1.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\1hn2avqnhmj\lkdphtyspal.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','hqpw2zv3yoa');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','x0kx5hkw44p');
DeleteFile('C:\Users\Яра\AppData\Roaming\ihirhomnek4\1jtghccywfr.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\metfm4th00l\qyopexhszxh.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\thahicvij1a\iupmqfneqy4.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\u4iwyksy1ux\vwru1da2ud5.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\bd2doqcuvcz\u4ljfp1eabe.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','jjb3vscm5xb');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5cbdaypjn2l');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','vhxom20kal2');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','txhfmwdq23q');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1sfbvvxzea2');
DeleteFile('C:\Users\Яра\AppData\Roaming\1mcbzw0sk3n\lfvkzbdvtbe.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\2avlmytcirl\p1beh4aung4.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\dknblin5khi\tteuwxraalu.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\cuv3cnmp0rw\hwohist00ow.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\r3cystrrsbi\0o3rphnwkl2.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\4n5zy000zi4\vnv0in2hxmc.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\sewp3r1xdow\oxt41gw2gnu.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\4ukbfyolslm\3tnmdmtj4xl.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\rzmx3cowxjz\fctph1jefgd.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\rb3gclgylzn\3bkkw2ytvhp.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\erlmsnwbnpn\0jvvka1kb4j.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','c1w3brqkmur');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','y2g250lsubp');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','w0dolhl1bup');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','p2o53ukapnk');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','scchcztahto');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','jypa2jaw421');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2rinsbgbl4b');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ije4qgkcfrn');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wiyoncp3l42');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zl1sb1zynhp');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','bumtmdao145');
DeleteFile('C:\Users\Яра\AppData\Roaming\cajd0zwfien\y5snjgdl2sb.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\sqkzcaoozuf\lbolume3ln4.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\x0vw0bybesj\cjls2cnxysa.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\wnhehe3h5mz\i4snmwntnx4.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\s0qhbuos2tg\32jhupo2c32.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\tqtrsekslqu\3oq1setcscb.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\imurnwf3tgf\5p3eqzvlbpp.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\fr1nyiopdti\neschaddblx.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\jbjslkitkb0\crpe3v4ebif.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\vzgv2voqabc\jpugrfkuwum.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\zlduhqxvqtq\imupe4kd4rq.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','xazeuh3dvok');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','gzx12fpobfi');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','vqkda0kbkc3');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','bfopiz0sn1r');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','cpo1yl0e5sv');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ephzmlm54io');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5f1pxpghkgg');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2z5ebhvpviy');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ucryjaxijnk');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2xlhb5lytzt');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3sxjketpsy3');
DeleteFile('C:\Users\Яра\AppData\Roaming\jrk0lybejg1\2gdtirw4yos.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\fz5g55f3ic0\5eat4tdnfel.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\vkufednj2hd\lnvg322wubx.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\mzd5qzt3hks\rs2jzyzrbe2.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\544k4uajycy\fpq4r3qugtr.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\xdg310evwyb\mdv5akfabw5.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\g310theqkrs\4obh4hlgq4a.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\gwl4jnntdlu\cj3h1vq1tj5.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\wkshb0jrgwg\h21m5yogrzn.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\2d2xzywfj3h\f3tw5zt5r25.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','fht3wzcwek0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','qbcs0gcgwcg');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','du0gievi1jc');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','0abmlydcdko');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2her5bkf4w2');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','0xk21hrynwd');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ngswkpzp1bx');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','g1hrgicttmz');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','0lgeixo3fa1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','lmv1qmysmll');
DeleteFile('C:\Users\Яра\AppData\Roaming\x1xmolryn2y\piuq1r535he.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\ktkfzyvj1ye\s33eviyouuj.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\wnjvka3h2s3\syraaokwofj.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\gxjsqj02v0d\i30g5emyhwr.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\bou1vl3ww1d\1blxhj1j1tp.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\jyqdkcgh4ri\iyw3ijdktbo.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\rip1soeqhxm\up2nol2mjbe.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\z5ix21cqo5t\uozrbo3w0my.exe','32');
DeleteFile('C:\Users\Яра\AppData\Roaming\cid25r3qloo\fdb2t4xm1lv.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mspf4zxp4ul');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ityuzzse4b1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','jqbou20mhxu');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','n3hnv3beunz');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','dhoxvspd3gg');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','p5j4mza32kn');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','igiqevbfcjd');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','jsgjkbd4l2r');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','fczgm4lzuoc');
DeleteFile('C:\Program Files\Cruddit\Cruddit.dll','32');
DeleteFile('C:\Windows\Tasks\Cruddit.job','32');
DeleteFile('C:\Windows\system32\Tasks\Cruddit','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Будет выполнена перезагрузка компьютера.
Выполните скрипт в AVZ
[code]begin
CreateQurantineArchive('c:\quarantine.zip');
end.[/code][b]c:\quarantine.zip[/b] пришлите по красной ссылке [color="Red"][u][b]Прислать запрошенный карантин[/b][/u][/color] [b]над первым сообщением[/b] темы.
[B][color="Red"]Пожалуйста, ЕЩЕ РАЗ запустите Autologger, прикрепите к следующему сообщению НОВЫЕ логи [/color][/B]
Всё сделал. Жду дальнейших действий от вас. Спасибо
Жду дальнейших указаний. Спасибо
[INFORMATION]
Темы объединил.[/INFORMATION]
Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.
[list][*][b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.[/list]
1. Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.
2. Убедитесь, что в окне [b]Optional Scan[/b] отмечены [i]List BCD[/i], [i]Driver MD5[/i] и [i]90 Days Files[/i].
[img]http://i.imgur.com/3munStB.png[/img]
3. Нажмите кнопку [b]Scan[/b].
4. После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа.
5. Если программа была запущена в первый раз, также будет создан отчет ([b]Addition.txt[/b]).
6. Отчеты, полученные в пп. 4 и 5, заархивируйте (в [b]один архив[/b]) и прикрепите к сообщению.
Загрузил в карантин
Логи прикрепляют к сообщению через кнопку Расширенный режим
И не нужно плодить темы для каждого нового ответа.
Прости. Не мог разобраться
1. Откройте [b]Блокнот[/b] и скопируйте в него приведенный ниже текст
[code]
CreateRestorePoint:
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
2017-07-25 23:10 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files (x86)\YpuAskUn
2017-07-25 23:10 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files (x86)\YeuAskIE
2017-07-25 23:10 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files (x86)\MefarchIE
2017-07-25 23:10 - 2017-07-26 03:37 - 000000000 ____D C:\Program Files (x86)\YueAckU
2017-07-25 23:10 - 2017-07-26 02:19 - 000000000 ____D C:\Program Files (x86)\MadarchU2
2017-07-25 23:10 - 2017-07-26 00:45 - 000000000 ____D C:\Program Files (x86)\YtuAskU2
2017-07-25 23:09 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files (x86)\MayarchUn
2017-07-25 23:09 - 2017-07-26 04:02 - 000000000 ____D C:\Program Files (x86)\MederchU
Task: {4E5FF248-A4CB-4311-AD31-13EE86336FD4} - \Cruddit -> No File <==== ATTENTION
2017-07-24 11:43 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\2hr0zosbuva
2017-07-24 11:43 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\L3I4BTK4Z8
2017-07-24 11:43 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\EX7JWR8OPD
2017-07-24 11:43 - 2017-07-24 11:43 - 000000000 ____D C:\Users\Яра\AppData\Roaming\0ds3dh0uepc
2017-07-24 11:12 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\1hn2avqnhmj
2017-07-24 11:12 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\LY5VEYJ3DP
2017-07-24 11:12 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\6WHWAVPVZ1
2017-07-24 11:12 - 2017-07-24 11:12 - 000000000 ____D C:\Users\Яра\AppData\Roaming\ihirhomnek4
2017-07-24 10:43 - 2017-07-24 10:43 - 000000004 _____ C:\Users\Все пользователи\_lg.3sap
2017-07-24 10:43 - 2017-07-24 10:43 - 000000004 _____ C:\ProgramData\_lg.3sap
2017-07-24 10:41 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\ZUCUGRZARV
2017-07-24 10:41 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\Q0GPI6Q43X
2017-07-24 10:41 - 2017-07-24 10:41 - 000000000 ____D C:\Users\Яра\AppData\Roaming\metfm4th00l
2017-07-24 10:40 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\thahicvij1a
2017-07-24 10:39 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\AIDV5BNTFQ
2017-07-24 10:39 - 2017-07-24 10:39 - 000000000 ____D C:\Users\Яра\AppData\Roaming\u4iwyksy1ux
2017-07-24 01:35 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\SPPDLFTTVU
2017-07-24 01:33 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\GGGGAKYQFE
2017-07-24 01:33 - 2017-07-24 01:34 - 000000000 ____D C:\Users\Яра\AppData\Roaming\bd2doqcuvcz
2017-07-24 01:33 - 2017-07-24 01:33 - 000000000 ____D C:\Users\Яра\AppData\Roaming\erlmsnwbnpn
2017-07-24 01:31 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\rb3gclgylzn
2017-07-24 01:31 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\QY9CKKUOVN
2017-07-24 00:33 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\0NPC8XFKMV
2017-07-24 00:33 - 2017-07-24 00:33 - 000000000 ____D C:\Users\Яра\AppData\Roaming\rzmx3cowxjz
2017-07-24 00:12 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\H7VLW9OOA4
2017-07-24 00:12 - 2017-07-24 00:12 - 000000000 ____D C:\Users\Яра\AppData\Roaming\4ukbfyolslm
2017-07-24 00:00 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\LWVY8QX3XO
2017-07-23 23:58 - 2017-07-23 23:58 - 000000000 ____D C:\Users\Яра\AppData\Roaming\sewp3r1xdow
2017-07-23 23:57 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\4n5zy000zi4
2017-07-23 23:57 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\CM1W84K5JH
2017-07-23 23:56 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\867148YEL4
2017-07-23 23:56 - 2017-07-23 23:56 - 000000000 ____D C:\Users\Яра\AppData\Roaming\r3cystrrsbi
2017-07-23 23:30 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\cuv3cnmp0rw
2017-07-23 23:30 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\PWMT8W7XNC
2017-07-23 23:30 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\NUYNKUECHL
2017-07-23 23:30 - 2017-07-23 23:30 - 000000000 ____D C:\Users\Яра\AppData\Roaming\dknblin5khi
2017-07-23 23:29 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\2avlmytcirl
2017-07-23 23:29 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\VF35C9KJ9P
2017-07-23 23:29 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\6X5E8BTT9U
2017-07-23 23:29 - 2017-07-23 23:29 - 000000000 ____D C:\Users\Яра\AppData\Roaming\1mcbzw0sk3n
2017-07-23 23:00 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\ZP0H4EFSS3
2017-07-23 23:00 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\EVHA89LMT0
2017-07-23 23:00 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\92W624UAK2
2017-07-23 23:00 - 2017-07-23 23:00 - 000000000 ____D C:\Users\Яра\AppData\Roaming\sqkzcaoozuf
2017-07-23 23:00 - 2017-07-23 23:00 - 000000000 ____D C:\Users\Яра\AppData\Roaming\cajd0zwfien
2017-07-23 22:59 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\YFTWRH6ICZ
2017-07-23 22:59 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\R8KC0VBXFP
2017-07-23 22:59 - 2017-07-23 22:59 - 000000000 ____D C:\Users\Яра\AppData\Roaming\x0vw0bybesj
2017-07-23 22:59 - 2017-07-23 22:59 - 000000000 ____D C:\Users\Яра\AppData\Roaming\wnhehe3h5mz
2017-07-23 22:59 - 2017-07-23 22:59 - 000000000 ____D C:\Users\Яра\AppData\Roaming\s0qhbuos2tg
2017-07-23 22:29 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\GU4CNEH699
2017-07-23 22:29 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\65BY9INUZ6
2017-07-23 22:29 - 2017-07-23 22:29 - 000000000 ____D C:\Users\Яра\AppData\Roaming\tqtrsekslqu
2017-07-23 22:28 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\imurnwf3tgf
2017-07-23 21:58 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\jbjslkitkb0
2017-07-23 21:58 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\U3YZN0NXVU
2017-07-23 21:58 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\EL81AW8HQ6
2017-07-23 21:58 - 2017-07-23 21:58 - 000000000 ____D C:\Users\Яра\AppData\Roaming\fr1nyiopdti
2017-07-23 21:28 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\DQWN1N76UZ
2017-07-23 21:28 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\3ORS9X5E8T
2017-07-23 21:28 - 2017-07-23 21:28 - 000000000 ____D C:\Users\Яра\AppData\Roaming\zlduhqxvqtq
2017-07-23 21:28 - 2017-07-23 21:28 - 000000000 ____D C:\Users\Яра\AppData\Roaming\vzgv2voqabc
2017-07-23 20:57 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\OMFJQZMG8M
2017-07-23 20:57 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\NLSD2XTV2U
2017-07-23 20:57 - 2017-07-23 20:57 - 000000000 ____D C:\Users\Яра\AppData\Roaming\wkshb0jrgwg
2017-07-23 20:57 - 2017-07-23 20:57 - 000000000 ____D C:\Users\Яра\AppData\Roaming\2d2xzywfj3h
2017-07-23 20:27 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\gwl4jnntdlu
2017-07-23 20:27 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\T8TQGS9BTK
2017-07-23 20:27 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\ICOXJQPJ3J
2017-07-23 20:27 - 2017-07-23 20:27 - 000000000 ____D C:\Users\Яра\AppData\Roaming\g310theqkrs
2017-07-23 19:56 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\QN584CIORT
2017-07-23 19:56 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\AW5JQ24BJI
2017-07-23 19:56 - 2017-07-23 19:56 - 000000000 ____D C:\Users\Яра\AppData\Roaming\xdg310evwyb
2017-07-23 19:56 - 2017-07-23 19:56 - 000000000 ____D C:\Users\Яра\AppData\Roaming\544k4uajycy
2017-07-23 19:54 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\D9U23AB2CD
2017-07-23 19:54 - 2017-07-23 19:55 - 000000000 ____D C:\Users\Яра\AppData\Roaming\mzd5qzt3hks
2017-07-23 02:27 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\ZBM3UNP8WY
2017-07-23 02:27 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\CKBUVYHFAV
2017-07-23 02:27 - 2017-07-23 02:27 - 000000000 ____D C:\Users\Яра\AppData\Roaming\vkufednj2hd
2017-07-23 02:27 - 2017-07-23 02:27 - 000000000 ____D C:\Users\Яра\AppData\Roaming\fz5g55f3ic0
2017-07-23 02:25 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\cid25r3qloo
2017-07-23 02:25 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\J0EYFU2VI6
2017-07-23 02:25 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\2EADM13FTN
2017-07-23 02:25 - 2017-07-23 02:25 - 000000000 ____D C:\Users\Яра\AppData\Roaming\jrk0lybejg1
2017-07-23 02:23 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\rip1soeqhxm
2017-07-23 02:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\CY1L1IPP97
2017-07-23 02:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\BNNXR5NPU6
2017-07-23 02:23 - 2017-07-23 02:23 - 000000000 ____D C:\Users\Яра\AppData\Roaming\z5ix21cqo5t
2017-07-23 01:57 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\RAWKP3FMRF
2017-07-23 01:57 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\KTHSDJHZRX
2017-07-23 01:56 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\bou1vl3ww1d
2017-07-23 01:56 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\RRK3HMP6J7
2017-07-23 01:56 - 2017-07-23 01:56 - 000000000 ____D C:\Users\Яра\AppData\Roaming\jyqdkcgh4ri
2017-07-23 01:56 - 2017-07-23 01:56 - 000000000 ____D C:\Users\Яра\AppData\Roaming\gxjsqj02v0d
2017-07-23 01:55 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\A06HG362GR
2017-07-23 01:55 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\4VK3DJ32P8
2017-07-23 01:55 - 2017-07-23 01:55 - 000000000 ____D C:\Users\Яра\AppData\Roaming\wnjvka3h2s3
2017-07-23 01:55 - 2017-07-23 01:55 - 000000000 ____D C:\Users\Яра\AppData\Roaming\ktkfzyvj1ye
2017-07-23 01:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\UNX1ILGE5G
2017-07-23 01:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\IQGFNZDHTH
2017-07-23 01:53 - 2017-07-23 01:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\x1xmolryn2y
2017-07-23 01:53 - 2017-07-23 01:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\vsqaphtlfna
2017-07-23 01:24 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\lywhp4v3xx5
2017-07-23 01:24 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\UM9PYF42SY
2017-07-23 01:24 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\694B8VRY5Y
2017-07-23 01:24 - 2017-07-23 01:24 - 000000000 ____D C:\Users\Яра\AppData\Roaming\v4gfw3d01xm
2017-07-23 01:23 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\4zonptwesg0
2017-07-23 01:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\G72GWH8YLK
2017-07-23 01:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\EMREBFGHNQ
2017-07-23 01:23 - 2017-07-23 01:23 - 000000000 ____D C:\Users\Яра\AppData\Roaming\5o4ngz2nspx
2017-07-23 00:54 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\3kp1b3wu11e
2017-07-23 00:54 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\QVSTSJVBO6
2017-07-23 00:54 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\JSKWQ3TENQ
2017-07-23 00:54 - 2017-07-23 00:54 - 000000000 ____D C:\Users\Яра\AppData\Roaming\t0xl4eny1dn
2017-07-23 00:52 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\z2gtkpm5ur2
2017-07-23 00:52 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\eykrlw05vt1
2017-07-23 00:52 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\RBIFDT9CLH
2017-07-23 00:52 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\77E9Z2IIP6
2017-07-23 00:24 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\jr00tbxvckr
2017-07-23 00:24 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\111bmxxkcbk
2017-07-23 00:24 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\Q5D35SSUEZ
2017-07-23 00:24 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\D4YKR4YKD4
2017-07-23 00:22 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\X40K6GGBEW
2017-07-23 00:22 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\E4B19EAH2H
2017-07-23 00:22 - 2017-07-23 00:22 - 000000000 ____D C:\Users\Яра\AppData\Roaming\klwtsvhstkk
2017-07-23 00:22 - 2017-07-23 00:22 - 000000000 ____D C:\Users\Яра\AppData\Roaming\ab2b2begowy
2017-07-22 23:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\WYAYW2TF2D
2017-07-22 23:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\FB8LZSOJGR
2017-07-22 23:53 - 2017-07-22 23:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\yktnfwofioq
2017-07-22 23:53 - 2017-07-22 23:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\kbdmobudebv
2017-07-22 23:52 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\qjlcenbpfls
2017-07-22 23:52 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\KZZFWWNU4R
2017-07-22 23:52 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\69KKYIIVT3
2017-07-22 23:52 - 2017-07-22 23:52 - 000000000 ____D C:\Users\Яра\AppData\Roaming\wpsw1a0m5gi
2017-07-22 23:23 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\xiqn1jkiamx
2017-07-22 23:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\RSFQRMQ1MR
2017-07-22 23:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\IB77OAN34F
2017-07-22 23:23 - 2017-07-22 23:23 - 000000000 ____D C:\Users\Яра\AppData\Roaming\rdgabhhdspf
2017-07-22 23:22 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\4synrdjfumj
2017-07-22 23:22 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\XWLWN9KZLL
2017-07-22 23:22 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\UMP8G5BG8X
2017-07-22 23:22 - 2017-07-22 23:22 - 000000000 ____D C:\Users\Яра\AppData\Roaming\zlbegcmh3md
2017-07-22 22:53 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\1sksvkrh0vl
2017-07-22 22:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\SOEEX2Z7KI
2017-07-22 22:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\DPORA1DGTK
2017-07-22 22:53 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\3YL746472K
2017-07-22 22:53 - 2017-07-22 22:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\fbpkfqikpd2
2017-07-22 22:53 - 2017-07-22 22:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\5xvilszhead
2017-07-22 22:51 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\3UZR3EQS10
2017-07-22 22:51 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\3EI2WPBXG1
2017-07-22 22:51 - 2017-07-22 22:51 - 000000000 ____D C:\Users\Яра\AppData\Roaming\vwb1reqza5n
2017-07-22 22:51 - 2017-07-22 22:51 - 000000000 ____D C:\Users\Яра\AppData\Roaming\5pivq4iwp1a
2017-07-22 22:21 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\OVHBK9IFP2
2017-07-22 22:21 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\ARWJDQHQEB
2017-07-22 22:21 - 2017-07-22 22:21 - 000000000 ____D C:\Users\Яра\AppData\Roaming\ebpkrrdjkrs
2017-07-22 22:21 - 2017-07-22 22:21 - 000000000 ____D C:\Users\Яра\AppData\Roaming\e4j4hcdrd4z
2017-07-22 21:51 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\DSAVZWAXVZ
2017-07-22 21:51 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\B7EJCIC2R4
2017-07-22 21:51 - 2017-07-22 21:51 - 000000000 ____D C:\Users\Яра\AppData\Roaming\r4g1vy4qnyn
2017-07-22 21:51 - 2017-07-22 21:51 - 000000000 ____D C:\Users\Яра\AppData\Roaming\jivadqf13nq
2017-07-22 21:21 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\Z8UEQTNSA0
2017-07-22 21:21 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\IL7QQ7BIID
2017-07-22 21:20 - 2017-07-22 21:20 - 000000000 ____D C:\Users\Яра\AppData\Roaming\njiqpffl3h5
2017-07-22 21:20 - 2017-07-22 21:20 - 000000000 ____D C:\Users\Яра\AppData\Roaming\aspw20oxury
2017-07-22 20:50 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\ZVOT8Q8K3S
2017-07-22 20:50 - 2017-08-06 09:00 - 000000000 ____D C:\Program Files\XH68CNKCO1
2017-07-22 20:50 - 2017-07-22 20:50 - 000000000 ____D C:\Users\Яра\AppData\Roaming\jowxobwocds
2017-07-22 20:50 - 2017-07-22 20:50 - 000000000 ____D C:\Users\Яра\AppData\Roaming\fvoxz0f3fp4
2017-07-22 20:20 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\KA0V88MH51
2017-07-22 20:20 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\99AQF6DBDU
2017-07-22 20:20 - 2017-07-22 20:20 - 000000000 ____D C:\Users\Яра\AppData\Roaming\tshadkfjdkf
2017-07-22 20:20 - 2017-07-22 20:20 - 000000000 ____D C:\Users\Яра\AppData\Roaming\42bbqnmujvp
2017-07-22 19:50 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\B29BA1VV5E
2017-07-22 19:49 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\OOMXH7PAH1
2017-07-22 19:49 - 2017-07-22 19:49 - 000000000 ____D C:\Users\Яра\AppData\Roaming\sofgpblcl0k
2017-07-22 19:49 - 2017-07-22 19:49 - 000000000 ____D C:\Users\Яра\AppData\Roaming\n3bmtlffdeg
2017-07-22 19:48 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\ID70GFF4Q3
2017-07-22 19:48 - 2017-07-22 19:49 - 000000000 ____D C:\Users\Яра\AppData\Roaming\b3o4bwpqsix
2017-07-21 19:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\W9N9K3R5UR
2017-07-21 19:53 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\FTFCCSQIS8
2017-07-21 19:53 - 2017-07-21 19:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\ul0c4z0024k
2017-07-21 19:53 - 2017-07-21 19:53 - 000000000 ____D C:\Users\Яра\AppData\Roaming\geomb4exezr
2017-07-21 19:35 - 2017-07-26 10:31 - 000000000 ____D C:\Users\Яра\AppData\LocalLow\TutubeBl
2017-07-21 19:35 - 2017-07-26 10:31 - 000000000 ____D C:\Users\Яра\AppData\LocalLow\TMasech
2017-07-21 19:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\JE4QJ0A57Q
2017-07-21 19:23 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\791YA8H0VN
2017-07-21 19:23 - 2017-07-21 19:23 - 000000000 ____D C:\Users\Яра\AppData\Roaming\hrqy50mpiyv
2017-07-21 19:22 - 2017-07-21 19:22 - 000000000 ____D C:\Users\Яра\AppData\Roaming\snzo2berzl4
2017-07-21 18:52 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\U6BKUOMB5O
2017-07-21 18:52 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\13NRALSFJ4
2017-07-21 18:52 - 2017-07-21 18:52 - 000000000 ____D C:\Users\Яра\AppData\Roaming\my14eqkf5na
2017-07-21 18:52 - 2017-07-21 18:52 - 000000000 ____D C:\Users\Яра\AppData\Roaming\djzofe3fv4p
2017-07-21 18:27 - 2017-07-21 18:27 - 000000000 ____D C:\Users\Яра\AppData\Roaming\thdr
2017-07-21 18:22 - 2017-08-13 18:04 - 000000000 ____D C:\Users\Яра\AppData\Roaming\xs3pxinh5s3
2017-07-21 18:22 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\V6GGQGGJAJ
2017-07-21 18:22 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\2M8OV37YVO
2017-07-21 18:22 - 2017-07-24 11:43 - 001847296 _____ C:\Users\Яра\AppData\Local\po.db
2017-07-21 18:22 - 2017-07-21 18:22 - 000000000 ____D C:\Users\Яра\AppData\Roaming\jkkrzvj5ljm
2017-07-21 18:21 - 2017-08-06 08:58 - 000000000 ____D C:\Program Files\3XXE5KXJKE
2017-07-21 18:21 - 2017-07-21 18:21 - 000000000 ____D C:\Users\Яра\AppData\Roaming\oyril5kk4fh
2017-07-21 17:51 - 2017-08-06 08:59 - 000000000 ____D C:\Program Files\IO93PJ1DE8
2017-07-21 17:51 - 2017-07-24 12:05 - 000000000 ____D C:\Program Files (x86)\n0wl4fd0gs2
2017-07-21 17:51 - 2017-07-21 17:51 - 000000000 ____D C:\Users\Яра\AppData\Roaming\usyg3mooiof
2017-07-21 17:50 - 2017-07-24 12:07 - 000000000 ____D C:\Users\Яра\AppData\Roaming\SIVApp
2017-07-21 17:50 - 2017-07-21 17:50 - 000000000 ____D C:\Users\Все пользователи\WindowsErrorReporting
2017-07-21 17:50 - 2017-07-21 17:50 - 000000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-06 18:26 - 2017-07-06 18:26 - 000000000 ____D C:\Users\Яра\AppData\Roaming\baidu
2017-07-06 18:26 - 2017-07-06 18:26 - 000000000 ____D C:\Users\Яра\AppData\Roaming\360se6
2017-07-06 18:26 - 2017-07-06 18:26 - 000000000 ____D C:\Users\Яра\AppData\Local\UCBrowser
2017-07-06 18:26 - 2017-07-06 18:26 - 000000000 ____D C:\Users\Яра\AppData\Local\360chrome
2017-07-06 18:26 - 2017-07-06 18:26 - 000000000 ____D C:\Users\Яра\AppData\Local\2345explorer
Reboot:
[/code]
2. Нажмите [b]Файл[/b] – [b]Сохранить как[/b]
3. Выберите папку, откуда была запущена утилита [b]Farbar Recovery Scan Tool[/b]
4. Укажите [b]Тип файла[/b] – [b]Все файлы (*.*)[/b]
5. Введите имя файла [b]fixlist.txt[/b] и нажмите кнопку [b]Сохранить[/b]
6. Запустите FRST, нажмите один раз на кнопку [b]Fix[/b] и подождите. Программа создаст лог-файл ([b]Fixlog.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении.
[list][*]Обратите внимание, что будет выполнена [b]перезагрузка компьютера[/b].[/list]
Может я не понял, но это все происходит на рабочем столе а не в папке Farbar Recovery Scan Tool
Что с проблемой?
в каком плане??? Я не так что то сделал?
Проблема решена?
а... нет. в браузере вылетает левые сайты
Отключите ВСЕ установленные расширения для браузеров и проверьте проблему
DrWeb ещё запрещает файлу процесс
Вы расширения отключили?
да.
Сделайте лог [url="http://virusinfo.info/showthread.php?t=53070&p=1104657&viewfull=1#post1104657"]полного сканирования МВАМ[/url]