Самостоятельно устанавливаются программы и открывается реклама в браузере [not-a-virus:AdWare.Win32.ELEX.agh, HEUR:Trojan.Win32.Generic]

**Strashko.S** · 29.11.2016, 16:11

Добрый день. Ежедневно, в одно и тоже время, около 14,00 устанавливается масса программ и открывается браузер с рекламой, десятки ссылок. После очистки при помощи adwcleaner и unhackme все прекращается, но на следующий день все начинается опять) Ребята, помогите пожалуйста!! Логи сделал по инструкции, прикрепил.

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Info_bot** · 29.11.2016, 16:12

Уважаемый(ая) Strashko.S, спасибо за обращение на наш форум!

Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.

Информация

Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.

SQ · 01.12.2016, 01:28

Здравствуйте,

AVZ выполнить следующий скрипт.
Важно на ОС: Windows Vista/7/8/8.1 AVZ запускайте через контекстное меню проводника от имени Администратора.

Код:

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); 
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\VODSL5SE8K.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\UVFOIDNQF\UVFOIDNQF.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\USO26V2SE5\advise.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\QCK2YJ6UF4\advise.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\MG3GCKSPV\MG3GCKSPV.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\COWPWDDNJC.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\9HUQ8Q6I7\M605GQDJ6.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\6ZAWLG8RTB.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\3AXLA75QWG\advise.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\0HIZQ8MZX\0HIZQ8MZX.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\0ES3DKYAOV.exe');
 TerminateProcessByName('C:\Users\Stas\AppData\Local\Temp\0DDDFW5NV\0DDDFW5NV.exe');
 TerminateProcessByName('C:\Program Files\SpaceSoundPro\79QVGI.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\YTEPQ8.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_v1c.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_uie.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_jyh.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_gvu.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_cwn.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_8cm.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_56p.exe');
 TerminateProcessByName('c:\program files (x86)\sunnyday\wincom_35w.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\W8LYAK.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\RJG088.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\HE3Q0D.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\H3IHZF.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\8WP869.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\27UOOH.exe');
 TerminateProcessByName('C:\Program Files (x86)\sunnyday\0NZ3FS.exe');
 TerminateProcessByName('c:\program files (x86)\gamesdesktop\wincom_q9s.exe');
 TerminateProcessByName('c:\program files (x86)\gamesdesktop\wincom_jh7.exe');
 TerminateProcessByName('c:\program files (x86)\gamesdesktop\wincom_eii.exe');
 TerminateProcessByName('c:\program files (x86)\gamesdesktop\wincom_atz.exe');
 TerminateProcessByName('c:\program files (x86)\gamesdesktop\wincom_178.exe');
 TerminateProcessByName('C:\Program Files (x86)\gamesdesktop\TRLJ2M.exe');
 TerminateProcessByName('C:\Program Files (x86)\gamesdesktop\9VXKUA.exe');
 TerminateProcessByName('C:\Program Files (x86)\gamesdesktop\5UYVJR.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\YSHAXZ.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\TUUOJMLTWM.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\NVF1PU.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\LRVO8W.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\IL0FPS.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\FQ06J4HQMA.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\8Z156L.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\7H4BN5LEYG.exe');
 TerminateProcessByName('C:\Program Files (x86)\DPower\2Z3AIH.exe');
 StopService('iThemes5');
 DeleteService('iThemes5');
 QuarantineFile('C:\WINDOWS\System32\tetheringservice.dll','');
 QuarantineFile('C:\WINDOWS\System32\PimIndexMaintenance.dll','');
 QuarantineFile('C:\WINDOWS\System32\hvhostsvc.dll','');
 QuarantineFile('C:\Users\Stas\AppData\Roaming\Adobe\Manager.exe','');
 QuarantineFile('C:\Users\Stas\appdata\roaming\adobe\manager.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\VODSL5SE8K.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\UVFOIDNQF\UVFOIDNQF.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\USO26V2SE5\advise.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\QCK2YJ6UF4\advise.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\MG3GCKSPV\MG3GCKSPV.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\COWPWDDNJC.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\9HUQ8Q6I7\M605GQDJ6.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\6ZAWLG8RTB.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\3AXLA75QWG\advise.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\0HIZQ8MZX\0HIZQ8MZX.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\0ES3DKYAOV.exe','');
 QuarantineFile('C:\Users\Stas\AppData\Local\Temp\0DDDFW5NV\0DDDFW5NV.exe','');
 QuarantineFile('C:\Program Files\spacesoundpro\uninstaller.exe','');
 QuarantineFile('C:\Program Files\SpaceSoundPro\79QVGI.exe','');
 QuarantineFile('C:\Program Files\caster\wizzcaster.exe','');
 QuarantineFile('C:\Program Files (x86)\Zemitygrerloing\pospytocoiedMdl.dll','');
 QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','');
 QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\YTEPQ8.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_V1C.exe','');
 QuarantineFile('c:\program files (x86)\sunnyday\wincom_v1c.exe','');
 QuarantineFile('c:\program files (x86)\sunnyday\wincom_uie.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_UIE.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_JYH.exe','');
 QuarantineFile('c:\program files (x86)\sunnyday\wincom_jyh.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_GVU.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_CWN.exe','');
 QuarantineFile('c:\program files (x86)\sunnyday\wincom_cwn.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_8CM.exe','');
 QuarantineFile('c:\program files (x86)\sunnyday\wincom_8cm.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_56P.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_35W.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\W8LYAK.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\RJG088.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\HE3Q0D.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\H3IHZF.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\8WP869.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\27UOOH.exe','');
 QuarantineFile('C:\Program Files (x86)\sunnyday\0NZ3FS.exe','');
 QuarantineFile('C:\Program Files (x86)\Stiqidom\Plsadapter.dll','');
 QuarantineFile('C:\Program Files (x86)\Secockarercient\JahashargkCch.dll','');
 QuarantineFile('C:\Program Files (x86)\Rucleclupadom\whtcore.dll','');
 QuarantineFile('C:\Program Files (x86)\Reerdisy\ChhEng.dll','');
 QuarantineFile('C:\Program Files (x86)\Prectainkpether\Stpicultndf.dll','');
 QuarantineFile('C:\Program Files (x86)\Podicultckutoty\Anrcache.dll','');
 QuarantineFile('C:\Program Files (x86)\Plujuph\serverghtCln.dll','');
 QuarantineFile('C:\Program Files (x86)\Plenergh\clorudomcontrols.dll','');
 QuarantineFile('C:\Program Files (x86)\Placakdrerdither\thavuywifiiedReports.dll','');
 QuarantineFile('C:\Program Files (x86)\Phejusp\anwprovider.dll','');
 QuarantineFile('C:\Program Files (x86)\Natertionkacerse\PptPrv.dll','');
 QuarantineFile('C:\Program Files (x86)\Magasyjansy\Rtscontrols.dll','');
 QuarantineFile('C:\Program Files (x86)\Kujadomreucoly\Mmaphcoomuryprovider.dll','');
 QuarantineFile('C:\Program Files (x86)\Kerjeght\Proxy32.dll','');
 QuarantineFile('c:\program files (x86)\kerjeght\pepientckibeylog.dll','');
 QuarantineFile('C:\Program Files (x86)\Kerjeght\PepientckibeyLog.dll','');
 QuarantineFile('C:\Program Files (x86)\Jovishsterqile\PrkMnt.dll','');
 QuarantineFile('C:\Program Files (x86)\Gruheph\Mwscloud.dll','');
 QuarantineFile('C:\Program Files (x86)\Grezipy\Oderthervrf.dll','');
 QuarantineFile('C:\Program Files (x86)\Grerkeied\Chdeng.dll','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\YAAOQ1.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\WYH5VJ.exe','');
 QuarantineFile('c:\program files (x86)\gamesdesktop\wincom_q9s.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\wincom_Q9S.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\wincom_JH7.exe','');
 QuarantineFile('c:\program files (x86)\gamesdesktop\wincom_jh7.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\wincom_EII.exe','');
 QuarantineFile('c:\program files (x86)\gamesdesktop\wincom_eii.exe','');
 QuarantineFile('c:\program files (x86)\gamesdesktop\wincom_atz.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\wincom_ATZ.exe','');
 QuarantineFile('c:\program files (x86)\gamesdesktop\wincom_178.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\wincom_178.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\wincom_08C.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\TRLJ2M.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\CIFO0T.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\9VXKUA.exe','');
 QuarantineFile('C:\Program Files (x86)\gamesdesktop\5UYVJR.exe','');
 QuarantineFile('C:\Program Files (x86)\Drebaght\ZapingdreqisServer.dll','');
 QuarantineFile('C:\Program Files (x86)\DPower\YSHAXZ.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\W28ALX.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\TUUOJMLTWM.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\NVF1PU.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\LRVO8W.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\IL0FPS.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\FQ06J4HQMA.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\DiskPower.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\8Z156L.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\7H4BN5LEYG.exe','');
 QuarantineFile('C:\Program Files (x86)\DPower\2Z3AIH.exe','');
 QuarantineFile('C:\Program Files (x86)\Davoingaruvapy\grpcontrols.dll','');
 QuarantineFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','');
 QuarantineFile('C:\Program Files (x86)\Clerberdomckecerch\atcBld.dll','');
 QuarantineFile('C:\Program Files (x86)\Clerack\rjgAdapter.dll','');
 QuarantineFile('C:\Program Files (x86)\Atabickcherjertain\DugoyckiratCmm.dll','');
 QuarantineFile('C:\Program Files (x86)\Arigkplogitain\Njtmanager.dll','');
 ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\Manager" /F', 0, 15000, true); 
 DeleteFile('C:\WINDOWS\System32\PimIndexMaintenance.dll','32');
 DeleteFile('C:\Users\Stas\appdata\roaming\adobe\manager.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Roaming\Adobe\Manager.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\VODSL5SE8K.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\USO26V2SE5\advise.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\QCK2YJ6UF4\advise.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\MG3GCKSPV\MG3GCKSPV.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\COWPWDDNJC.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\9HUQ8Q6I7\M605GQDJ6.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\6ZAWLG8RTB.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\3AXLA75QWG\advise.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\0HIZQ8MZX\0HIZQ8MZX.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\0ES3DKYAOV.exe','32');
 DeleteFile('C:\Users\Stas\AppData\Local\Temp\0DDDFW5NV\0DDDFW5NV.exe','32');
 DeleteFile('C:\Program Files\spacesoundpro\uninstaller.exe','32');
 DeleteFile('C:\Program Files\SpaceSoundPro\79QVGI.exe','32');
 DeleteFile('C:\Program Files\caster\wizzcaster.exe','32');
 DeleteFile('C:\Program Files (x86)\Zemitygrerloing\pospytocoiedMdl.dll','32');
 DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
 DeleteFile('C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\YTEPQ8.exe','32');
 DeleteFile('c:\program files (x86)\sunnyday\wincom_v1c.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_V1C.exe','32');
 DeleteFile('c:\program files (x86)\sunnyday\wincom_uie.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_UIE.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_JYH.exe','32');
 DeleteFile('c:\program files (x86)\sunnyday\wincom_gvu.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_GVU.exe','32');
 DeleteFile('c:\program files (x86)\sunnyday\wincom_cwn.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_CWN.exe','32');
 DeleteFile('c:\program files (x86)\sunnyday\wincom_8cm.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_8CM.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_56P.exe','32');
 DeleteFile('c:\program files (x86)\sunnyday\wincom_56p.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\wincom_35W.exe','32');
 DeleteFile('c:\program files (x86)\sunnyday\wincom_35w.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\W8LYAK.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\RJG088.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\HE3Q0D.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\H3IHZF.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\8WP869.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\27UOOH.exe','32');
 DeleteFile('C:\Program Files (x86)\sunnyday\0NZ3FS.exe','32');
 DeleteFile('C:\Program Files (x86)\Stiqidom\Plsadapter.dll','32');
 DeleteFile('C:\Program Files (x86)\Secockarercient\JahashargkCch.dll','32');
 DeleteFile('C:\Program Files (x86)\Rucleclupadom\whtcore.dll','32');
 DeleteFile('C:\Program Files (x86)\Reerdisy\ChhEng.dll','32');
 DeleteFile('C:\Program Files (x86)\Prectainkpether\Stpicultndf.dll','32');
 DeleteFile('C:\Program Files (x86)\Podicultckutoty\Anrcache.dll','32');
 DeleteFile('C:\Program Files (x86)\Plujuph\serverghtCln.dll','32');
 DeleteFile('C:\Program Files (x86)\Plenergh\clorudomcontrols.dll','32');
 DeleteFile('C:\Program Files (x86)\Placakdrerdither\thavuywifiiedReports.dll','32');
 DeleteFile('C:\Program Files (x86)\Phejusp\anwprovider.dll','32');
 DeleteFile('C:\Program Files (x86)\Natertionkacerse\PptPrv.dll','32');
 DeleteFile('C:\Program Files (x86)\Magasyjansy\Rtscontrols.dll','32');
 DeleteFile('C:\Program Files (x86)\Kujadomreucoly\Mmaphcoomuryprovider.dll','32');
 DeleteFile('C:\Program Files (x86)\Kerjeght\Proxy32.dll','32');
 DeleteFile('C:\Program Files (x86)\Kerjeght\PepientckibeyLog.dll','32');
 DeleteFile('c:\program files (x86)\kerjeght\pepientckibeylog.dll','32');
 DeleteFile('C:\Program Files (x86)\Jovishsterqile\PrkMnt.dll','32');
 DeleteFile('C:\Program Files (x86)\Gruheph\Mwscloud.dll','32');
 DeleteFile('C:\Program Files (x86)\Grezipy\Oderthervrf.dll','32');
 DeleteFile('C:\Program Files (x86)\Grerkeied\Chdeng.dll','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\YAAOQ1.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\WYH5VJ.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\wincom_Q9S.exe','32');
 DeleteFile('c:\program files (x86)\gamesdesktop\wincom_q9s.exe','32');
 DeleteFile('c:\program files (x86)\gamesdesktop\wincom_jh7.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\wincom_JH7.exe','32');
 DeleteFile('c:\program files (x86)\gamesdesktop\wincom_eii.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\wincom_EII.exe','32');
 DeleteFile('c:\program files (x86)\gamesdesktop\wincom_atz.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\wincom_ATZ.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\wincom_178.exe','32');
 DeleteFile('c:\program files (x86)\gamesdesktop\wincom_178.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\wincom_08C.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\TRLJ2M.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\CIFO0T.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\9VXKUA.exe','32');
 DeleteFile('C:\Program Files (x86)\gamesdesktop\5UYVJR.exe','32');
 DeleteFile('C:\Program Files (x86)\Drebaght\ZapingdreqisServer.dll','32');
 DeleteFile('C:\Program Files (x86)\DPower\YSHAXZ.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\W28ALX.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\TUUOJMLTWM.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\NVF1PU.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\LRVO8W.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\IL0FPS.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\FQ06J4HQMA.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\DiskPower.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\8Z156L.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\7H4BN5LEYG.exe','32');
 DeleteFile('C:\Program Files (x86)\DPower\2Z3AIH.exe','32');
 DeleteFile('C:\Program Files (x86)\Davoingaruvapy\grpcontrols.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','32');
 DeleteFile('C:\Program Files (x86)\Clerberdomckecerch\atcBld.dll','32');
 DeleteFile('C:\Program Files (x86)\Clerack\rjgAdapter.dll','32');
 DeleteFile('C:\Program Files (x86)\Atabickcherjertain\DugoyckiratCmm.dll','32');
 DeleteFile('C:\Program Files (x86)\Arigkplogitain\Njtmanager.dll','32'); 
  RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Zodition\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Vizele\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Veletplerpitain\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Tipuly\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Thewopypledeied\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Riresjoning\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Reigsy\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Promury\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Prikadom\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Ploige\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Pladitiondojers\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Pimashanpuk\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Necagh\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Mogileghekpy\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Melught\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Hsatain\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Coalerly\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Clocrydreveward\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Ckozory\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Cierdom\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Cercither\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Atokuse\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Aterzetpegesh\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Anubophatuvot\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Ajering\Parameters','ServiceDll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_USSYT');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_TUQQX');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_QEJP4');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_OTIZA');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_O9FEF');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_NVLPZ');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_JEKXI');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_DEQAF');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_76YOJ');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_68WFM');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_65O33');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_59QVI');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_3NTP7');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_1WX2P');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_0KN6L');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_HDM94');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_FJ4XW');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_BY05I');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_BO27S');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_7UQJD');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_42608');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_1Q0D3');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','IDSCPRODUCT');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMV1C');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMUIE');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMQ9S');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMJYH');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMJH7');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMGVU');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMEII');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMCWN');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMATZ');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOM8CM');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOM56P');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOM35W');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOM178');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOM08C');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','DiskPower');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','W3N0JLA506');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','TZRD54JMIM');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RJWQ6WDGAL');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GRID1HK2XO');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','6Q4SISEWBW');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2NOV2ZG0NC');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
 ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.

После выполнения скрипта компьютер перезагрузится.

После перезагрузки:
- Выполните в AVZ:

Код:

begin
 CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
end.

Файл quarantine.zip из папки AVZ загрузите по ссылке "Прислать запрошенный карантин" вверху темы.

- Сделайте лог Check Browsers' LNK by Dragokas & regist.

- Подготовьте лог AdwCleaner и приложите его в теме.

**Strashko.S** · 01.12.2016, 11:58

Скрипты выполнил, загрузил файл quarantine.zip

Файл сохранён как 161201_114419_quarantine_583fe2e34c3d8.zip
Размер файла 8655830
MD5 f66a72d2de167f12500ddc114551f5e1

- - - - -Добавлено - - - - -

Логи приложил

SQ · 01.12.2016, 13:55

- Скачайте Farbar Recovery Scan Tool

и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.

Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".
Нажмите кнопку Scan.
После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.

**Strashko.S** · 01.12.2016, 16:08

Выполнил сканирование. Вот отчеты. Сегодня, после выполнения скрипта программы не устанавливались и рекламы в браузере не было. Похоже, что все ок

SQ · 01.12.2016, 23:38

Закройте и сохраните все открытые приложения.

Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:

Код:

CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks:  - {83922134-9CE0-11E6-9D68-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Mdolybuers\Huqoent.dll No File [ ]
ShellExecuteHooks:  - {47BCB852-9E94-11E6-AEC8-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Hnentqerky\Domesanruent.dll No File [ ]
ShellExecuteHooks:  - {850643F6-9E95-11E6-9A7C-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Ckiruspclevient\Qbelyckilege.dll No File [ ]
ShellExecuteHooks:  - {807CDEA6-9EC1-11E6-913B-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Rukisyreitse\Stuhoterrerle.dll No File [ ]
ShellExecuteHooks:  - {F9E8911A-9E97-11E6-8361-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Coefther\Zosale.dll No File [ ]
ShellExecuteHooks:  - {7188CE06-A5CA-11E6-B4B7-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Fmachfdidom\Tuzught.dll No File [ ]
ShellExecuteHooks:  - {943D482C-A5AA-11E6-B183-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Plinoshmetither\Wokoentganogh.dll No File [ ]
ShellExecuteHooks:  - {5BBF1B1C-A5AC-11E6-8FF2-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Drvdom\Cherhightcoemdom.dll No File [ ]
ShellExecuteHooks:  - {B94DB294-A5B9-11E6-9163-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Bapash\Mafudomplelick.dll No File [ ]
ShellExecuteHooks:  - {87CC2AE2-A5BD-11E6-B178-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Chihupyberjesp\Suzaph.dll No File [ ]
ShellExecuteHooks:  - {718A8882-A5BF-11E6-B58A-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Phergh\Nerekkerlgh.dll No File [ ]
ShellExecuteHooks:  - {5B3F609E-A5C1-11E6-A4FA-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Redostherju\Djoentcgage.dll No File [ ]
ShellExecuteHooks:  - {4C39ACD4-A5C3-11E6-932D-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Vagish\Phoneingplotersh.dll No File [ ]
ShellExecuteHooks:  - {470A68EC-A5C5-11E6-BD46-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Zedisgroqch\Pergawehele.dll No File [ ]
ShellExecuteHooks:  - {3354FF98-A5C7-11E6-B4A5-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Oguing\Ckiqtainprusation.dll No File [ ]
ShellExecuteHooks:  - {D7AD5146-A735-11E6-8D2A-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Ghagather\Qehisy.dll No File [ ]
ShellExecuteHooks:  - {02635D80-A738-11E6-8C1E-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Svuyjbeied\Dunaktumot.dll No File [ ]
ShellExecuteHooks:  - {3C273D94-A73A-11E6-9000-64006A5CFC23} - C:\Users\Stas\AppData\Roaming\Jewery\Ferhipydrekesy.dll No File [ ]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\02t4s5zg.xml [2016-11-02]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\0bh6695h.xml [2016-10-18]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\0tmgy2op.xml [2016-10-31]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\2ny1hxhp.xml [2016-11-22]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\4wi3v1mx.xml [2016-10-19]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\6z9as2n9.xml [2016-11-20]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\7g8iwbem.xml [2016-10-12]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\81931544.xml [2016-10-21]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\88ugrgrv.xml [2016-10-13]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\99swoogn.xml [2016-10-29]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\9yp7jljs.xml [2016-10-14]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\9yxya1fb.xml [2016-11-16]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\azj1otli.xml [2016-11-27]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\bbj0vu03.xml [2016-11-13]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\clijrior.xml [2016-10-23]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dpgayrcb.xml [2016-11-05]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dthmq0gd.xml [2016-11-18]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\fzy2a6qb.xml [2016-10-16]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\g3m1ynrs.xml [2016-10-09]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\h8tlp3ok.xml [2016-10-17]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\hmpupm6t.xml [2016-11-29]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\j5tazi2a.xml [2016-10-22]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\jy5fxwx6.xml [2016-10-15]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\n75bl1i5.xml [2016-10-10]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\nhiizm6b.xml [2016-11-10]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\nixkkjzu.xml [2016-10-25]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\o89nuj2k.xml [2016-11-04]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\orbhdrhk.xml [2016-11-28]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ract6509.xml [2016-11-08]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\rnbg1fuc.xml [2016-11-25]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\sv7iiph4.xml [2016-11-23]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\y9n8aurc.xml [2016-11-21]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\z9ohigov.xml [2016-10-04]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\zvx578vx.xml [2016-11-15]
FF Homepage: Firefox\Firefox\Profiles\nahd6ha2.default -> hxxp://www.searchinme.com/?type=hp&ts=1479983928179&z=&from=official&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\02t4s5zg.xml [2016-11-02]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\0bh6695h.xml [2016-10-18]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\0tmgy2op.xml [2016-10-31]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\2ny1hxhp.xml [2016-11-22]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\4wi3v1mx.xml [2016-10-19]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\6z9as2n9.xml [2016-11-20]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\7g8iwbem.xml [2016-10-12]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\81931544.xml [2016-10-21]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\88ugrgrv.xml [2016-10-13]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\99swoogn.xml [2016-10-29]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\9yp7jljs.xml [2016-10-14]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\9yxya1fb.xml [2016-11-16]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\bbj0vu03.xml [2016-11-13]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\clijrior.xml [2016-10-23]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\dpgayrcb.xml [2016-11-05]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\dthmq0gd.xml [2016-11-18]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\fzy2a6qb.xml [2016-10-16]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\g3m1ynrs.xml [2016-10-09]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\h8tlp3ok.xml [2016-10-17]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\j5tazi2a.xml [2016-10-22]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\jy5fxwx6.xml [2016-10-15]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\n75bl1i5.xml [2016-10-10]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\nhiizm6b.xml [2016-11-10]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\nixkkjzu.xml [2016-10-25]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\o89nuj2k.xml [2016-11-04]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\ract6509.xml [2016-11-08]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\searchinme.xml [2016-11-24]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\sv7iiph4.xml [2016-11-23]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\y9n8aurc.xml [2016-11-21]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\z9ohigov.xml [2016-10-04]
FF SearchPlugin: C:\Users\Stas\AppData\Roaming\Firefox\Firefox\Profiles\nahd6ha2.default\searchplugins\zvx578vx.xml [2016-11-15]
FF Plugin HKU\S-1-5-21-2317367816-1553068452-3661968272-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\Stas\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR StartupUrls: ChromeDefaultData2 -> "hxxps://vk.com/strashkos","hxxps://ru-ru.facebook.com/people/Stanislav-Strashko/100008233686828","hxxp://instagram.com/dashakrolevetz/","hxxps://mail.google.com/mail/u/0/?ui=2&pli=1#inbox","hxxps://mail.yandex.ua/lite/inbox","hxxps://www.privat24.ua/#login","hxxp://novaposhta.ua/tracking/?cargo_number=20290013192267","hxxp://novaposhta.ua/uk/onlineorder/estimatedate","hxxps://my.prom.ua/cabinet/sign-in?next=/cabinet/company_clients","hxxp://trendyshop.com.ua/p68236107-sportivnyj-kostyum-puma.html","hxxp://sport-f.net/","hxxp://sport-f.com/","hxxp://sk-house.ua/Catalog/NewItems","hxxp://every-day.com.ua/index.php","hxxps://direct.yandex.ru/registered/main.pl?cmd=showCamps","hxxp://www.yandex.ua/","hxxps://ru.wikipedia.org/wiki/%D0%A0%D0%B0%D0%B7%D0%BC%D0%B5%D1%80%D1%8B_%D0%BE%D0%B4%D0%B5%D0%B6%D0%B4%D1%8B","hxxps://www.google.com.ua/maps/@48.3100042,30.8203211,6z","hxxp://mail.ru/cnt/10445?gp=profitraf7","hxxp://www.istartsurf.com/?type=hp&ts=1442428849&z=95164003ecd78ba94eb89e9gcz3zfo7z3ofbdq9b1z&from=cor&uid=TOSHIBAXMQ01ABD050_73T8PQX5TXX73T8PQX5T","hxxp://mail.ru/cnt/10445?gp=820329","hxxp://www.youndoo.com/?z=d4540180b08d2e15b9dc54cg2z9m8qcm5e7zfo6z7e&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=92f202cb002b646d2bbdf61g1zfmcq6m3t8e5edq5c&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=46621e8342f826f28434a09gczbmdq1bfm7qamdwfb&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=1d62a44e916ed9c39fb9877gbzdm8mcc5t2zab9wct&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=75459453774b8e0fc503f33g5z9m1b4cbzdb5t5tfm&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://mail.ru/cnt/10445?gp=789182","hxxp://www.youndoo.com/?z=f1a4ce8c547a8468dc6f1ebgaz6m3bfq3edtbe5ocm&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=5c48a32168bac0dd9e2b1adgaz4m3b9m5b3g5e1tbb&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=a2690d23ad84cca4b8fa4d1g4z1mat6e0m8cfe2o6t&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=b2175828341de1ca320de05g3zbm1t4ocg2o1tbc4t&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=7191811080e4a514f731f9cgdz8met7oftct4cdg2o&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=e036c8144bccc70600e7acbg1z0m8tezbm0o4g4gbc&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=aad43e195982801e787706egcz1m1t4qazcz7b4q1g&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=38b819d3b161d2110ac6448g8z8mdt7m9c7g5q8ebg&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=6fa7376b7be648f1e46b353g0z2mct1b1gab7c9m5o&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=8f25c5075ee5c1551f4ff86g5z1m5t4t5gec3o0e8z&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=412c89d83155120805d7998gcz1mct2t6t3ectabfw&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=06291e182ddf05eb54f3ccag7zcbbe8e0m8q7t2c9q&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=7eb1b96ff96b01c89eafae5gfzab5eao7zdt0m1tbg&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=38fbc41a45d61b45ba8d4beg7z9b5e4c7z8mfg4mbe&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp","hxxp://www.youndoo.com/?z=d519b6d2f8b4f4cb5a44fd0g5z4b7eez0o8cbeee5b&from=3gs&uid=SAMSUNGXHD321KJ_S0MQJ9DQ201420&type=hp"
CHR Extension: (Ace Stream Web Extension) - C:\Users\Stas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-11-02]
2016-11-27 14:30 - 2016-11-27 15:02 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Ghagather
2016-11-25 14:29 - 2016-11-25 14:46 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Oguing
2016-11-24 14:36 - 2016-11-24 15:03 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Zedisgroqch
2016-11-24 12:38 - 2016-11-24 12:38 - 00000000 ____D C:\Users\Stas\AppData\Local\Gofat
2016-11-23 17:00 - 2016-11-23 17:07 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Vagish
2016-11-22 14:40 - 2016-11-22 14:53 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Redostherju
2016-11-21 14:33 - 2016-11-21 14:48 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Phergh
2016-11-20 14:28 - 2016-11-20 14:47 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Chihupyberjesp
2016-11-18 14:28 - 2016-11-18 19:49 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Bapash
2016-11-18 14:28 - 2016-11-18 19:49 - 00000000 ____D C:\Users\Stas\AppData\Local\Gekuckthtu
2016-11-16 14:28 - 2016-11-16 14:36 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Drvdom
2016-11-15 14:29 - 2016-11-15 15:17 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Plinoshmetither
2016-11-13 23:37 - 2016-11-14 12:31 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Fmachfdidom
2016-11-10 14:32 - 2016-11-10 15:00 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Coefther
2016-11-08 14:44 - 2016-11-08 15:39 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Rukisyreitse
2016-11-05 14:30 - 2016-11-07 14:27 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Ckiruspclevient
2016-11-04 14:58 - 2016-11-04 15:11 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Hnentqerky
2016-11-02 14:29 - 2016-11-02 14:38 - 00000000 ____D C:\Users\Stas\AppData\Roaming\Mdolybuers
2016-10-04 13:34 - 2016-10-05 13:43 - 7176704 _____ () C:\Users\Stas\AppData\Roaming\agent.dat
2016-10-04 13:34 - 2016-10-05 13:43 - 0070704 _____ () C:\Users\Stas\AppData\Roaming\Config.xml
2016-10-04 13:34 - 2016-10-04 13:34 - 1927327 _____ () C:\Users\Stas\AppData\Roaming\Fun-Stock.tst
2016-10-04 13:34 - 2016-10-05 13:29 - 0018672 _____ () C:\Users\Stas\AppData\Roaming\InstallationConfiguration.xml
2016-10-04 13:34 - 2016-10-05 13:29 - 0140288 _____ () C:\Users\Stas\AppData\Roaming\Installer.dat
2016-10-04 13:34 - 2016-10-05 13:43 - 0018432 _____ () C:\Users\Stas\AppData\Roaming\Main.dat
2016-10-04 13:34 - 2016-10-05 13:43 - 0005568 _____ () C:\Users\Stas\AppData\Roaming\md.xml
2016-10-04 13:34 - 2016-10-05 13:43 - 0126464 _____ () C:\Users\Stas\AppData\Roaming\noah.dat
Task: {0FD03FA0-D506-498E-BD3A-DEDA2EA485CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2115D9F6-4843-4220-A359-E2D2C96FBC6A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2C154C72-0120-41C2-B4A3-52E06539F1DC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {38EA1BF4-2924-4C29-A5C1-7FEC4CDA5296} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A1E15F1-0FB2-4704-AD4F-98543BC57D58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {453BFD19-F3C3-40E9-BAE5-FFED0A35AA70} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {568D6AA6-EADE-4572-91A0-508C1D33D4F3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {59FD5A03-6049-4E16-AA92-6D0D96704FB8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7436AC33-054B-4649-923F-76CEDD90BF5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7E3C1C93-7C24-4BB3-BDEC-F8981A3EBAB8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AAAC631F-3B6E-4728-A992-E1B4C6872493} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B00EF19C-930A-40DE-9851-93364EACC1A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
File: C:\Windows\SysWOW64\fsproflt2.exe
HKLM\...\StartupApproved\StartupFolder: => "Zaxar Games Browser.lnk"
HKU\S-1-5-21-2317367816-1553068452-3661968272-1001\...\StartupApproved\Run: => "hdtask"
FirewallRules: [{3CB27868-2FA6-4EF2-8BB5-053FE714BCD5}] => C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{EC15D60D-B4AC-4219-8015-AA303597184F}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCTray.exe
FirewallRules: [{D7B76A74-F8F7-4E5D-9C21-A5A1968C6828}] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{37767BA7-DC58-46C2-BAC0-3832DD97F32E}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCMgr.exe
FirewallRules: [{41A4FCB8-31CD-479B-832B-6D778EDC6F80}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCRTP.exe
FirewallRules: [{9CE0B1B6-7757-464E-8261-CC757A477E59}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMDL.exe
FirewallRules: [{3CC33169-E7AD-4691-AE15-0BD18E75D559}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\bugreport.exe
FirewallRules: [{A85FF914-75E9-452E-A8CE-C7C73387E033}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCFileOpen.exe
FirewallRules: [{EFA82782-E3EA-461D-AB46-71A0E654F603}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCLeakScan.exe
FirewallRules: [{633A242B-4A99-4EA6-9DDE-9C67B8BA3F22}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPConfig.exe
FirewallRules: [{87902AD0-B73E-4963-9E75-57C0F6FF91DA}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCSoftMgr.exe
FirewallRules: [{5DA9CAF1-CE36-4726-9AEF-D1B1396BC24D}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{C0DC31F4-AC4D-4569-988E-36D28B0DB97A}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCBTU.exe
FirewallRules: [{822663F5-B27E-471F-8C4C-3C6C403DD169}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCClinic.exe
FirewallRules: [{E5A881AA-45EC-47FE-B081-4EC72722AD2C}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCLaunch.exe
FirewallRules: [{F8374FFA-C8B5-42D3-B266-C04501E142BA}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{9591AFA6-784B-40B4-8A0C-CD6337A5F1BA}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCSoftGame.exe
FirewallRules: [{228752E9-92A5-403E-94E4-1036C436B0D4}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCSysOptimize.exe
FirewallRules: [{0EBC2BE0-FA81-4033-A045-2F8886AACC4D}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCUpdateAVLib.exe
FirewallRules: [{096B395F-8EB2-45C7-8348-DF6BA9BEE0F8}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQRepair.exe
FirewallRules: [{6A9B127C-89D3-473B-9AA6-18CBE485CB6C}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\Uninst.exe
FirewallRules: [{DEB1E26D-0108-4C8C-8445-424193D49277}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCPatch.exe
FirewallRules: [{4162029E-7C9B-4286-A677-B016A338C35E}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\TpkUpdate.exe
FirewallRules: [{0CE345F7-1223-44F2-A36A-9B3066EC067D}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMAccountProtection.exe
FirewallRules: [{B7CEFD3A-B28E-467E-9A1D-D012AC11B21C}] => C:\Program Files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMAdBlock.exe
FirewallRules: [{B1019179-A17D-4BE4-A609-2F142513B7F9}] => C:\Users\Stas\AppData\Local\Temp\QQPCDownload45944.exe
FirewallRules: [{40026037-BCF8-49DE-93C0-414DB015E11D}] => C:\Users\Stas\AppData\Local\Temp\QQPCDownload45944.exe
FirewallRules: [{85995DB4-AFD3-4BB8-A341-3BE801CA5A95}] => C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{780AD8A3-665F-4A08-9893-9E0DAB25BAE8}] => C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{76A9286F-CF0A-4AB4-BF0C-309ED95A8BD6}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{FFF433C9-C4B1-490D-914B-9BAECC560311}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
CMD: sc delete Ajering
CMD: sc delete Anubophatuvot
CMD: sc delete Atokuse
CMD: sc delete Cercither
CMD: sc delete Cierdom
CMD: sc delete Ckozory
CMD: sc delete Clocrydreveward
CMD: sc delete Coalerly
CMD: sc delete Hsatain
CMD: sc delete Melught
CMD: sc delete Mogileghekpy
CMD: sc delete Necagh
CMD: sc delete Pimashanpuk
CMD: sc delete PimIndexMaintenanceSvc
CMD: sc delete Pladitiondojers
CMD: sc delete Ploige
CMD: sc delete Prikadom
CMD: sc delete Promury
CMD: sc delete Reigsy
CMD: sc delete Riresjoning
CMD: sc delete Thewopypledeied
CMD: sc delete Tipuly
CMD: sc delete Veletplerpitain
CMD: sc delete Vizele
CMD: sc delete Zodition
CMD: sc delete Gsoshvanoing
Hosts:
Reboot:

Запустите FRST и нажмите один раз на кнопку Fix и подождите.
Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
Обратите внимание, что компьютер будет перезагружен.

**Strashko.S** · 02.12.2016, 13:38

Скрипт выполнил, лог прикрепил

SQ · 02.12.2016, 14:26

Сделайте лог полного сканирования МВАМ

**Strashko.S** · 02.12.2016, 18:48

После полного сканирования MBAM нашел 2684 угроз

Подскажите, удалить эти угрозы?

лог прикрепил

SQ · 02.12.2016, 21:04

Удалите все что Вам незнакомо в MBAM.

**CyberHelper** · 02.12.2016, 21:14

Статистика проведенного лечения:

Получено карантинов: 1
Обработано файлов: 9
В ходе лечения обнаружены вредоносные программы:
1. c:\program files (x86)\common files\services\ithemes.dll - not-a-virus:AdWare.Win32.ELEX.agh
2. c:\users\stas\appdata\local\temp\mg3gckspv\mg3gcks pv.exe - HEUR:Trojan.Win32.Generic
3. c:\users\stas\appdata\local\temp\qck2yj6uf4\advise .exe - HEUR:Trojan.Win32.Generic
4. c:\users\stas\appdata\local\temp\uso26v2se5\advise .exe - HEUR:Trojan.Win32.Generic
5. c:\users\stas\appdata\local\temp\uvfoidnqf\uvfoidn qf.exe - HEUR:Trojan.Win32.Generic
6. c:\users\stas\appdata\local\temp\0dddfw5nv\0dddfw5 nv.exe - HEUR:Trojan.Win32.Generic
7. c:\users\stas\appdata\local\temp\0hizq8mzx\0hizq8m zx.exe - HEUR:Trojan.Win32.Generic
8. c:\users\stas\appdata\local\temp\3axla75qwg\advise .exe - HEUR:Trojan.Win32.Generic
9. c:\users\stas\appdata\local\temp\9huq8q6i7\m605gqd j6.exe - HEUR:Trojan.Win32.Generic

Самостоятельно устанавливаются программы и открывается реклама в браузере [not-a-virus:AdWare.Win32.ELEX.agh, HEUR:Trojan.Win32.Generic] (заявка № 206358)

Опции темы