Добрый день.
На компьютере накаченны вирусы....открывается браузер с рекламой каждые 2 минуты. Запускаются неизвестные процессы которые нельзя удалить.
Вирус [not-a-virus:AdWare.Win32.Neoreklami.bce
]
Добрый день.
На компьютере накаченны вирусы....открывается браузер с рекламой каждые 2 минуты. Запускаются неизвестные процессы которые нельзя удалить.
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) Sefron, спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
А так же загружаются игровые приложения сами по себе.. и UC Brauser который не могу удалить.
Выполните скрипт в AVZ:Компьютер перезагрузится.Код:begin StopService('ucdrv'); QuarantineFile('C:\Program Files\8cfb518fe26086fd2d858957d144837e\adb19e0ede63e003398e0d61126c1cfa.exe', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\UCService.exe', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', ''); QuarantineFile('C:\Users\home\AppData\Local\Temp\00030047\msiql.exe', ''); QuarantineFile('C:\Users\home\AppData\Local\Temp\is-19T9D.tmp\Setup.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\802301\338382.exe', ''); QuarantineFile('C:\Program Files\SSCT9NO49Z\5HJ8HNV58.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\288325\333374.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\151347\452596.exe', ''); QuarantineFile('C:\Program Files\N819I21XPZ\70WAQ53HJ.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\287792\62591.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\146567\835304.exe', ''); QuarantineFile('C:\Program Files\67ZMPEKCMS\ASOO5KOI9.exe', ''); QuarantineFile('C:\Program Files\MR3N5NHRLP\MR3N5NHRL.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\694270\599864.exe', ''); QuarantineFile('C:\Program Files\Z37G83SXTW\Z37G83SXT.exe', ''); QuarantineFile('C:\Program Files\Z7099V4JG5\1TN3SHE4Z.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\594648\496370.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\844733\336768.exe', ''); QuarantineFile('C:\Program Files\1FHUOQJL69\1FHUOQJL6.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\439335\643409.exe', ''); QuarantineFile('C:\Program Files\Z9F0KY60HL\Z9F0KY60H.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\225507\86160.exe', ''); QuarantineFile('C:\Program Files\CQ0TB8LCHT\CQ0TB8LCH.exe', ''); QuarantineFile('C:\Program Files\2UG9HI7XXS\2UG9HI7XX.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\438036\654300.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\135741\692619.exe', ''); QuarantineFile('C:\Program Files\P3BNL8BH4H\P3BNL8BH4.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\161239\287702.exe', ''); QuarantineFile('C:\Program Files\X4XY1M4Q2D\X4XY1M4Q2.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\372920\331028.exe', ''); QuarantineFile('C:\Program Files\3KWT6GW1IK\3KWT6GW1I.exe', ''); QuarantineFile('C:\Program Files\ZSRSQX5LFH\ZSRSQX5LF.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\191325\88015.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\854281\326117.exe', ''); QuarantineFile('C:\Program Files\SJCL7N0TB5\SJCL7N0TB.exe', ''); QuarantineFile('C:\Program Files\YF0M0IDCJU\YF0M0IDCJ.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\543771\502313.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\654185\246440.exe', ''); QuarantineFile('C:\Program Files\52GXEZ8DC6\IRMCMZEEC.exe', ''); QuarantineFile('C:\Program Files\GJZ4494TA6\GJZ4494TA.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\363048\473101.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\648946\346409.exe', ''); QuarantineFile('C:\Program Files\UXM0YUDC2X\5M0PD3D2I.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\165632\306571.exe', ''); QuarantineFile('C:\Program Files\Z8CQN4D29J\AWQF3CDSQ.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\731892\104212.exe', ''); QuarantineFile('C:\Program Files\L0P3IC81DN\M2GLEJLTS.exe', ''); QuarantineFile('C:\Program Files\42GAS0OFYH\5KM3K7AIN.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\256393\842382.exe', ''); QuarantineFile('C:\Program Files\VUOFBDR4EF\P95M3GHN9.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\819426\153747.exe', ''); QuarantineFile('C:\Program Files\3FEOFDJ4A9\3FEOFDJ4A.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\619849\42508.exe', ''); QuarantineFile('C:\Program Files\6OI6VR589C\6OI6VR589.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\196084\741094.exe', ''); QuarantineFile('C:\Program Files\KH8VG8Z1M8\KH8VG8Z1M.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\233955\267382.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\804994\553875.exe', ''); QuarantineFile('C:\Program Files\2SH3NTPW5J\2SH3NTPW5.exe', ''); QuarantineFile('C:\Program Files\TC8XOZAANI\TC8XOZAAN.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\270467\294152.exe', ''); QuarantineFile('C:\Program Files\P3PQ7EGYLG\P3PQ7EGYL.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\148983\652073.exe', ''); QuarantineFile('C:\Program Files\8GDF82UZAX\8GDF82UZA.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\858998\72159.exe', ''); QuarantineFile('C:\Program Files\U2XMYZO1RI\U2XMYZO1R.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\345727\557876.exe', ''); QuarantineFile('C:\Program Files\ONDKANE4Z2\ONDKANE4Z.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\813191\210913.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\571719\416217.exe', ''); QuarantineFile('C:\Program Files\CQWQ6YYIXS\CQWQ6YYIX.exe', ''); QuarantineFile('C:\Program Files\LQCF9M8QE6\LQCF9M8QE.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\553244\176660.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\233532\394815.exe', ''); QuarantineFile('C:\Program Files\2ELMVJXBZN\2ELMVJXBZ.exe', ''); QuarantineFile('C:\Program Files\OCZ7SHMYP7\OCZ7SHMYP.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\244403\62259.exe', ''); QuarantineFile('C:\Program Files\E50368VCKY\8KHAYCLVF.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\272432\52500.exe', ''); QuarantineFile('C:\Program Files\8J1CSLFJV6\8J1CSLFJV.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\888965\817768.exe', ''); QuarantineFile('C:\Program Files\LV7UO0R4JT\LV7UO0R4J.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\436522\501653.exe', ''); QuarantineFile('C:\Program Files\MTH3EORSTP\18HJVLTHJ.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\251196\836424.exe', ''); QuarantineFile('C:\Program Files\R8WBCONE3M\I4FYJULJQ.exe', ''); QuarantineFile('C:\Users\home\AppData\Roaming\gplyra\gplyra\start.cmd', ''); QuarantineFile('C:\Program Files (x86)\DiskP\1BNIZGT0AP7878X.exe', ''); QuarantineFile('C:\Program Files (x86)\SpeeDownloader\6LP212P5085OUC5.exe', ''); QuarantineFile('C:\Windows\Temp\gF2DF.tmp.exe', ''); QuarantineFile('C:\Users\home\AppData\LocalLow\SearchGo\searchgo.dll', ''); QuarantineFile('C:\Program Files (x86)\Draercult Renew\local64spl.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\update_task.exe', ''); QuarantineFile('C:\Program Files (x86)\Fenspgrafogh\thokech.exe', ''); QuarantineFile('C:\ProgramData\VideoMemoryDiagnostic\vmdiag.exe', ''); QuarantineFile('C:\Windows\Manager.exe', ''); QuarantineFile('C:\Program Files (x86)\Fenspgrafogh\verother.exe', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe', ''); QuarantineFile('C:\Users\home\appdata\local\searchgo\searchgo.exe', ''); DeleteFile('C:\WINDOWS\Tasks\UCBrowserUpdater.job', '64'); DeleteFile('C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job', '64'); DeleteFile('C:\Program Files\8cfb518fe26086fd2d858957d144837e\adb19e0ede63e003398e0d61126c1cfa.exe', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\UCService.exe', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', '32'); DeleteFile('C:\Users\home\AppData\Local\Temp\00030047\msiql.exe', '32'); DeleteFile('C:\Users\home\AppData\Local\Temp\is-19T9D.tmp\Setup.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\802301\338382.exe', '32'); DeleteFile('C:\Program Files\SSCT9NO49Z\5HJ8HNV58.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\288325\333374.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\151347\452596.exe', '32'); DeleteFile('C:\Program Files\N819I21XPZ\70WAQ53HJ.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\287792\62591.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\146567\835304.exe', '32'); DeleteFile('C:\Program Files\67ZMPEKCMS\ASOO5KOI9.exe', '32'); DeleteFile('C:\Program Files\MR3N5NHRLP\MR3N5NHRL.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\694270\599864.exe', '32'); DeleteFile('C:\Program Files\Z37G83SXTW\Z37G83SXT.exe', '32'); DeleteFile('C:\Program Files\Z7099V4JG5\1TN3SHE4Z.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\594648\496370.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\844733\336768.exe', '32'); DeleteFile('C:\Program Files\1FHUOQJL69\1FHUOQJL6.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\439335\643409.exe', '32'); DeleteFile('C:\Program Files\Z9F0KY60HL\Z9F0KY60H.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\225507\86160.exe', '32'); DeleteFile('C:\Program Files\CQ0TB8LCHT\CQ0TB8LCH.exe', '32'); DeleteFile('C:\Program Files\2UG9HI7XXS\2UG9HI7XX.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\438036\654300.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\135741\692619.exe', '32'); DeleteFile('C:\Program Files\P3BNL8BH4H\P3BNL8BH4.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\161239\287702.exe', '32'); DeleteFile('C:\Program Files\X4XY1M4Q2D\X4XY1M4Q2.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\372920\331028.exe', '32'); DeleteFile('C:\Program Files\3KWT6GW1IK\3KWT6GW1I.exe', '32'); DeleteFile('C:\Program Files\ZSRSQX5LFH\ZSRSQX5LF.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\191325\88015.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\854281\326117.exe', '32'); DeleteFile('C:\Program Files\SJCL7N0TB5\SJCL7N0TB.exe', '32'); DeleteFile('C:\Program Files\YF0M0IDCJU\YF0M0IDCJ.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\543771\502313.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\654185\246440.exe', '32'); DeleteFile('C:\Program Files\52GXEZ8DC6\IRMCMZEEC.exe', '32'); DeleteFile('C:\Program Files\GJZ4494TA6\GJZ4494TA.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\363048\473101.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\648946\346409.exe', '32'); DeleteFile('C:\Program Files\UXM0YUDC2X\5M0PD3D2I.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\165632\306571.exe', '32'); DeleteFile('C:\Program Files\Z8CQN4D29J\AWQF3CDSQ.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\731892\104212.exe', '32'); DeleteFile('C:\Program Files\L0P3IC81DN\M2GLEJLTS.exe', '32'); DeleteFile('C:\Program Files\42GAS0OFYH\5KM3K7AIN.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\256393\842382.exe', '32'); DeleteFile('C:\Program Files\VUOFBDR4EF\P95M3GHN9.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\819426\153747.exe', '32'); DeleteFile('C:\Program Files\3FEOFDJ4A9\3FEOFDJ4A.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\619849\42508.exe', '32'); DeleteFile('C:\Program Files\6OI6VR589C\6OI6VR589.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\196084\741094.exe', '32'); DeleteFile('C:\Program Files\KH8VG8Z1M8\KH8VG8Z1M.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\233955\267382.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\804994\553875.exe', '32'); DeleteFile('C:\Program Files\2SH3NTPW5J\2SH3NTPW5.exe', '32'); DeleteFile('C:\Program Files\TC8XOZAANI\TC8XOZAAN.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\270467\294152.exe', '32'); DeleteFile('C:\Program Files\P3PQ7EGYLG\P3PQ7EGYL.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\148983\652073.exe', '32'); DeleteFile('C:\Program Files\8GDF82UZAX\8GDF82UZA.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\858998\72159.exe', '32'); DeleteFile('C:\Program Files\U2XMYZO1RI\U2XMYZO1R.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\345727\557876.exe', '32'); DeleteFile('C:\Program Files\ONDKANE4Z2\ONDKANE4Z.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\813191\210913.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\571719\416217.exe', '32'); DeleteFile('C:\Program Files\CQWQ6YYIXS\CQWQ6YYIX.exe', '32'); DeleteFile('C:\Program Files\LQCF9M8QE6\LQCF9M8QE.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\553244\176660.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\233532\394815.exe', '32'); DeleteFile('C:\Program Files\2ELMVJXBZN\2ELMVJXBZ.exe', '32'); DeleteFile('C:\Program Files\OCZ7SHMYP7\OCZ7SHMYP.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\244403\62259.exe', '32'); DeleteFile('C:\Program Files\E50368VCKY\8KHAYCLVF.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\272432\52500.exe', '32'); DeleteFile('C:\Program Files\8J1CSLFJV6\8J1CSLFJV.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\888965\817768.exe', '32'); DeleteFile('C:\Program Files\LV7UO0R4JT\LV7UO0R4J.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\436522\501653.exe', '32'); DeleteFile('C:\Program Files\MTH3EORSTP\18HJVLTHJ.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\251196\836424.exe', '32'); DeleteFile('C:\Program Files\R8WBCONE3M\I4FYJULJQ.exe', '32'); DeleteFile('C:\Users\home\AppData\Roaming\gplyra\gplyra\start.cmd', '32'); DeleteFile('C:\Program Files (x86)\DiskP\1BNIZGT0AP7878X.exe', '32'); DeleteFile('C:\Program Files (x86)\SpeeDownloader\6LP212P5085OUC5.exe', '32'); DeleteFile('C:\Windows\Temp\gF2DF.tmp.exe', '32'); DeleteFile('C:\Users\home\AppData\LocalLow\SearchGo\searchgo.dll', '32'); DeleteFile('C:\Program Files (x86)\Draercult Renew\local64spl.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\update_task.exe', '32'); DeleteFile('C:\Program Files (x86)\Fenspgrafogh\thokech.exe', '32'); DeleteFile('C:\ProgramData\VideoMemoryDiagnostic\vmdiag.exe', '32'); DeleteFile('C:\Windows\Manager.exe', '32'); DeleteFile('C:\Program Files (x86)\Fenspgrafogh\verother.exe', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe', '32'); DeleteFile('C:\Users\home\appdata\local\searchgo\searchgo.exe', '32'); DeleteService('8cfb518fe26086fd2d858957d144837e'); DeleteService('UCBrowserSvc'); DeleteService('ucdrv'); DeleteFileMask('c:\program files\8cfb518fe26086fd2d858957d144837e', '*', true); DeleteFileMask('c:\program files (x86)\ucbrowser', '*', true); DeleteFileMask('c:\users\home\appdata\local\temp\is-19t9d.tmp', '*', true); DeleteFileMask('c:\users\home\appdata\roaming\gplyra', '*', true); DeleteFileMask('c:\program files (x86)\diskp', '*', true); DeleteFileMask('c:\program files (x86)\speedownloader', '*', true); DeleteFileMask('c:\users\home\appdata\locallow\searchgo', '*', true); DeleteFileMask('c:\program files (x86)\draercult renew', '*', true); DeleteFileMask('c:\program files (x86)\fenspgrafogh', '*', true); DeleteFileMask('c:\programdata\videomemorydiagnostic', '*', true); DeleteFileMask('c:\users\home\appdata\local\searchgo', '*', true); DeleteDirectory('c:\program files\8cfb518fe26086fd2d858957d144837e'); DeleteDirectory('c:\program files (x86)\ucbrowser'); DeleteDirectory('c:\users\home\appdata\local\temp\is-19t9d.tmp'); DeleteDirectory('c:\users\home\appdata\roaming\gplyra'); DeleteDirectory('c:\program files (x86)\diskp'); DeleteDirectory('c:\program files (x86)\speedownloader'); DeleteDirectory('c:\users\home\appdata\locallow\searchgo'); DeleteDirectory('c:\program files (x86)\draercult renew'); DeleteDirectory('c:\program files (x86)\fenspgrafogh'); DeleteDirectory('c:\programdata\videomemorydiagnostic'); DeleteDirectory('c:\users\home\appdata\local\searchgo'); DelBHO('{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}'); DelBHO('{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Drerniied Mapper" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\Manager" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Pritc" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Shelnelit Builder" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserSecureUpdater" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserUpdater" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserUpdaterCore" /F', 0, 15000, true); DelCLSID('{65122CB0-EA0F-47DF-A953-017170ED12F9}'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'msiql'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Pritc'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '81089'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Y4Y86V94VMIWXFW'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '629360'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '659635'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'K5KC2A301E3RJ3W'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '943159'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '571647'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'OCFPQP98JJQCVW4'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'FRU47P46KJEZ7BH'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '82899'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'P9YN8DDAT17BFHP'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MIIGBEO2WE3S2BW'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '511424'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '403894'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '3Z1SMM8ZQ90IAWD'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '271482'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '14SDPVQ1ALHW7E2'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '5631'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'K5K5RIWQUDB6EZE'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '1HDNCZC263V47XP'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '47408'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '531312'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '7S730N8KJ0WH6QN'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '504925'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'XO49XDNNAFRP3O8'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '48608'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'RY5UTKF7PUWN5A0'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'L9S1CSHG7T48SDU'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '76081'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '124585'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GRX5BG4YTPIC7MH'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'PE2D0A5PX06C5D3'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '528964'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '367459'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'NMUJPEUTL9LRVEX'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MERL90RLQETR4F7'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '194134'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '143630'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Z8876VH7A38HMKE'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '321225'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'B0KLW3VLQRERYX7'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '208432'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '1S4OE59L1I7V9Q3'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '1GLPHF9FF4VU3CY'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '120807'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '501S0JY5HUL1007'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '446677'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '1FO9URXZ1LYYE7B'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '963831'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '59O4ZKHX4JD41J3'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '641962'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '84IGQRF7BH008BY'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '745545'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '937402'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'VEV4C13VSA6FOEE'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ENB4VEJ4EX10PZC'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '548223'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'XCXN3H0VH1JMHCG'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '852603'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'XIH3FSYG5ZFQON5'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '787341'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'G5BVL46CCVT1GQB'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '469606'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YQZG76TQPCIJXZC'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '77864'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '864130'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '6RADX2DI2DBZU5I'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'UUX3ALUS0KYN5K5'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '485175'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '275663'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'W1HXJGNTKKO3ETZ'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '0L80N18UJTMFJPE'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '850960'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SBT1SJXYFEB01JS'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '296818'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'R8MMPLFVG7KCJ9J'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '973536'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '9HHGYJ6982CRVDO'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '33046'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '7XT449FJB6KYOSF'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '62502'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'HWV2AAV4YMIOFMA'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gplyra'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'OMEWPRODUCT_GS4T4'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'OMEWPRODUCT_Y0NSR'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'DESKTOP-56D0MER'); CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip'); ExecuteSysClean; ExecuteWizard('SCU', 3, 3, true); RebootWindows(true); end.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Сделайте новый лог Autologger.
Сделайте лог Malwarebytes AdwCleaner.
WBR,
Vadim
Мои отчёты:
Выполните скрипт в AVZ:Компьютер перезагрузится.Код:begin TerminateProcessByName('c:\program files (x86)\youtubeadblockie\mntj9b4.exe'); TerminateProcessByName('c:\program files (x86)\zaxar\zaxargamebrowser.exe'); TerminateProcessByName('c:\program files (x86)\zaxar\zaxarloader.exe'); QuarantineFile('c:\program files (x86)\youtubeadblockie\mntj9b4.exe', ''); QuarantineFile('c:\program files (x86)\zaxar\zaxargamebrowser.exe', ''); QuarantineFile('c:\program files (x86)\zaxar\zaxarloader.exe', ''); QuarantineFile('C:\Program Files (x86)\YoutubeAdBlockIE\kBaaAq7p.dll', ''); QuarantineFile('C:\Program Files (x86)\YoutubeAdBlockIE\qZlPQ5.dll', ''); QuarantineFile('c:\users\home\appdata\roaming\winsapsvc\winsap.dll', ''); QuarantineFile('c:\programdata\bit\bit.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', ''); QuarantineFile('C:\Users\home\AppData\Roaming\SearchAY\ml.py', ''); QuarantineFile('C:\Program Files (x86)\Draercult Renew\local64spl.dll', ''); QuarantineFile('C:\Users\home\AppData\Roaming\SearchAY\app.py', ''); DeleteFile('c:\program files (x86)\youtubeadblockie\mntj9b4.exe', '32'); DeleteFile('c:\program files (x86)\zaxar\zaxargamebrowser.exe', '32'); DeleteFile('c:\program files (x86)\zaxar\zaxarloader.exe', '32'); DeleteFile('C:\Program Files (x86)\YoutubeAdBlockIE\kBaaAq7p.dll', '32'); DeleteFile('C:\Program Files (x86)\YoutubeAdBlockIE\qZlPQ5.dll', '32'); DeleteFile('c:\users\home\appdata\roaming\winsapsvc\winsap.dll', '32'); DeleteFile('c:\programdata\bit\bit.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Core.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Gui.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Network.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5WebKit.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Widgets.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Xml.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5WebKitWidgets.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\libGLESv2.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\icuin58.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\icuuc58.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Sensors.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Positioning.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Quick.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5WebChannel.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Qml.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Multimedia.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Sql.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5MultimediaWidgets.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5PrintSupport.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5OpenGL.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\icudt58.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\platforms\qwindows.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\libEGL.DLL', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qico.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qgif.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qicns.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qjpeg.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qsvg.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\Qt5Svg.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qtga.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qtiff.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qwbmp.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\imageformats\qwebp.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\sensors\qtsensors_generic.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\bearer\qgenericbearer.dll', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\bearer\qnativewifibearer.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', '32'); DeleteFile('C:\Users\home\AppData\Roaming\SearchAY\ml.py', '32'); DeleteFile('C:\Program Files (x86)\Draercult Renew\local64spl.dll', '32'); DeleteFile('C:\Users\home\AppData\Roaming\SearchAY\app.py', '32'); DeleteService('ucdrv'); DeleteFileMask('c:\program files (x86)\youtubeadblockie', '*', true); DeleteFileMask('c:\program files (x86)\zaxar', '*', true); DeleteFileMask('c:\programdata\bit', '*', true); DeleteFileMask('c:\program files (x86)\zaxar\platforms', '*', true); DeleteFileMask('c:\program files (x86)\zaxar\imageformats', '*', true); DeleteFileMask('c:\program files (x86)\zaxar\sensors', '*', true); DeleteFileMask('c:\program files (x86)\zaxar\bearer', '*', true); DeleteFileMask('c:\program files (x86)\ucbrowser', '*', true); DeleteFileMask('c:\users\home\appdata\roaming\searchay', '*', true); DeleteFileMask('c:\program files (x86)\draercult renew', '*', true); DeleteFileMask('"c:\program files (x86)\mio', '*', true); DeleteDirectory('c:\program files (x86)\youtubeadblockie'); DeleteDirectory('c:\program files (x86)\zaxar'); DeleteDirectory('c:\programdata\bit'); DeleteDirectory('c:\program files (x86)\zaxar\platforms'); DeleteDirectory('c:\program files (x86)\zaxar\imageformats'); DeleteDirectory('c:\program files (x86)\zaxar\sensors'); DeleteDirectory('c:\program files (x86)\zaxar\bearer'); DeleteDirectory('c:\program files (x86)\ucbrowser'); DeleteDirectory('c:\users\home\appdata\roaming\searchay'); DeleteDirectory('c:\program files (x86)\draercult renew'); DeleteDirectory('"c:\program files (x86)\mio'); DelBHO('{E3605470-291B-44EB-8648-745EE356599A}'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Milimili" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "SearchAY" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "SearchAY2" /F', 0, 15000, true); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SearchAY'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\BIT\Parameters', 'ServiceDll'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\WinSAPSvc\Parameters', 'ServiceDll'); CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip'); ExecuteSysClean; ExecuteRepair(9); RebootWindows(true); end.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Удалите всё найденное в AdwCleaner, дождитесь окончания удаления и перезагрузите систему по требованию программы.
После входа в систему откроется отчёт AdwCleaner - файл AdwCleaner[C0].txt, прикрепите к своему следующему сообщению.
Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (можно все в одном архиве).
WBR,
Vadim
Отчёты:
Запустите FRST/FRST64. Нажмите комбинацию Ctrl+Y - откроется Блокнот. Скопируйте в него следующий код:Сохраните (Ctrl+S) и закройте.Код:CreateRestorePoint: HKLM\...\Providers\iv66h1jk: C:\Program Files (x86)\Draercult Renew\local64spl.dll ShellExecuteHooks: No Name - {9412FDF4-316F-11E7-A9D3-64006A5CFC23} - C:\Program Files (x86)\Fenspgrafogh\Plugoingclinich.dll -> No File ShellExecuteHooks: No Name - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> No File ShellExecuteHooks: No Name - {EC101588-316F-11E7-BD41-64006A5CFC23} - C:\Program Files (x86)\Fenspgrafogh\Jiboing.dll -> No File ShellExecuteHooks: No Name - {8A9EC27A-3171-11E7-AC23-64006A5CFC23} - C:\Users\home\AppData\Roaming\Arerriied\Coenerlenibi.dll -> No File BHO: YoutubeAdBlock -> {E3605470-291B-44EB-8648-745EE356599A} -> C:\Program Files (x86)\YoutubeAdBlockIE\t1IgwfK.dll => No File CHR Extension: (No Name) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-25] CHR Extension: (No Name) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (No Name) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\bapebekcapehfapcilombbgepgedmnmn [2016-06-20] CHR Extension: (Mail.Ru) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-05-11] CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-05-10] CHR Extension: (No Name) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\epgjfmblhacacphaljkdcjllkomdcjpc [2017-05-10] CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-05-11] CHR Extension: (No Name) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\hpcghcdjnehpkdecaflpedhklimnejia [2017-05-10] CHR Extension: (No Name) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\jdfonankhfnhihdcpaagpabbaoclnjfp [2017-05-10] CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-05-10] CHR Extension: (Mail.Ru) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-05-11] CHR Extension: (No Name) - C:\Users\home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pfigaoamnncijbgomifamkmkidnnlikl [2017-05-10] CHR HKLM-x32\...\Chrome\Extension: [epgjfmblhacacphaljkdcjllkomdcjpc] - hxxps://clients2.google.com/service/update2/crx 2017-05-12 13:21 - 2017-05-12 13:21 - 00000000 ____D C:\Program Files (x86)\MIO 2017-05-12 13:19 - 2017-05-12 13:19 - 00000000 ____D C:\Program Files (x86)\YoutubeAdBlockUn 2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soci2Sear Browser Enhancer 2017-05-12 13:11 - 2017-05-12 13:11 - 00000000 ____D C:\Program Files (x86)\r27o9fqd 2017-05-11 10:42 - 2017-05-13 00:43 - 00000000 ____D C:\Users\home\AppData\Roaming\Arerriied 2017-05-11 10:42 - 2017-05-11 10:42 - 00000000 ____D C:\Program Files (x86)\Drerniied Mapper 2017-05-11 10:40 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\R8WBCONE3M 2017-05-11 10:40 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\MTH3EORSTP 2017-05-11 10:38 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\LV7UO0R4JT 2017-05-11 00:51 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\E50368VCKY 2017-05-11 00:51 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\8J1CSLFJV6 2017-05-11 00:44 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\OCZ7SHMYP7 2017-05-11 00:44 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\2ELMVJXBZN 2017-05-11 00:19 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\ONDKANE4Z2 2017-05-11 00:19 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\LQCF9M8QE6 2017-05-11 00:19 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\CQWQ6YYIXS 2017-05-11 00:12 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\U2XMYZO1RI 2017-05-11 00:12 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\8GDF82UZAX 2017-05-11 00:11 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\P3PQ7EGYLG 2017-05-11 00:01 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\TC8XOZAANI 2017-05-11 00:01 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\2SH3NTPW5J 2017-05-11 00:00 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\KH8VG8Z1M8 2017-05-10 23:58 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\6OI6VR589C 2017-05-10 23:57 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\3FEOFDJ4A9 2017-05-10 23:56 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\VUOFBDR4EF 2017-05-10 23:01 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\L0P3IC81DN 2017-05-10 23:01 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\42GAS0OFYH 2017-05-10 23:00 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\Z8CQN4D29J 2017-05-10 23:00 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\UXM0YUDC2X 2017-05-10 22:25 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\GJZ4494TA6 2017-05-10 22:25 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\52GXEZ8DC6 2017-05-10 22:23 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\YF0M0IDCJU 2017-05-10 22:23 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\SJCL7N0TB5 2017-05-10 21:48 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\ZSRSQX5LFH 2017-05-10 21:48 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\3KWT6GW1IK 2017-05-10 21:48 - 2017-05-10 21:48 - 00000000 ____D C:\Program Files (x86)\Shelnelit Builder 2017-05-10 21:47 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\X4XY1M4Q2D 2017-05-10 21:47 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\P3BNL8BH4H 2017-05-10 21:26 - 2017-05-10 21:26 - 00000000 ____D C:\Users\home\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw 2017-05-10 21:15 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\Z9F0KY60HL 2017-05-10 21:15 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\CQ0TB8LCHT 2017-05-10 21:15 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\2UG9HI7XXS 2017-05-10 21:15 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\1FHUOQJL69 2017-05-10 20:44 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\Z7099V4JG5 2017-05-10 20:44 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\Z37G83SXTW 2017-05-10 20:44 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\N819I21XPZ 2017-05-10 20:44 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\MR3N5NHRLP 2017-05-10 20:44 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\67ZMPEKCMS 2017-05-10 20:44 - 2017-05-10 20:49 - 00000000 ____D C:\Users\home\AppData\Local\Sepiiedstuzosh 2017-05-10 20:43 - 2017-05-13 00:39 - 00000000 ____D C:\Program Files\SSCT9NO49Z 2017-05-10 20:21 - 2017-05-11 15:09 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-05-10 20:15 - 2017-05-10 20:16 - 00000000 ____D C:\Program Files\6EZSL02PD5 2017-05-10 20:14 - 2017-05-10 20:14 - 00000000 ____D C:\Program Files\NGOVHUZFWC 2017-05-10 20:14 - 2017-05-10 20:14 - 00000000 ____D C:\Program Files (x86)\Zirotain 2017-05-10 20:12 - 2017-05-10 20:13 - 00000000 ____D C:\Program Files\9T78K6TQMJ 2017-05-10 20:12 - 2017-05-10 20:12 - 00000000 ____D C:\Program Files\JHBOY7AN5C 2017-05-10 20:12 - 2017-05-10 20:12 - 00000000 ____D C:\Program Files\AG8E8IRRMD 2017-05-10 20:06 - 2017-05-10 20:08 - 00000000 ____D C:\Program Files\V2RKZEJ1BX 2017-05-10 20:04 - 2017-05-10 20:07 - 00000000 ____D C:\Program Files\R865S3PZUL 2017-05-10 19:32 - 2017-05-10 19:34 - 00000000 ____D C:\Program Files\QLW6MER4UT 2017-05-10 19:32 - 2017-05-10 19:34 - 00000000 ____D C:\Program Files\Q0J5L5MO0Q 2017-05-10 19:29 - 2017-05-10 19:30 - 00000000 ____D C:\Program Files\90EWEGZM1G 2017-05-10 12:09 - 2017-05-11 14:23 - 00000000 ____D C:\ProgramData\ProductData 2017-05-10 12:09 - 2017-05-10 12:09 - 00000000 ____D C:\WINDOWS\IObit 2017-05-10 12:09 - 2017-05-10 12:09 - 00000000 ____D C:\Users\home\AppData\LocalLow\IObit 2017-05-10 12:09 - 2017-05-10 12:09 - 00000000 ____D C:\ProgramData\IObit Task: {F1C386A3-D36E-4520-8DEA-3D36EBD6782E} - System32\Tasks\Magic Web => Rundll32.exe "C:\Program Files\Magic Web\Magic Web.dll",aHRGOwLNlT Shortcut: C:\Users\home\Links\Яндекс.Диск.lnk -> C:\Users\home\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (No File) <===== Cyrillic Shortcut: C:\Users\home\Desktop\Яндекс.Диск.lnk -> C:\Users\home\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe (No File) <===== Cyrillic Shortcut: C:\Users\home\Desktop\там скайп и майн и блокнот да да\Игровой центр Mail.Ru.lnk -> C:\Users\home\AppData\Local\Mail.Ru\GameCenter\[email protected] (No File) <===== Cyrillic Shortcut: C:\Users\home\Desktop\там скайп и майн и блокнот да да\new-fnaf2-1.8\это не майнрафт Ш.lnk -> C:\Users\home\AppData\Roaming\.minecraft\ru-m.org.exe (No File) <===== Cyrillic ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444] AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914] AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458] AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [125] AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [124] HKU\S-1-5-21-2369782517-1873532991-4000934080-1001\...\StartupApproved\Run: => "GameCenterMailRu" FirewallRules: [{1C6F955F-BB38-4A5E-8EF3-AFC1DFAB66A9}] => (Block) C:\users\home\appdata\roaming\loadleader\loadleader.exe FirewallRules: [{45E1A64E-6065-45C0-8082-6B7618638D9C}] => (Block) C:\users\home\appdata\roaming\loadleader\loadleader.exe FirewallRules: [UDP Query User{A98EE95C-365B-46C6-9646-2A5B950F8179}C:\users\home\appdata\local\mail.ru\gamecenter\[email protected]] => (Block) C:\users\home\appdata\local\mail.ru\gamecenter\[email protected] FirewallRules: [TCP Query User{D25C18BF-E5E2-428E-A0A8-2D614C955FF4}C:\users\home\appdata\local\mail.ru\gamecenter\[email protected]] => (Block) C:\users\home\appdata\local\mail.ru\gamecenter\[email protected] FirewallRules: [UDP Query User{9D9EF7C8-DFAE-4548-8969-EC835595F02F}C:\users\home\appdata\local\mail.ru\gamecenter\[email protected]] => (Allow) C:\users\home\appdata\local\mail.ru\gamecenter\[email protected] FirewallRules: [TCP Query User{C55B0B31-80A6-41A9-AFE2-996470FFAF4E}C:\users\home\appdata\local\mail.ru\gamecenter\[email protected]] => (Allow) C:\users\home\appdata\local\mail.ru\gamecenter\[email protected] FirewallRules: [{D24454EA-7EBA-4433-8272-1F9383E33E78}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{C1C4CDF7-A3D7-446E-A574-7B01E5B8B9BD}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{D6225A43-7527-4DF3-B98A-C178C281C13F}] => (Allow) C:\Users\home\AppData\Local\Amigo\Application\amigo.exe Reboot:
Отключите до перезагрузки антивирус, закройте все браузеры, в FRST нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.
Сообщите, что с проблемой.
WBR,
Vadim
Реклама исчезла, браузеры больше самовольно не открываются.
Запустите AdwCleaner и нажмите Файл (File) -> Деинсталлировать (Uninstall).
Удалите папку C:\FRST со всем содержимым.
Выполните рекомендации после лечения.
Статистика проведенного лечения:
- Получено карантинов: 2
- Обработано файлов: 56
- В ходе лечения обнаружены вредоносные программы:
- c:\program files (x86)\youtubeadblockie\kbaaaq7p.dll - not-a-virus:AdWare.Win32.Neoreklami.bce
- c:\program files\cqwq6yyixs\cqwq6yyix.exe - HEUR:Trojan.Win32.Generic
- c:\program files\cq0tb8lcht\cq0tb8lch.exe - HEUR:Trojan.Win32.Generic
- c:\program files\e50368vcky\8khayclvf.exe - HEUR:Trojan.Win32.Generic
- c:\program files\gjz4494ta6\gjz4494ta.exe - HEUR:Trojan.Win32.Generic
- c:\program files\kh8vg8z1m8\kh8vg8z1m.exe - HEUR:Trojan.Win32.Generic
- c:\program files\lqcf9m8qe6\lqcf9m8qe.exe - HEUR:Trojan.Win32.Generic
- c:\program files\lv7uo0r4jt\lv7uo0r4j.exe - HEUR:Trojan.Win32.Generic
- c:\program files\l0p3ic81dn\m2glejlts.exe - HEUR:Trojan.Win32.Generic
- c:\program files\mr3n5nhrlp\mr3n5nhrl.exe - HEUR:Trojan.Win32.Generic
- c:\program files\mth3eorstp\18hjvlthj.exe - HEUR:Trojan.Win32.Generic
- c:\program files\n819i21xpz\70waq53hj.exe - HEUR:Trojan.Win32.Generic
- c:\program files\ocz7shmyp7\ocz7shmyp.exe - HEUR:Trojan.Win32.Generic
- c:\program files\ondkane4z2\ondkane4z.exe - HEUR:Trojan.Win32.Generic
- c:\program files\p3bnl8bh4h\p3bnl8bh4.exe - HEUR:Trojan.Win32.Generic
- c:\program files\p3pq7egylg\p3pq7egyl.exe - HEUR:Trojan.Win32.Generic
- c:\program files\r8wbcone3m\i4fyjuljq.exe - HEUR:Trojan.Win32.Generic
- c:\program files\sjcl7n0tb5\sjcl7n0tb.exe - HEUR:Trojan.Win32.Generic
- c:\program files\ssct9no49z\5hj8hnv58.exe - HEUR:Trojan.Win32.Generic
- c:\program files\tc8xozaani\tc8xozaan.exe - HEUR:Trojan.Win32.Generic
- c:\program files\uxm0yudc2x\5m0pd3d2i.exe - HEUR:Trojan.Win32.Generic
- c:\program files\u2xmyzo1ri\u2xmyzo1r.exe - HEUR:Trojan.Win32.Generic
- c:\program files\vuofbdr4ef\p95m3ghn9.exe - HEUR:Trojan.Win32.Generic
- c:\program files\x4xy1m4q2d\x4xy1m4q2.exe - HEUR:Trojan.Win32.Generic
- c:\program files\yf0m0idcju\yf0m0idcj.exe - HEUR:Trojan.Win32.Generic
- c:\program files\zsrsqx5lfh\zsrsqx5lf.exe - HEUR:Trojan.Win32.Generic
- c:\program files\z37g83sxtw\z37g83sxt.exe - HEUR:Trojan.Win32.Generic
- c:\program files\z7099v4jg5\1tn3she4z.exe - HEUR:Trojan.Win32.Generic
- c:\program files\z8cqn4d29j\awqf3cdsq.exe - HEUR:Trojan.Win32.Generic
- c:\program files\z9f0ky60hl\z9f0ky60h.exe - HEUR:Trojan.Win32.Generic
- c:\program files\1fhuoqjl69\1fhuoqjl6.exe - HEUR:Trojan.Win32.Generic
- c:\program files\2elmvjxbzn\2elmvjxbz.exe - HEUR:Trojan.Win32.Generic
- c:\program files\2sh3ntpw5j\2sh3ntpw5.exe - HEUR:Trojan.Win32.Generic
- c:\program files\2ug9hi7xxs\2ug9hi7xx.exe - HEUR:Trojan.Win32.Generic
- c:\program files\3feofdj4a9\3feofdj4a.exe - HEUR:Trojan.Win32.Generic
- c:\program files\3kwt6gw1ik\3kwt6gw1i.exe - HEUR:Trojan.Win32.Generic
- c:\program files\42gas0ofyh\5km3k7ain.exe - HEUR:Trojan.Win32.Generic
- c:\program files\52gxez8dc6\irmcmzeec.exe - HEUR:Trojan.Win32.Generic
- c:\program files\6oi6vr589c\6oi6vr589.exe - HEUR:Trojan.Win32.Generic
- c:\program files\67zmpekcms\asoo5koi9.exe - HEUR:Trojan.Win32.Generic
- c:\program files\8gdf82uzax\8gdf82uza.exe - HEUR:Trojan.Win32.Generic
- c:\program files\8j1cslfjv6\8j1cslfjv.exe - HEUR:Trojan.Win32.Generic
- c:\programdata\videomemorydiagnostic\vmdiag.exe - UDS:DangerousObject.Multi.Generic
- c:\users\home\appdata\locallow\searchgo\searchgo.d ll - not-a-virus:AdWare.Win32.Agent.kcwn ( BitDefender: Trojan.GenericKD.3158757, AVAST4: Win32:Malware-gen )
- c:\users\home\appdata\local\searchgo\searchgo.exe - not-a-virus:AdWare.Win32.Searchgo.a ( BitDefender: Trojan.GenericKD.3141570, AVAST4: Win32:Adware-gen [Adw] )
- c:\users\home\appdata\local\temp\is-19t9d.tmp\setup.exe - UDS:DangerousObject.Multi.Generic
- c:\users\home\appdata\local\temp\00030047\msiql.ex e - not-a-virus:HEUR:AdWare.Win32.Sokuxuan.gen ( BitDefender: Gen:Variant.Zusy.188040 )
- c:\windows\manager.exe - UDS:DangerousObject.Multi.Generic
Уважаемый(ая) Sefron, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.
Ваши права в разделе
