При загрузке Windows выскакивает реклама на китайском. В браузере открываются окна китайских сайтов. Прошу проверить логи.
При загрузке Windows выскакивает реклама на китайском. В браузере открываются окна китайских сайтов. Прошу проверить логи.
С уважением, Илья
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) Ilya2009, спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Антивирус от Kingsoft сами устанавливали? Если нет - удалите. Если да - тоже
Выполните скрипт в AVZ:Компьютер перезагрузится.Код:begin TerminateProcessByName('C:\Program Files\R0OIFHG4UG\4PVXNGM5T.exe'); TerminateProcessByName('C:\Program Files\9684X01WQN\9684X01WQ.exe'); TerminateProcessByName('C:\Program Files\AHQ5FIN2ES\AHQ5FIN2E.exe'); TerminateProcessByName('C:\Windows\Temp\g3A6B.tmp.exe'); TerminateProcessByName('C:\Windows\Temp\gFB53.tmp.exe'); TerminateProcessByName('C:\Program Files\HQ6JRYEDIV\HQ6JRYEDI.exe'); TerminateProcessByName('c:\users\nataly\appdata\roaming\hwmonitorapp\hwmonitorapp.exe'); TerminateProcessByName('c:\program files (x86)\kingsoft\shoujizhushou\kphonetray.exe'); TerminateProcessByName('C:\Users\Nataly\AppData\Roaming\TestService\llkq.exe'); TerminateProcessByName('c:\program files (x86)\yubealckie\m3d5qeir4.exe'); TerminateProcessByName('c:\program files (x86)\mediaserchie\m8i8rxaq.exe'); TerminateProcessByName('c:\users\nataly\appdata\local\mail.ru\mailruupdater.exe'); TerminateProcessByName('c:\program files (x86)\system tools 9.0.0\systemtools.exe'); TerminateProcessByName('c:\program files (x86)\ucbrowser\application\6.1.2716.5\ucagent.exe'); TerminateProcessByName('c:\program files (x86)\ucbrowser\application\ucbrowser.exe'); TerminateProcessByName('c:\program files (x86)\ucbrowser\application\ucservice.exe'); StopService('UCBrowserSvc'); StopService('ckjrpvkqf.sys'); StopService('ucdrv'); StopService('wfcre'); QuarantineFileF('c:\program files\9684x01wqn', '*.exe', false, '', 0 , 0); QuarantineFileF('c:\program files\hq6jryediv', '*.exe', false, '', 0 , 0); QuarantineFileF('c:\users\nataly\appdata\roaming\hwmonitorapp', '*.exe', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\kingsoft\shoujizhushou', '*.exe', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\mediaserchie', '*.exe', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\vkontodnblockie', '*.exe', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\zaxar', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0); QuarantineFileF('c:\users\nataly\appdata\local\hostinstaller', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0); QuarantineFileF('c:\program files (x86)\vkontodnblocku2', '*.dll', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\yubealcku2', '*.dll', false, '', 0 , 0); QuarantineFileF('c:\program files (x86)\mediaserchu2', '*.dll', false, '', 0 , 0); QuarantineFile('C:\Program Files\R0OIFHG4UG\4PVXNGM5T.exe', ''); QuarantineFile('C:\Program Files\9684X01WQN\9684X01WQ.exe', ''); QuarantineFile('C:\Program Files\AHQ5FIN2ES\AHQ5FIN2E.exe', ''); QuarantineFile('C:\Windows\Temp\g3A6B.tmp.exe', ''); QuarantineFile('C:\Windows\Temp\gFB53.tmp.exe', ''); QuarantineFile('C:\Program Files\HQ6JRYEDIV\HQ6JRYEDI.exe', ''); QuarantineFile('c:\users\nataly\appdata\roaming\hwmonitorapp\hwmonitorapp.exe', ''); QuarantineFile('c:\program files (x86)\kingsoft\shoujizhushou\kphonetray.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\TestService\llkq.exe', ''); QuarantineFile('c:\program files (x86)\yubealckie\m3d5qeir4.exe', ''); QuarantineFile('c:\program files (x86)\mediaserchie\m8i8rxaq.exe', ''); QuarantineFile('c:\users\nataly\appdata\local\mail.ru\mailruupdater.exe', ''); QuarantineFile('c:\program files (x86)\system tools 9.0.0\systemtools.exe', ''); QuarantineFile('c:\program files (x86)\ucbrowser\application\6.1.2716.5\ucagent.exe', ''); QuarantineFile('c:\program files (x86)\ucbrowser\application\ucbrowser.exe', ''); QuarantineFile('c:\program files (x86)\ucbrowser\application\ucservice.exe', ''); QuarantineFile('C:\Program Files (x86)\VKontOdnBlockIE\kJwGsiwD.dll', ''); QuarantineFile('C:\Program Files (x86)\YubeAlckIE\k42rheDK2.dll', ''); QuarantineFile('C:\Program Files (x86)\MediaSerchIE\k5MPaBO.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfoc.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\krapidservice.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\LIBEAY32.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\SSLEAY32.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\keasyipcn.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobiletray.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kcomponent.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmq.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksoft\softmgr.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfocache.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspmediator.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kadbtool.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\knewsfeed.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksfskin.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpopclt.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\passnetwork.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobilescan.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcore.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kconnectengine.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcorecloud.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kexamclear.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\floatapp.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\skhelper.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kusbcore.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\zlib1.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphquery.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphonebackup.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspclient.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi2.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinUsbApi.dll', ''); QuarantineFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ktoolupd.dll', ''); QuarantineFile('c:\program files (x86)\kingsoft\kingsoft antivirus\keasyipcn.dll', ''); QuarantineFile('c:\program files (x86)\kingsoft\kingsoft antivirus\zlib1.dll', ''); QuarantineFile('C:\Program Files (x86)\YubeAlckIE\h42Ia.dll', ''); QuarantineFile('C:\Program Files (x86)\MediaSerchIE\9UBp2gB.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_elf.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_child.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libmp3lame.DLL', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libglesv2.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libegl.dll', ''); QuarantineFile('C:\WINDOWS\system32\drivers\ckjrpvkqf.sys', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', ''); QuarantineFile('C:\Windows\system32\drivers\wfcre.sys', ''); QuarantineFile('C:\WINDOWS\system32\drivers\pjruwblhx.sys', ''); QuarantineFile('C:\WINDOWS\system32\drivers\wxvguqyos.sys', ''); QuarantineFile('C:\Program Files (x86)\DiskWMpower\DiskPower.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe', ''); QuarantineFile('C:\Program Files\OCA3I5J7OH\OCA3I5J7O.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\TestService\TestService.vbs', ''); QuarantineFile('C:\Program Files\X1D3BFQEPV\X1D3BFQEP.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\novezum55hv\mx5n2zxahur.exe', ''); QuarantineFile('C:\Program Files\N0PJKE050W\N0PJKE050.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\3nl2z4fln2w\0hm5risbftv.exe', ''); QuarantineFile('C:\Program Files (x86)\jysvzipv42u\I70VW.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\wadsbo1hx5o\eyxp5fboe2x.exe', ''); QuarantineFile('C:\Program Files\E610M0SV61\E610M0SV6.exe', ''); QuarantineFile('C:\Program Files\BN3G220HZ9\BN3G220HZ.exe', ''); QuarantineFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\yuw3oo200hw\gdrnbbmjuda.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\rqcxetn05kh\t3wbjgke5q2.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Roaming\gplyra\gplyra.exe', ''); QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll', ''); QuarantineFile('C:\Program Files (x86)\VKontOdnBlockU\9RuiTJd.dll', ''); QuarantineFile('C:\Program Files (x86)\YubeAlckU\Dh81QPf.dll', ''); QuarantineFile('C:\Program Files (x86)\MediaSerchU\oJjiJzR.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\update_task.exe', ''); QuarantineFile('C:\Users\Nataly\AppData\Local\Hostinstaller\2330996817_installcube.exe', ''); QuarantineFile('C:\Program Files (x86)\VKontOdnBlockU2\pfbpw0L.dll', ''); QuarantineFile('C:\Program Files (x86)\YubeAlckU2\jqaOdxC.dll', ''); QuarantineFile('C:\Program Files (x86)\MediaSerchU2\IpNLGvm.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe', ''); QuarantineFile('C:\Program Files\XE MXFOSB\XE MXFOSB.dll', ''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe', ''); QuarantineFileF('C:\Windows\Temp', '*.tmp.exe', false, '', 0, 0); DeleteFile('C:\Windows\Tasks\290924A7-DF44-4580-A66C-EED007367EC3.job', '64'); DeleteFile('C:\Windows\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job', '64'); DeleteFile('C:\Windows\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511.job', '64'); DeleteFile('C:\Windows\Tasks\UCBrowserUpdater.job', '64'); DeleteFile('C:\Windows\Tasks\UCBrowserUpdaterCore.job', '64'); DeleteFile('C:\Program Files\R0OIFHG4UG\4PVXNGM5T.exe', '32'); DeleteFile('C:\Program Files\9684X01WQN\9684X01WQ.exe', '32'); DeleteFile('C:\Program Files\AHQ5FIN2ES\AHQ5FIN2E.exe', '32'); DeleteFile('C:\Windows\Temp\g3A6B.tmp.exe', '32'); DeleteFile('C:\Windows\Temp\gFB53.tmp.exe', '32'); DeleteFile('C:\Program Files\HQ6JRYEDIV\HQ6JRYEDI.exe', '32'); DeleteFile('c:\users\nataly\appdata\roaming\hwmonitorapp\hwmonitorapp.exe', '32'); DeleteFile('c:\program files (x86)\kingsoft\shoujizhushou\kphonetray.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\TestService\llkq.exe', '32'); DeleteFile('c:\program files (x86)\yubealckie\m3d5qeir4.exe', '32'); DeleteFile('c:\program files (x86)\mediaserchie\m8i8rxaq.exe', '32'); DeleteFile('c:\users\nataly\appdata\local\mail.ru\mailruupdater.exe', '32'); DeleteFile('c:\program files (x86)\system tools 9.0.0\systemtools.exe', '32'); DeleteFile('c:\program files (x86)\ucbrowser\application\6.1.2716.5\ucagent.exe', '32'); DeleteFile('c:\program files (x86)\ucbrowser\application\ucbrowser.exe', '32'); DeleteFile('c:\program files (x86)\ucbrowser\application\ucservice.exe', '32'); DeleteFile('C:\Program Files (x86)\VKontOdnBlockIE\kJwGsiwD.dll', '32'); DeleteFile('C:\Program Files (x86)\YubeAlckIE\k42rheDK2.dll', '32'); DeleteFile('C:\Program Files (x86)\MediaSerchIE\k5MPaBO.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfoc.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\krapidservice.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\LIBEAY32.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\SSLEAY32.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\keasyipcn.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobiletray.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kcomponent.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmq.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksoft\softmgr.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kinfocache.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspmediator.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kadbtool.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\knewsfeed.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ksfskin.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpopclt.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\passnetwork.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kmobilescan.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcore.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kconnectengine.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspcorecloud.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kexamclear.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\floatapp.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\skhelper.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kusbcore.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\zlib1.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphquery.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kphonebackup.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\kpspclient.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi2.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinApi.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\AdbWinUsbApi.dll', '32'); DeleteFile('C:\Program Files (x86)\kingsoft\shoujizhushou\ktoolupd.dll', '32'); DeleteFile('c:\program files (x86)\kingsoft\kingsoft antivirus\keasyipcn.dll', '32'); DeleteFile('c:\program files (x86)\kingsoft\kingsoft antivirus\zlib1.dll', '32'); DeleteFile('C:\Program Files (x86)\YubeAlckIE\h42Ia.dll', '32'); DeleteFile('C:\Program Files (x86)\MediaSerchIE\9UBp2gB.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_elf.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome_child.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libmp3lame.DLL', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\chrome.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libglesv2.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\libegl.dll', '32'); DeleteFile('C:\WINDOWS\system32\drivers\ckjrpvkqf.sys', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys', '32'); DeleteFile('C:\Windows\system32\drivers\wfcre.sys', '32'); DeleteFile('C:\WINDOWS\system32\drivers\pjruwblhx.sys', '32'); DeleteFile('C:\WINDOWS\system32\drivers\wxvguqyos.sys', '32'); DeleteFile('C:\Program Files (x86)\DiskWMpower\DiskPower.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe', '32'); DeleteFile('C:\Program Files\OCA3I5J7OH\OCA3I5J7O.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\TestService\TestService.vbs', '32'); DeleteFile('C:\Program Files\X1D3BFQEPV\X1D3BFQEP.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\novezum55hv\mx5n2zxahur.exe', '32'); DeleteFile('C:\Program Files\N0PJKE050W\N0PJKE050.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\3nl2z4fln2w\0hm5risbftv.exe', '32'); DeleteFile('C:\Program Files (x86)\jysvzipv42u\I70VW.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\wadsbo1hx5o\eyxp5fboe2x.exe', '32'); DeleteFile('C:\Program Files\E610M0SV61\E610M0SV6.exe', '32'); DeleteFile('C:\Program Files\BN3G220HZ9\BN3G220HZ.exe', '32'); DeleteFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\yuw3oo200hw\gdrnbbmjuda.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\rqcxetn05kh\t3wbjgke5q2.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\gplyra\gplyra.exe', '32'); DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll', '32'); DeleteFile('C:\Program Files (x86)\VKontOdnBlockU\9RuiTJd.dll', '32'); DeleteFile('C:\Program Files (x86)\YubeAlckU\Dh81QPf.dll', '32'); DeleteFile('C:\Program Files (x86)\MediaSerchU\oJjiJzR.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\update_task.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Local\Hostinstaller\2330996817_installcube.exe', '32'); DeleteFile('C:\Program Files (x86)\VKontOdnBlockU2\pfbpw0L.dll', '32'); DeleteFile('C:\Program Files (x86)\YubeAlckU2\jqaOdxC.dll', '32'); DeleteFile('C:\Program Files (x86)\MediaSerchU2\IpNLGvm.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe', '32'); DeleteFile('C:\Program Files\XE MXFOSB\XE MXFOSB.dll', '32'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe', '32'); DeleteFile('C:\Users\Nataly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk'); DeleteService('UCBrowserSvc'); DeleteService('ckjrpvkqf.sys'); DeleteService('ucdrv'); DeleteService('wfcre'); DeleteService('pjruwblhx.sys'); DeleteService('wxvguqyos.sys'); DeleteFileMask('c:\program files\r0oifhg4ug', '*', true); DeleteFileMask('c:\program files\9684x01wqn', '*', true); DeleteFileMask('c:\program files\ahq5fin2es', '*', true); DeleteFileMask('c:\program files\hq6jryediv', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\hwmonitorapp', '*', true); DeleteFileMask('c:\program files (x86)\kingsoft\shoujizhushou', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\testservice', '*', true); DeleteFileMask('c:\program files (x86)\yubealckie', '*', true); DeleteFileMask('c:\program files (x86)\mediaserchie', '*', true); DeleteFileMask('c:\users\nataly\appdata\local\mail.ru', '*', true); DeleteFileMask('c:\program files (x86)\system tools 9.0.0', '*', true); DeleteFileMask('c:\program files (x86)\ucbrowser', '*', true); DeleteFileMask('c:\program files (x86)\vkontodnblockie', '*', true); DeleteFileMask('c:\program files (x86)\diskwmpower', '*', true); DeleteFileMask('c:\program files\oca3i5j7oh', '*', true); DeleteFileMask('c:\program files\x1d3bfqepv', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\novezum55hv', '*', true); DeleteFileMask('c:\program files\n0pjke050w', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\3nl2z4fln2w', '*', true); DeleteFileMask('c:\program files (x86)\jysvzipv42u', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\wadsbo1hx5o', '*', true); DeleteFileMask('c:\program files\e610m0sv61', '*', true); DeleteFileMask('c:\program files\bn3g220hz9', '*', true); DeleteFileMask('c:\program files (x86)\yeadesktop', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\yuw3oo200hw', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\rqcxetn05kh', '*', true); DeleteFileMask('c:\users\nataly\appdata\roaming\gplyra', '*', true); DeleteFileMask('c:\program files (x86)\zaxar', '*', true); DeleteFileMask('c:\program files (x86)\vkontodnblocku', '*', true); DeleteFileMask('c:\program files (x86)\yubealcku', '*', true); DeleteFileMask('c:\program files (x86)\mediaserchu', '*', true); DeleteFileMask('c:\users\nataly\appdata\local\hostinstaller', '*', true); DeleteFileMask('c:\program files (x86)\vkontodnblocku2', '*', true); DeleteFileMask('c:\program files (x86)\yubealcku2', '*', true); DeleteFileMask('c:\program files (x86)\mediaserchu2', '*', true); DeleteFileMask('c:\program files\xe mxfosb', '*', true); DeleteFileMask('C:\Windows\Temp', '*.tmp.exe', true); DeleteDirectory('c:\program files\r0oifhg4ug'); DeleteDirectory('c:\program files\9684x01wqn'); DeleteDirectory('c:\program files\ahq5fin2es'); DeleteDirectory('c:\program files\hq6jryediv'); DeleteDirectory('c:\users\nataly\appdata\roaming\hwmonitorapp'); DeleteDirectory('c:\program files (x86)\kingsoft\shoujizhushou'); DeleteDirectory('c:\users\nataly\appdata\roaming\testservice'); DeleteDirectory('c:\program files (x86)\yubealckie'); DeleteDirectory('c:\program files (x86)\mediaserchie'); DeleteDirectory('c:\users\nataly\appdata\local\mail.ru'); DeleteDirectory('c:\program files (x86)\system tools 9.0.0'); DeleteDirectory('c:\program files (x86)\ucbrowser'); DeleteDirectory('c:\program files (x86)\vkontodnblockie'); DeleteDirectory('c:\program files (x86)\diskwmpower'); DeleteDirectory('c:\program files\oca3i5j7oh'); DeleteDirectory('c:\program files\x1d3bfqepv'); DeleteDirectory('c:\users\nataly\appdata\roaming\novezum55hv'); DeleteDirectory('c:\program files\n0pjke050w'); DeleteDirectory('c:\users\nataly\appdata\roaming\3nl2z4fln2w'); DeleteDirectory('c:\program files (x86)\jysvzipv42u'); DeleteDirectory('c:\users\nataly\appdata\roaming\wadsbo1hx5o'); DeleteDirectory('c:\program files\e610m0sv61'); DeleteDirectory('c:\program files\bn3g220hz9'); DeleteDirectory('c:\program files (x86)\yeadesktop'); DeleteDirectory('c:\users\nataly\appdata\roaming\yuw3oo200hw'); DeleteDirectory('c:\users\nataly\appdata\roaming\rqcxetn05kh'); DeleteDirectory('c:\users\nataly\appdata\roaming\gplyra'); DeleteDirectory('c:\program files (x86)\zaxar'); DeleteDirectory('c:\program files (x86)\vkontodnblocku'); DeleteDirectory('c:\program files (x86)\yubealcku'); DeleteDirectory('c:\program files (x86)\mediaserchu'); DeleteDirectory('c:\users\nataly\appdata\local\hostinstaller'); DeleteDirectory('c:\program files (x86)\vkontodnblocku2'); DeleteDirectory('c:\program files (x86)\yubealcku2'); DeleteDirectory('c:\program files (x86)\mediaserchu2'); DeleteDirectory('c:\program files\xe mxfosb'); DelBHO('{290924A7-DF44-4580-A66C-EED007367EC3}'); DelBHO('{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}'); DelBHO('{8E8F97CD-60B5-456F-A201-73065652D099}'); DelBHO('{B3A986DC-C2DD-40A0-8C0C-FEF66B783511}'); DelBHO('{17FE002F-FCF8-4B85-BEA7-5E551B7D4010}'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "290924A7-DF44-4580-A66C-EED007367EC3" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "290924A7-DF44-4580-A66C-EED007367EC32" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "2C6A44CB-AD42-4731-A544-3FBD3D83AB5B" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "B3A986DC-C2DD-40A0-8C0C-FEF66B783511" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "B3A986DC-C2DD-40A0-8C0C-FEF66B7835112" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "MailRuUpdater" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "U2_290924A7-DF44-4580-A66C-EED007367EC3" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserSecureUpdater" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserUpdater" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "UCBrowserUpdaterCore" /F', 0, 15000, true); ExecuteFile('schtasks.exe', '/delete /TN "XE MXFOSB" /F', 0, 15000, true); DelCLSID('{65122CB0-EA0F-47DF-A953-017170ED12F9}'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'DiskPower'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'AppHelperV7.exe'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MailRuUpdater'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SystemTools'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZUCCE7SGPLU4QFV'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'TestService.vbs'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '9HHK41T8TWI4N7I'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'r11bi5comwy'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GRPH05D5QHIMY4K'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gs41dggspi5'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '11DYAWSCOXTTZYD'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'luqmaxjvdax'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '3VFIH9T9V0ZHFZS'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GKMXP9ZAUXSYEAZ'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YeaDesktop'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'HwmonitorApp'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'K4J6NXR2PKYJ9Q1'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'huhgitjpyul'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '0oq44bcfoap'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'HY5XQ3LPEARYL1S'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Z3XEHWJ1UWGVH8J'); RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Z6F10AYWNM2K9EW'); RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gplyra'); CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip'); ExecuteSysClean; ExecuteWizard('SCU', 3, 3, true); RebootWindows(true); end.
В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
Скачайте утилиту Universal Virus Sniffer отсюда и сделайте полный образ автозапуска uVS.
WBR,
Vadim
Сделал как Вы сказали. Основные симптомы ушли, но в браузере самопроизвольно открываются окна и в трее висит строка поиска рекламы.
С уважением, Илья
Ну, не всё сразу, установили себе целый зоопарк китайских вирусов + ещё китайский антивирус для их поддержкиУдалить штатно Kingsoft Antivirus не получится, так хоть отключите его, если сможете.
Удалите программы EnjoyWiFi, Unity Web Player, Амиго и Служба автоматического обновления программ.
OneClick, версия 1.2.4.0 - знаете что, зачем нужно? Деинсталлируйте тоже для верности.
Отключите до перезагрузки антивирус Касперского.
Скопируйте скрипт ниже в буфер обмена (выделить и нажать Ctrl-C):Запустите файл start.exe из папки с uVS, выберите "Запустить под текущим пользователем", в главном меню программы - Скрипты -> выполнить скрипт из буфера обмена.Код:;uVS v4.0.6 [http://dsrt.dyndns.org] ;Target OS: NTv10.0 v400c OFFSGNSAVE cexec tools\CreateRestorePoint.exe BeforeCure ;------------------------autoscript--------------------------- sreg zoo %SystemRoot%\C_02IU47.DAT addsgn BA652BBE5D22C5062FC4F9F9E724324CAE72772CC171EEFB7FC2B0B9B861744C235B4890B586D5C2E5C80FC36226017109FBD03AD61E9073C4005AD038CAEEBF 58 variant of Win64/CoinMiner.BO [ESET] 6 zoo %Sys32%\DRIVERS\SJELBOIAX.SYS addsgn BA6F9BB219E18E3E801D46249B37ED4CAE5AB57D40B29CBCAD2AC3BCAE29BD80F307C1573E559D492B80849F940C4BFA6DBFE97295CAB22C2D77A42FC7062273 64 W32.Trojan.Gen [Webroot] 7 chklst delvir deldir %SystemDrive%\PROGRAM FILES (X86)\MAIL.RU\MAILRUUPDATER deldir %SystemDrive%\USERS\NATALY\APPDATA\LOCAL\AMIGO\APPLICATION delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KRCMDSEXT64.DLL del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KRCMDSEXT64.DLL delref %SystemDrive%\PROGRAMDATA\KINGSOFT\KSALPHA64.DLL del %SystemDrive%\PROGRAMDATA\KINGSOFT\KSALPHA64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KDUMP64.DLL del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KDUMP64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KISFDPRO64.DLL del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KISFDPRO64.DLL delref HTTPS://CHROME.GOOGLE.COM/WEBSTORE/DETAIL/FHOIBNPONJCGJGCNFACEKAIJDBBPLHIB delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KXESCAN\KDHACKER64_EV.SYS del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KXESCAN\KDHACKER64_EV.SYS delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KSNETM\KISNETM64_EV.SYS del %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\SECURITY\KSNETM\KISNETM64_EV.SYS delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS delref %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER\INSTALL.RDF delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE deldir %SystemDrive%\PROGRAMDATA\KINGSOFT uidel "C:\Program Files (x86)\YeaDesktop\unins000.exe" uidel C:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe /uC:\Users\Nataly\AppData\Local\Temp\AppHelperV7.exe uidel "C:\Program Files (x86)\DiskWMpower\unins000.exe" uidel C:\Users\Nataly\AppData\Roaming\HwmonitorApp\uninstaller.exe uidel "C:\Program Files (x86)\System Tools 9.0.0\unins000.exe" uidel C:\Program Files (x86)\MediaSerchUn\uninstall.exe uidel C:\Program Files (x86)\VKontOdnBlockUn\uninstall.exe uidel C:\Program Files (x86)\YubeAlckUn\uninstall.exe uidel "C:\Program Files (x86)\Zaxar\unins000.exe" delref %Sys32%\DRIVERS\LMJBQOGEJ.SYS delref %Sys32%\DRIVERS\KSAPI64.SYS del %Sys32%\DRIVERS\KSAPI64.SYS delref %Sys32%\DRIVERS\BOOTSAFE64_EV.SYS delref HTTP://MAIL.RU/CNT/10445?GP=821115 delref HTTP://GO.MAIL.RU/DISTIB/EP/?Q={SEARCHTERMS}&PRODUCT_ID=%7B5C6463A0-0956-47DA-B33B-6D65EFCD2D56%7D&GP=821116 delref %SystemDrive%\USERS\NATALY\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL delref %SystemDrive%\PROGRAM FILES (X86)\YUBEALCKIE\K42RHEDK2.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MEDIASERCHIE\K5MPABO.DLL delref %SystemDrive%\PROGRAM FILES (X86)\VKONTODNBLOCKIE\KJWGSIWD.DLL delref %SystemDrive%\PROGRAM FILES (X86)\VKONTODNBLOCKIE\T84PZHL.DLL delref %SystemDrive%\PROGRAM FILES (X86)\YUBEALCKIE\TBGV9T7GW.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MEDIASERCHIE\TF1G8WO4A.DLL delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID] zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected] delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected] zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\{A38384B3-2D1D-4F36-BC22-0F7AE402BCD7}\INSTALL.RDF delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\{A38384B3-2D1D-4F36-BC22-0F7AE402BCD7}\INSTALL.RDF zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF zoo %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{5C3FD6D1-9185-4195-B5E1-FAB622427F59}\INSTALL.RDF delall %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{5C3FD6D1-9185-4195-B5E1-FAB622427F59}\INSTALL.RDF zoo %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33}\INSTALL.RDF delall %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33}\INSTALL.RDF zoo %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{430144B3-1DBC-4C4B-925E-8A7A98AEEBC8}\INSTALL.RDF delall %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{430144B3-1DBC-4C4B-925E-8A7A98AEEBC8}\INSTALL.RDF delref HTTPS://MAIL.RU/CNT/11956636?FR=FFHP1.0.3&GP=820321 delref HTTP://GO.MAIL.RU/DISTIB/EP/?PRODUCT_ID=%7B94B580BC-8B19-4D3F-8FDA-974F0A8DC4FB%7D&GP=821116 zoo %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER\INSTALL.RDF delall %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WHKA7QS7.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER\INSTALL.RDF delref %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\TESTSERVICE\KJASDJKAS.VBS delref %SystemDrive%\PROGRAM FILES\XE MXFOSB\XE MXFOSB.DLL delref {35EF4182-F900-4632-B072-8639E4478A61}\[CLSID] delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KDESKMENU64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\KWANSVC64.DLL delref %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\HWMONITORAPP\HWMONITORAPP\HWMONITOR2.EXE delref %SystemDrive%\PROGRAM FILES (X86)\KINGSOFT\KINGSOFT ANTIVIRUS\NPKWS.DLL delref %SystemDrive%\PROGRAM FILES (X86)\VKONTODNBLOCKIE\MAWVAVARR.EXE del %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\UC浏览器.LNK del %SystemDrive%\USERS\NATALY\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\STARTMENU\UC浏览器.LNK del %SystemDrive%\USERS\NATALY\DESKTOP\HWMONITOR2.LNK del %SystemDrive%\USERS\PUBLIC\DESKTOP\UC浏览器.LNK apply czoo deltmp areg ;-------------------------------------------------------------
Компьютер перезагрузится.
В папке с uVS появится архив ZIP с именем, начинающимся с ZOO_ и далее из даты и времени, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.
В папке с UVS будет лог выполнения скрипта, текстовый файл с именем из даты и времени выполнения, прикрепите его с своему сообщению.
Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Кроме уже установленных, отметьте галочками также "90 Days Files".
Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше все в одном архиве).
WBR,
Vadim
Сделал как сказали. UVS лог не создал, в папке с программой не было ничего похожего даже близко. В паке ZOO два файла, но они без расширения *zip. Программа FRST логи создала, они во вложении.
С уважением, Илья
Запустите FRST/FRST64. Нажмите комбинацию Ctrl+Y - откроется Блокнот. Скопируйте в него следующий код:Сохраните (Ctrl+S) и закройте.Код:Powershell: enable-computerrestore "C:\" CreateRestorePoint: HKLM-x32\...\Run: [kxesc] => "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction - Windows Defender <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION HKU\S-1-5-21-2788805853-238867396-2225834899-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=821115 SearchScopes: HKU\S-1-5-21-2788805853-238867396-2225834899-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B5C6463A0-0956-47DA-B33B-6D65EFCD2D56%7D&gp=821116 SearchScopes: HKU\S-1-5-21-2788805853-238867396-2225834899-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B5C6463A0-0956-47DA-B33B-6D65EFCD2D56%7D&gp=821116 BHO: VKOKAdBlock -> {290924A7-DF44-4580-A66C-EED007367EC3} -> C:\Program Files (x86)\VKontOdnBlockIE\t84PZHl.dll => No File BHO: YoutubeAdBlock -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> C:\Program Files (x86)\YubeAlckIE\tbgv9T7gw.dll => No File BHO: TSearch -> {B3A986DC-C2DD-40A0-8C0C-FEF66B783511} -> C:\Program Files (x86)\MediaSerchIE\tF1g8wo4a.dll => No File FF DefaultSearchEngine: Mozilla\Firefox\Profiles\whka7qs7.default -> Поиск@Mail.Ru FF SelectedSearchEngine: Mozilla\Firefox\Profiles\whka7qs7.default -> Поиск@Mail.Ru FF Homepage: Mozilla\Firefox\Profiles\whka7qs7.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=820321 FF Extension: (Fast search) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\amcontextmenu@loucypher [2017-07-07] FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\[email protected] [2017-07-08] FF Extension: (Поиск@Mail.Ru) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\[email protected] [2017-07-08] FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-07-08] FF SearchPlugin: C:\Users\Nataly\AppData\Roaming\Mozilla\Firefox\Profiles\whka7qs7.default\searchplugins\mailru.xml [2017-07-08] FF Extension: (VK+OK AdBlock) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{430144B3-1DBC-4C4B-925E-8A7A98AEEBC8} [2017-07-07] [not signed] FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-07-07] [not signed] FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4155096 2017-07-03] (Mail.Ru) R1 lmjbqogej.sys; C:\WINDOWS\system32\drivers\lmjbqogej.sys [121200 2017-07-10] () [File not signed] S1 peyymvvgx.sys; C:\WINDOWS\system32\drivers\peyymvvgx.sys [15424 2017-07-10] () [File not signed] S1 psogygfry.sys; C:\WINDOWS\system32\drivers\psogygfry.sys [15424 2017-07-10] () [File not signed] R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION S1 wxhrcgsga.sys; C:\WINDOWS\system32\drivers\wxhrcgsga.sys [15424 2017-07-10] () [File not signed] 2017-07-10 23:08 - 2017-07-10 23:08 - 00015424 _____ C:\Windows\system32\Drivers\wxhrcgsga.sys 2017-07-10 22:58 - 2017-07-10 22:58 - 00015424 _____ C:\Windows\system32\Drivers\peyymvvgx.sys 2017-07-10 22:52 - 2017-07-10 22:52 - 00015424 _____ C:\Windows\system32\Drivers\psogygfry.sys 2017-07-10 13:39 - 2017-07-10 22:51 - 00121200 _____ C:\Windows\system32\Drivers\lmjbqogej.sys 2017-07-10 13:37 - 2017-07-09 11:43 - 02409648 _____ (Kingsoft Corporation) C:\Windows\system32\kisedgehmpg.dll 2017-07-09 00:05 - 2017-07-09 00:05 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\kcleaner 2017-07-08 23:26 - 2017-07-08 23:26 - 00000000 ____D C:\Users\Nataly\AppData\LocalLow\TbeAckSt 2017-07-08 23:26 - 2017-07-08 23:26 - 00000000 ____D C:\Users\Nataly\AppData\LocalLow\MedSerch 2017-07-08 22:23 - 2017-07-08 22:23 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\shoujizhushou 2017-07-08 20:46 - 2017-07-10 13:40 - 00000000 ____D C:\ProgramData\KRSHistory 2017-07-08 20:42 - 2017-07-08 20:42 - 00000000 ____D C:\Users\Nataly\AppData\Local\Kingsoft 017-07-07 20:39 - 2017-07-08 20:45 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\jibgcg01wsg 2017-07-07 20:39 - 2017-07-08 20:45 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\35z31as1wzg 2017-07-07 20:39 - 2017-07-07 20:39 - 00000192 _____ C:\Users\Nataly\Desktop\Искать в Интернете.url 2017-07-07 20:39 - 2017-07-07 20:39 - 00000000 ____D C:\Program Files\C3W0OU81CH 2017-07-07 20:39 - 2017-07-07 20:39 - 00000000 ____D C:\Program Files\82IFG6TBX1 2017-07-07 20:36 - 2017-07-10 13:40 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\Kingsoft 2017-07-07 20:36 - 2017-07-08 20:47 - 00000000 ____D C:\Program Files (x86)\kingsoft 2017-07-07 20:36 - 2017-07-07 20:36 - 00000000 ____D C:\Users\Все пользователи\kdesk 2017-07-07 20:36 - 2017-07-07 20:36 - 00000000 ____D C:\ProgramData\kdesk 2017-07-07 20:36 - 2017-07-07 20:36 - 00000000 ____D C:\Program Files (x86)\Tencent 2017-07-07 20:35 - 2017-07-10 22:52 - 00000000 ____D C:\ProgramData\Kingsoft 2017-07-07 20:35 - 2017-07-07 20:36 - 00000000 ____D C:\Users\Все пользователи\Tencent 2017-07-07 20:35 - 2017-07-07 20:36 - 00000000 ____D C:\Users\Nataly\AppData\Roaming\Tencent 2017-07-07 20:35 - 2017-07-07 20:36 - 00000000 ____D C:\ProgramData\Tencent 2017-07-07 20:28 - 2017-07-07 20:28 - 01525110 _____ (Bomoh ) C:\Users\Nataly\Downloads\HDSetup_0958303584.exe 2017-07-07 20:10 - 2017-07-07 20:10 - 00001595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk 2017-07-07 20:10 - 2017-07-07 20:10 - 00001583 _____ C:\Users\Public\Desktop\UC浏览器.lnk 2017-07-07 20:10 - 2017-07-07 20:10 - 00000000 ____D C:\Users\Nataly\AppData\Local\UCBrowser 2017-07-07 20:10 - 2017-07-07 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 2017-07-07 20:09 - 2017-07-10 23:10 - 00000075 _____ C:\Windows\system32\r6lstmp4.dat 2017-07-07 20:09 - 2017-07-10 13:31 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-07-07 20:09 - 2017-07-07 20:09 - 00001180 _____ C:\Users\Nataly\Desktop\Hwmonitor2.lnk 2017-07-07 20:09 - 2017-07-07 20:09 - 00000000 ____D C:\Program Files (x86)\VKontOdnBlockUn 2017-07-07 20:08 - 2017-07-07 20:08 - 00000000 ____D C:\Program Files (x86)\YubeAlckUn 2017-07-07 20:08 - 2017-07-07 20:08 - 00000000 ____D C:\Program Files (x86)\Mail.Ru 2017-07-07 20:08 - 2017-07-05 14:22 - 02017280 ___SH (Micrasaft Carparation) C:\Windows\C_02iu47.dat 2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\LocalLow\Unity 2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\Local\Unity 2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\Local\OneClick 2017-05-18 14:51 - 2017-07-10 22:49 - 00000000 ____D C:\Users\Nataly\AppData\Local\Amigo 2017-05-18 14:51 - 2017-07-10 13:30 - 00000000 ____D C:\Users\Nataly\AppData\Local\Mail.Ru 2017-05-18 14:50 - 2017-05-18 15:51 - 00000000 ____D C:\Users\Все пользователи\Mail.Ru 2017-07-10 13:35 - 2016-07-16 09:04 - 00000000 ____D C:\Program Files\XE MXFOSB ContextMenuHandlers01: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File ContextMenuHandlers01: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers02: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File ContextMenuHandlers02: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File ContextMenuHandlers04: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File ContextMenuHandlers04: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers05: [KDeskMenuShell] -> {B5E436BC-642A-4BF6-B725-26038AF26E89} => c:\program files (x86)\kingsoft\kingsoft antivirus\kdeskmenu64.dll -> No File ContextMenuHandlers05: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} => c:\program files (x86)\kingsoft\kingsoft antivirus\kwansvc64.dll -> No File ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File Task: {1516B8C5-1E14-4045-84C9-04A5A270E188} - System32\Tasks\XE MXFOSB => Rundll32.exe "C:\Program Files\XE MXFOSB\XE MXFOSB.dll",wLxoJnmxUFka <==== ATTENTION AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444] AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914] AlternateDataStreams: C:\Windows\system32\drivers:x86 [1223458] FirewallRules: [{C138DC87-9F11-4906-B4A2-5361BF515664}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{D12D0581-B842-41FA-98A5-FC9EC50D6955}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{2C12F18A-99FE-449B-83A4-69CAC6BF3227}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe FirewallRules: [{3EB1D861-ECA1-40E8-9703-05D4DFFDFB50}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe FirewallRules: [{79E88048-4B72-41CA-969A-E732FCC22FAC}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe FirewallRules: [{29EE5DBF-E9BE-410F-BD19-F707376B1132}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe FirewallRules: [{6A7E5C71-FADD-4686-BD6F-FD79A802C785}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{4369D162-59EE-47BE-8E3A-87AB30E2126B}] => (Allow) C:\Windows\System32\rundll32.exe C:\Program Files (x86)\UCBrowser Reboot:
Отключите до перезагрузки антивирус, закройте все браузеры, в FRST нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.
Сделайте лог Malwarebytes AdwCleaner.
WBR,
Vadim
Сделал. Логи во вложении - в одной файле.
С уважением, Илья
Удалите всё найденное в AdwCleaner, дождитесь окончания удаления и перезагрузите систему по требованию программы.
После входа в систему откроется отчёт AdwCleaner - файл AdwCleaner[C0].txt, прикрепите к своему следующему сообщению.
Очистите кэш и cookies-файлы браузеров и сообщите, что с проблемами.
WBR,
Vadim
Сделал, лог во вложении.
С уважением, Илья
Что с проблемами?
WBR,
Vadim
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 132
- В ходе лечения обнаружены вредоносные программы:
- c:\program files (x86)\system tools 9.0.0\systemtools.exe - not-a-virus:RiskTool.Win32.Agent.aomn
- c:\program files (x86)\zaxar\update.dll - not-a-virus:Downloader.Win32.ZxrLoader.el
- c:\program files\ahq5fin2es\ahq5fin2e.exe - HEUR:Trojan.Win32.Generic
- c:\program files\hq6jryediv\hq6jryedi.exe - HEUR:Trojan.Win32.Generic
- c:\program files\hq6jryediv\uninstaller.exe - HEUR:Trojan.Win32.Generic
- c:\program files\r0oifhg4ug\4pvxngm5t.exe - HEUR:Trojan.Win32.Generic
- c:\program files\xe mxfosb\xe mxfosb.dll - HEUR:Trojan.Win32.Generic
- c:\program files\9684x01wqn\uninstaller.exe - HEUR:Trojan.Win32.Generic
- c:\program files\9684x01wqn\9684x01wq.exe - HEUR:Trojan.Win32.Generic
- c:\users\nataly\appdata\local\temp\apphelperv7.exe - UDS:DangerousObject.Multi.Generic
- c:\users\nataly\appdata\roaming\testservice\llkq.e xe - not-a-virus:RiskTool.Win64.BitCoinMiner.cqa
- c:\windows\temp\geb91.tmp.exe - UDS:DangerousObject.Multi.Generic
- c:\windows\temp\g3a6b.tmp.exe - Trojan.Win64.Eroyee.aod
- c:\windows\temp\g5b18.tmp.exe - UDS:DangerousObject.Multi.Generic
Уважаемый(ая) Ilya2009, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.
Ваши права в разделе
