Здравствуйте. На компьютере вирусы. При попытке проверит dr.Web Curelt вылетает синий экран. Браузеры не запускаются и вылетают банеры.
Здравствуйте. На компьютере вирусы. При попытке проверит dr.Web Curelt вылетает синий экран. Браузеры не запускаются и вылетают банеры.
Уважаемый(ая) -Mikl_V-, спасибо за обращение на наш форум!
Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Выполните скрипт в AVZ
Компьютер перезагрузится.Код:begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); if not IsWOW64 then begin SearchRootkit(true, true); SetAVZGuardStatus(True); end; QuarantineFile('C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll',''); QuarantineFile('C:\Program Files (x86)\ShopperPro\ShopperPro.exe',''); QuarantineFile('C:\Program Files (x86)\ShopperPro\updater.exe',''); QuarantineFile('C:\Program Files (x86)\SensePlus\de5d43b1-434e-442c-aa3c-eab5c7a1ed94-5.exe',''); QuarantineFile('C:\Program Files (x86)\ver8BlockAndSurf\J4BlockAndSurfJ52.exe',''); QuarantineFile('C:\Program Files (x86)\iWebar\4bed9f90-2c1c-4961-ac2b-7b08f3a91045-5.exe',''); QuarantineFile('C:\Program Files (x86)\App Lid\27dd2cff-98ce-4aaa-adb7-6ed77ffc8b9c-5.exe',''); DelBHO('{17177FAA-3830-43D3-A70B-FDE532676B1E}'); DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}'); DelBHO('{9f7ab9c4-4da3-440e-ba84-95903165f129}'); DelBHO('{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}'); DelBHO('{DEDCD400-D7C3-4B07-924F-50AE6CDAC183}'); DelBHO('{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}'); QuarantineFile('C:\ProgramData\YTAHelper\YTAHelper.dll',''); QuarantineFile('C:\Program Files (x86)\SearchSnacks_1.10.0.1\IE\SearchSnacksClientIE.dll',''); QuarantineFile('C:\ProgramData\ShopperPro\ShopperPro.dll',''); QuarantineFile('C:\Program Files (x86)\SourceApp\SourceAppbho.dll',''); QuarantineFile('C:\Program Files (x86)\ver8BlockAndSurf\190.dll',''); QuarantineFile('C:\Program Files (x86)\XTab\SupTab.dll',''); QuarantineFile('C:\Program Files (x86)\tooldev342\Weatherbar\TracersToolbarBHO_x86.dll',''); QuarantineFile('C:\Users\Uriy\AppData\Roaming\Browsers\exe.resworbefas.bat',''); QuarantineFile('C:\Users\Uriy\AppData\Roaming\Browsers\exe.erolpxei.bat',''); QuarantineFile('C:\Users\Uriy\AppData\Roaming\Browsers\exe.emorhc.bat',''); QuarantineFile('C:\Users\Uriy\AppData\Local\storegid\storegid.exe',''); QuarantineFile('C:\Users\Uriy\AppData\Local\Win_update\Win_update.exe',''); QuarantineFile('C:\Users\Uriy\AppData\Local\Microsoft\Extensions\safebrowser.exe',''); DeleteService('iSafeKrnlBoot'); SetServiceStart('{b40efc75-ad36-4607-9465-eb41963e9c42}Gw64', 4); DeleteService('{b40efc75-ad36-4607-9465-eb41963e9c42}Gw64'); SetServiceStart('{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64', 4); DeleteService('{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64'); SetServiceStart('{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64', 4); DeleteService('{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64'); SetServiceStart('webTinstMKTN', 4); DeleteService('webTinstMKTN'); SetServiceStart('storegidfilter', 4); DeleteService('storegidfilter'); SetServiceStart('ssnfd_1_10_0_1', 4); DeleteService('ssnfd_1_10_0_1'); SetServiceStart('SPDRIVER_1535.0.0.0', 4); DeleteService('SPDRIVER_1535.0.0.0'); SetServiceStart('SPBIUpdd', 4); DeleteService('SPBIUpdd'); SetServiceStart('iSafeNetFilter', 4); DeleteService('iSafeNetFilter'); SetServiceStart('iSafeKrnlR3', 4); DeleteService('iSafeKrnlR3'); SetServiceStart('iSafeKrnlMon', 4); DeleteService('iSafeKrnlMon'); SetServiceStart('iSafeKrnlKit', 4); DeleteService('iSafeKrnlKit'); SetServiceStart('iSafeKrnl', 4); DeleteService('iSafeKrnl'); QuarantineFile('C:\Windows\SysWOW64\lnsecsl.exe',''); DeleteService('Adobe Licensing Console'); SetServiceStart('YouTubeAcceleratorService', 4); DeleteService('YouTubeAcceleratorService'); SetServiceStart('vyvyvuky', 4); DeleteService('vyvyvuky'); SetServiceStart('Util SourceApp', 4); DeleteService('Util SourceApp'); SetServiceStart('Update SourceApp', 4); DeleteService('Update SourceApp'); SetServiceStart('sssvc_1.10.0.1', 4); DeleteService('sssvc_1.10.0.1'); SetServiceStart('SPBIUpd', 4); DeleteService('SPBIUpd'); SetServiceStart('sexegudu', 4); DeleteService('sexegudu'); SetServiceStart('jorolofe', 4); DeleteService('jorolofe'); SetServiceStart('iSafeService', 4); DeleteService('iSafeService'); SetServiceStart('IHProtect Service', 4); DeleteService('IHProtect Service'); SetServiceStart('BasementDuster', 4); DeleteService('BasementDuster'); QuarantineFile('C:\Windows\system32\drivers\{d9a4216a-aae1-4d14-ba35-ff234b3b627f}Gw64.sys',''); QuarantineFile('C:\Windows\system32\drivers\{b40efc75-ad36-4607-9465-eb41963e9c42}Gw64.sys',''); QuarantineFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys',''); QuarantineFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys',''); QuarantineFile('C:\Windows\system32\Drivers\webTinstMKTN.sys',''); QuarantineFile('C:\Windows\storegidfilter.sys',''); QuarantineFile('C:\Windows\system32\drivers\ssnfd_1_10_0_1.sys',''); QuarantineFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys',''); QuarantineFile('C:\Program Files (x86)\ShopperPro\JSDriver\1535.0.0.0\jsdrv.sys',''); QuarantineFile('C:\Program Files (x86)\YouTube Accelerator\engine.dll',''); QuarantineFile('C:\Program Files (x86)\XTab\IeWatchDog.dll',''); QuarantineFile('C:\Program Files (x86)\XTab\BrowerWatchCH.dll',''); TerminateProcessByName('c:\progra~2\youtub~1\youtubeacceleratorservice.exe'); QuarantineFile('c:\progra~2\youtub~1\youtubeacceleratorservice.exe',''); TerminateProcessByName('c:\program files (x86)\sourceapp\bin\utilsourceapp.exe'); QuarantineFile('c:\program files (x86)\sourceapp\bin\utilsourceapp.exe',''); TerminateProcessByName('c:\users\uriy\appdata\local\gmsd_ru_157\upgmsd_ru_157.exe'); QuarantineFile('c:\users\uriy\appdata\local\gmsd_ru_157\upgmsd_ru_157.exe',''); TerminateProcessByName('c:\program files (x86)\sourceapp\updatesourceapp.exe'); QuarantineFile('c:\program files (x86)\sourceapp\updatesourceapp.exe',''); TerminateProcessByName('c:\program files (x86)\searchsnacks_1.10.0.1\service\sssvc.exe'); QuarantineFile('c:\program files (x86)\searchsnacks_1.10.0.1\service\sssvc.exe',''); TerminateProcessByName('C:\Program Files\Common Files\ShopperPro\spbiu.exe'); QuarantineFile('C:\Program Files\Common Files\ShopperPro\spbiu.exe',''); TerminateProcessByName('C:\Program Files (x86)\SourceApp\bin\SourceApp.PurBrowse64.exe'); QuarantineFile('C:\Program Files (x86)\SourceApp\bin\SourceApp.PurBrowse64.exe',''); TerminateProcessByName('c:\program files (x86)\sourceapp\bin\sourceapp.expext.exe'); QuarantineFile('c:\program files (x86)\sourceapp\bin\sourceapp.expext.exe',''); TerminateProcessByName('C:\Program Files (x86)\SourceApp\bin\SourceApp.BrowserAdapter64.exe'); QuarantineFile('C:\Program Files (x86)\SourceApp\bin\SourceApp.BrowserAdapter64.exe',''); TerminateProcessByName('c:\program files (x86)\sourceapp\bin\sourceapp.browseradapter.exe'); QuarantineFile('c:\program files (x86)\sourceapp\bin\sourceapp.browseradapter.exe',''); TerminateProcessByName('c:\program files (x86)\sourceapp\bin\sourceapp.boashelper.exe'); QuarantineFile('c:\program files (x86)\sourceapp\bin\sourceapp.boashelper.exe',''); TerminateProcessByName('c:\users\uriy\appdata\local\smartweb\smartwebhelper.exe'); QuarantineFile('c:\users\uriy\appdata\local\smartweb\smartwebhelper.exe',''); TerminateProcessByName('c:\users\uriy\appdata\local\smartweb\smartwebapp.exe'); QuarantineFile('c:\users\uriy\appdata\local\smartweb\smartwebapp.exe',''); TerminateProcessByName('c:\program files (x86)\xtab\protectservice.exe'); QuarantineFile('c:\program files (x86)\xtab\protectservice.exe',''); TerminateProcessByName('c:\users\uriy\appdata\roaming\dac7f800-1425919730-81df-30d0-20cf301b0e94\nso1d3f.tmpfs'); QuarantineFile('c:\users\uriy\appdata\roaming\dac7f800-1425919730-81df-30d0-20cf301b0e94\nso1d3f.tmpfs',''); TerminateProcessByName('c:\program files (x86)\shopperpro\jsdriver\1535.0.0.0\jsdrv.exe'); QuarantineFile('c:\program files (x86)\shopperpro\jsdriver\1535.0.0.0\jsdrv.exe',''); TerminateProcessByName('c:\users\uriy\appdata\roaming\dac7f800-1425919730-81df-30d0-20cf301b0e94\jnsy7e67.tmp'); QuarantineFile('c:\users\uriy\appdata\roaming\dac7f800-1425919730-81df-30d0-20cf301b0e94\jnsy7e67.tmp',''); TerminateProcessByName('c:\users\uriy\appdata\local\dac7f800-1425936053-81df-30d0-20cf301b0e94\jnsvfab6.exe'); QuarantineFile('c:\users\uriy\appdata\local\dac7f800-1425936053-81df-30d0-20cf301b0e94\jnsvfab6.exe',''); TerminateProcessByName('c:\program files (x86)\ver8blockandsurf\j4blockandsurfj52.exe'); QuarantineFile('c:\program files (x86)\ver8blockandsurf\j4blockandsurfj52.exe',''); TerminateProcessByName('c:\program files (x86)\elex-tech\yac\isafesvc2.exe'); TerminateProcessByName('c:\program files (x86)\elex-tech\yac\isafetray.exe'); TerminateProcessByName('c:\program files (x86)\elex-tech\yac\isafesvc.exe'); TerminateProcessByName('c:\users\uriy\appdata\local\dac7f800-1425936053-81df-30d0-20cf301b0e94\insa9f.tmp'); QuarantineFile('c:\users\uriy\appdata\local\dac7f800-1425936053-81df-30d0-20cf301b0e94\insa9f.tmp',''); TerminateProcessByName('c:\program files (x86)\xtab\hpnotify.exe'); QuarantineFile('c:\program files (x86)\xtab\hpnotify.exe',''); TerminateProcessByName('c:\program files (x86)\gmsd_ru_157\gmsd_ru_157.exe'); QuarantineFile('c:\program files (x86)\gmsd_ru_157\gmsd_ru_157.exe',''); TerminateProcessByName('c:\program files (x86)\xtab\cmdshell.exe'); QuarantineFile('c:\program files (x86)\xtab\cmdshell.exe',''); TerminateProcessByName('c:\program files (x86)\ver8blockandsurf\blockandsurf.exe'); QuarantineFile('c:\program files (x86)\ver8blockandsurf\blockandsurf.exe',''); TerminateProcessByName('c:\program files (x86)\igs\basementduster.exe'); QuarantineFile('c:\program files (x86)\igs\basementduster.exe',''); TerminateProcessByName('c:\program files (x86)\anyprotectex\anyprotect.exe'); DeleteFile('c:\program files (x86)\anyprotectex\anyprotect.exe','32'); DeleteFile('c:\program files (x86)\igs\basementduster.exe','32'); DeleteFile('c:\program files (x86)\ver8blockandsurf\blockandsurf.exe','32'); DeleteFile('c:\program files (x86)\xtab\cmdshell.exe','32'); DeleteFile('c:\program files (x86)\gmsd_ru_157\gmsd_ru_157.exe','32'); DeleteFile('c:\program files (x86)\xtab\hpnotify.exe','32'); DeleteFile('c:\users\uriy\appdata\local\dac7f800-1425936053-81df-30d0-20cf301b0e94\insa9f.tmp','32'); DeleteFile('c:\program files (x86)\elex-tech\yac\isafesvc.exe','32'); DeleteFile('c:\program files (x86)\elex-tech\yac\isafetray.exe','32'); DeleteFile('c:\program files (x86)\elex-tech\yac\isafesvc2.exe','32'); DeleteFile('c:\program files (x86)\ver8blockandsurf\j4blockandsurfj52.exe','32'); DeleteFile('c:\users\uriy\appdata\local\dac7f800-1425936053-81df-30d0-20cf301b0e94\jnsvfab6.exe','32'); DeleteFile('c:\users\uriy\appdata\roaming\dac7f800-1425919730-81df-30d0-20cf301b0e94\jnsy7e67.tmp','32'); DeleteFile('c:\program files (x86)\shopperpro\jsdriver\1535.0.0.0\jsdrv.exe','32'); DeleteFile('c:\users\uriy\appdata\roaming\dac7f800-1425919730-81df-30d0-20cf301b0e94\nso1d3f.tmpfs','32'); DeleteFile('c:\program files (x86)\xtab\protectservice.exe','32'); DeleteFile('c:\users\uriy\appdata\local\smartweb\smartwebapp.exe','32'); DeleteFile('c:\users\uriy\appdata\local\smartweb\smartwebhelper.exe','32'); DeleteFile('c:\program files (x86)\sourceapp\bin\sourceapp.boashelper.exe','32'); DeleteFile('c:\program files (x86)\sourceapp\bin\sourceapp.browseradapter.exe','32'); DeleteFile('C:\Program Files (x86)\SourceApp\bin\SourceApp.BrowserAdapter64.exe','32'); DeleteFile('c:\program files (x86)\sourceapp\bin\sourceapp.expext.exe','32'); DeleteFile('C:\Program Files (x86)\SourceApp\bin\SourceApp.PurBrowse64.exe','32'); DeleteFile('C:\Program Files\Common Files\ShopperPro\spbiu.exe','32'); DeleteFile('c:\program files (x86)\searchsnacks_1.10.0.1\service\sssvc.exe','32'); DeleteFile('c:\program files (x86)\sourceapp\updatesourceapp.exe','32'); DeleteFile('c:\users\uriy\appdata\local\gmsd_ru_157\upgmsd_ru_157.exe','32'); DeleteFile('c:\program files (x86)\sourceapp\bin\utilsourceapp.exe','32'); DeleteFile('c:\progra~2\youtub~1\youtubeacceleratorservice.exe','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iCommon.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\ipcproxy.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeAdless.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafebs.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeCheckEngine.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeDisp.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeEngineBase.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMonCall.dll','32'); DeleteFile('C:\Program Files (x86)\XTab\BrowerWatchCH.dll','32'); DeleteFile('C:\Program Files (x86)\XTab\IeWatchDog.dll','32'); DeleteFile('C:\Program Files (x86)\YouTube Accelerator\engine.dll','32'); DeleteFile('C:\Program Files (x86)\YouTube Accelerator\helper.dll','32'); DeleteFile('C:\Program Files (x86)\YouTube Accelerator\ipc.dll','32'); DeleteFile('C:\Program Files (x86)\YouTube Accelerator\xmldb.dll','32'); DeleteFile('C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys','32'); DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys','32'); DeleteFile('C:\Windows\system32\DRIVERS\iSafeNetFilter.sys','32'); DeleteFile('C:\Program Files (x86)\ShopperPro\JSDriver\1535.0.0.0\jsdrv.sys','32'); DeleteFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys','32'); DeleteFile('C:\Windows\system32\drivers\ssnfd_1_10_0_1.sys','32'); DeleteFile('C:\Windows\storegidfilter.sys','32'); DeleteFile('C:\Windows\system32\Drivers\webTinstMKTN.sys','32'); DeleteFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys','32'); DeleteFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys','32'); DeleteFile('C:\Windows\system32\drivers\{b40efc75-ad36-4607-9465-eb41963e9c42}Gw64.sys','32'); DeleteFile('C:\Windows\system32\drivers\{d9a4216a-aae1-4d14-ba35-ff234b3b627f}Gw64.sys','32'); DeleteFile('C:\Windows\SysWOW64\lnsecsl.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SPDriver'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SPDriver'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_157'); DeleteFile('C:\Users\Uriy\AppData\Local\Microsoft\Extensions\safebrowser.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb'); DeleteFile('C:\Users\Uriy\AppData\Local\Win_update\Win_update.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_157.exe'); DeleteFile('C:\Users\Uriy\AppData\Local\storegid\storegid.exe','32'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','storegid'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','storegidUpdater'); DeleteFile('C:\Users\Uriy\AppData\Roaming\Browsers\exe.emorhc.bat','32'); DeleteFile('C:\Users\Uriy\AppData\Roaming\Browsers\exe.erolpxei.bat','32'); DeleteFile('C:\Users\Uriy\AppData\Roaming\Browsers\exe.resworbefas.bat','32'); DeleteFile('C:\Program Files (x86)\tooldev342\Weatherbar\TracersToolbarBHO_x86.dll','32'); DeleteFile('C:\Program Files (x86)\XTab\SupTab.dll','32'); DeleteFile('C:\Program Files (x86)\ver8BlockAndSurf\190.dll','32'); DeleteFile('C:\Program Files (x86)\SourceApp\SourceAppbho.dll','32'); DeleteFile('C:\ProgramData\ShopperPro\ShopperPro.dll','32'); DeleteFile('C:\Program Files (x86)\SearchSnacks_1.10.0.1\IE\SearchSnacksClientIE.dll','32'); DeleteFile('C:\ProgramData\YTAHelper\YTAHelper.dll','32'); DeleteFile('C:\Program Files (x86)\App Lid\27dd2cff-98ce-4aaa-adb7-6ed77ffc8b9c-5.exe','32'); DeleteFile('C:\Windows\Tasks\27dd2cff-98ce-4aaa-adb7-6ed77ffc8b9c-5.job','64'); DeleteFile('C:\Windows\Tasks\27dd2cff-98ce-4aaa-adb7-6ed77ffc8b9c-5_user.job','64'); DeleteFile('C:\Program Files (x86)\iWebar\4bed9f90-2c1c-4961-ac2b-7b08f3a91045-5.exe','32'); DeleteFile('C:\Windows\Tasks\4bed9f90-2c1c-4961-ac2b-7b08f3a91045-5.job','64'); DeleteFile('C:\Windows\Tasks\4bed9f90-2c1c-4961-ac2b-7b08f3a91045-5_user.job','64'); DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','64'); DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','64'); DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','64'); DeleteFile('C:\Windows\Tasks\BlockAndSurf Update.job','64'); DeleteFile('C:\Program Files (x86)\ver8BlockAndSurf\J4BlockAndSurfJ52.exe','32'); DeleteFile('C:\Windows\Tasks\de5d43b1-434e-442c-aa3c-eab5c7a1ed94-5.job','64'); DeleteFile('C:\Program Files (x86)\SensePlus\de5d43b1-434e-442c-aa3c-eab5c7a1ed94-5.exe','32'); DeleteFile('C:\Windows\Tasks\de5d43b1-434e-442c-aa3c-eab5c7a1ed94-5_user.job','64'); DeleteFile('C:\Windows\system32\Tasks\27dd2cff-98ce-4aaa-adb7-6ed77ffc8b9c-5','64'); DeleteFile('C:\Windows\system32\Tasks\4bed9f90-2c1c-4961-ac2b-7b08f3a91045-5','64'); DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64'); DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64'); DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64'); DeleteFile('C:\Windows\system32\Tasks\BlockAndSurf Update','64'); DeleteFile('C:\Windows\system32\Tasks\de5d43b1-434e-442c-aa3c-eab5c7a1ed94-5','64'); DeleteFile('C:\Windows\system32\Tasks\Safebrowser','64'); DeleteFile('C:\Windows\system32\Tasks\ShopperPro','64'); DeleteFile('C:\Windows\system32\Tasks\ShopperProJSUpd','64'); DeleteFile('C:\Program Files (x86)\ShopperPro\updater.exe','32'); DeleteFile('C:\Program Files (x86)\ShopperPro\ShopperPro.exe','32'); DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64'); DeleteFile('C:\Windows\system32\Tasks\SPBIW_UpdateTask_Time_313531323237313435342d235b783432415b45345a2d6c','64'); DeleteFile('C:\Windows\system32\Tasks\SPDriver','64'); BC_ImportAll; ExecuteSysClean; BC_Activate; ExecuteRepair(15); RebootWindows(false); end.
Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи по правилам
Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
- Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
- Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".
- Нажмите кнопку Scan.
- После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
- Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.
Последний раз редактировалось thyrex; 11.03.2015 в 22:59.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Скрипт в AVZ не выполнился. Пишет "Ошибка: ";" expected в позиции 269:1".
Поправил скрипт AVZ
Выполните, сделайте новые логи по правилам и новые логи FRST
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Сделано.
- Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку, откуда была запущена утилита Farbar Recovery Scan Tool:
Код:CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ru-ru/?ocid=iehp HKU\S-1-5-21-2864746421-381218595-2960099119-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=467f6677aa87dee6d2f1fb3ba7c3081c&text={searchTerms} HKU\S-1-5-21-2864746421-381218595-2960099119-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A HKU\S-1-5-21-2864746421-381218595-2960099119-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/ HKU\S-1-5-21-2864746421-381218595-2960099119-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=467f6677aa87dee6d2f1fb3ba7c3081c&text={searchTerms} HKU\S-1-5-21-2864746421-381218595-2960099119-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1425926055&from=smt&uid=3219913727_67194_C056E86A&q={searchTerms} SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1421979608&from=zbd1&uid=3219913727_67194_c056e86a&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> 53CE46A64EC576ABB680D3119F391BC7 URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> B4EB623CE919A502C7ADC27E9C41C341 URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2864746421-381218595-2960099119-1003 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=3219913727_67194_C056E86A&ts=1425926072&type=default&q={searchTerms} BHO: BlockAndSurf -> {488DBF46-B8FF-32F4-7C40-F09EB95D0BA7} -> C:\Program Files (x86)\ver8BlockAndSurf\190_x64.dll [2015-03-09] () BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-03-08] (Goobzo Ltd.) BHO: Weatherbar x64 Class -> {B0B85626-F9B4-47C0-9151-FB9A45ABCD37} -> C:\Program Files\tooldev342\Weatherbar\\TracersToolbarBHO_x64.dll No File BHO: SearchSnacks -> {DEDCD400-D7C3-4B07-924F-50AE6CDAC183} -> C:\Program Files\SearchSnacks_1.10.0.1\IE\SearchSnacksClientIE.dll [2014-10-15] (Search Snacks) BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll [2014-07-10] (Goobzo Ltd.) BHO-x32: BlockAndSurf -> {488DBF46-B8FF-32F4-7C40-F09EB95D0BA7} -> C:\Program Files (x86)\ver8BlockAndSurf\190.dll No File FF Extension: Internet Helper - C:\Users\Uriy\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\helper@helper [2015-01-23] FF HKU\S-1-5-21-2864746421-381218595-2960099119-1003\...\Firefox\Extensions: [{941122D7-4137-093A-554C-C6E8A40B1C12}] - C:\Program Files (x86)\ver8BlockAndSurf\190.xpi FF Extension: BlockAndSurf - C:\Program Files (x86)\ver8BlockAndSurf\190.xpi [2015-03-09] CHR Extension: (SourceApp) - C:\Users\Uriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmlkgogckfdbgcbmhgialcpbgphofeop [2015-03-10] CHR Extension: (Internet Helper) - C:\Users\Uriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgncmfemcgcpdmchnenmkgfdpedokgo [2015-01-23] CHR Extension: (No Name) - C:\Users\Uriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndildgiecifhjfjkclckagdbhmiiemo [2015-03-09] CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Uriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-23] CHR HKLM-x32\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - No Path Or update_url value CHR HKLM-x32\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Uriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-23] CHR HKLM-x32\...\Chrome\Extension: [pchfckkccldkbclgdepkaonamkignanh] - http://clients2.google.com/service/update2/crx R1 {d9a4216a-aae1-4d14-ba35-ff234b3b627f}Gw64; C:\Windows\System32\drivers\{d9a4216a-aae1-4d14-ba35-ff234b3b627f}Gw64.sys [48784 2015-03-09] (StdLib) 2015-03-11 23:58 - 2015-03-11 23:58 - 00000258 __RSH () C:\Users\Все пользователи\ntuser.pol 2015-03-11 23:58 - 2015-03-11 23:58 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2015-03-11 17:22 - 2015-03-11 17:21 - 00613255 _____ (CMI Limited) C:\Users\Uriy\AppData\Local\nsc2241.tmp 2015-03-11 16:24 - 2015-03-11 17:34 - 00001047 _____ () C:\Users\Uriy\Desktop\AnyProtect.lnk 2015-03-11 16:24 - 2015-03-11 16:24 - 00000000 ____D () C:\Users\Uriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2015-03-11 16:20 - 2015-03-11 23:19 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2015-03-11 16:20 - 2015-03-11 16:20 - 00613255 _____ (CMI Limited) C:\Users\Uriy\AppData\Local\nsm5EA5.tmp 2015-03-11 15:41 - 2015-03-11 05:14 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{b40efc75-ad36-4607-9465-eb41963e9c42}Gw64.sys 2015-03-11 13:48 - 2015-03-11 13:48 - 00000000 _____ () C:\BF45.tmp 2015-03-10 13:37 - 2015-03-10 13:37 - 00000000 ____D () C:\Users\Uriy\AppData\Local\Apps\2.0 2015-03-10 03:05 - 2015-03-10 03:05 - 00613255 _____ (CMI Limited) C:\Users\Uriy\AppData\Local\nsa9F5D.tmp 2015-03-09 21:55 - 2015-03-11 23:17 - 00000000 ____D () C:\Program Files (x86)\iWebar 2015-03-09 21:55 - 2015-03-09 21:55 - 00000000 ____D () C:\Users\Uriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2015-03-09 21:55 - 2015-03-09 21:55 - 00000000 ____D () C:\Users\Uriy\AppData\Local\WebPlayer 2015-03-09 21:55 - 2015-03-09 01:15 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{d9a4216a-aae1-4d14-ba35-ff234b3b627f}Gw64.sys 2015-03-09 21:54 - 2015-03-09 21:54 - 00000000 ____D () C:\Program Files (x86)\SensePlus 2015-03-09 21:54 - 2015-03-09 21:54 - 00000000 ____D () C:\Program Files (x86)\App Lid 2015-03-09 21:51 - 2015-03-11 23:17 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro 2015-03-09 21:50 - 2015-03-11 23:17 - 00000000 ____D () C:\Program Files (x86)\ShopperPro 2015-03-09 21:50 - 2015-03-09 21:51 - 00000000 ____D () C:\Users\Все пользователи\ShopperPro 2015-03-09 21:50 - 2015-03-09 21:51 - 00000000 ____D () C:\ProgramData\ShopperPro 2015-03-09 21:50 - 2015-03-09 21:50 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro 2015-03-09 21:43 - 2015-03-11 23:17 - 00000000 ____D () C:\Program Files (x86)\SourceApp 2015-03-09 21:41 - 2015-03-09 21:41 - 00003440 _____ () C:\Windows\System32\Tasks\YTAUpdate 2015-03-09 21:41 - 2015-03-09 21:41 - 00003254 _____ () C:\Windows\System32\Tasks\YTAUpdate_logon 2015-03-09 21:41 - 2015-03-09 21:41 - 00000000 ____D () C:\Users\Все пользователи\YTAHelper 2015-03-09 21:41 - 2015-03-09 21:41 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper 2015-03-09 21:41 - 2015-03-09 21:41 - 00000000 ____D () C:\ProgramData\YTAHelper 2015-03-09 21:41 - 2015-03-09 21:41 - 00000000 ____D () C:\Program Files (x86)\YTAHelper 2015-03-09 21:40 - 2015-03-09 21:40 - 00001148 _____ () C:\Users\Гость\Desktop\YouTube Accelerator.lnk 2015-03-09 21:40 - 2015-03-09 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator 2015-03-09 21:39 - 2015-03-11 23:19 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator 2015-03-09 21:34 - 2015-03-11 23:17 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Users\Все пользователи\IHProtectUpDate 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-03-09 21:31 - 2015-03-09 21:31 - 00613255 _____ (CMI Limited) C:\Users\Uriy\AppData\Local\nseFBA2.tmp 2015-03-09 21:31 - 2015-03-09 21:31 - 00000000 __SHD () C:\Users\Uriy\AppData\Roaming\AnyProtectEx 2015-03-09 21:29 - 2015-03-11 23:17 - 00000000 ____D () C:\Program Files (x86)\ver8BlockAndSurf 2015-03-09 21:29 - 2015-03-09 21:29 - 00050800 _____ () C:\Windows\system32\Drivers\webTinstMKTN.sys 2015-03-09 21:29 - 2015-03-09 21:29 - 00001866 _____ () C:\Windows\patsearch.bin 2015-03-09 21:29 - 2015-03-09 21:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf 2015-03-09 21:29 - 2015-03-09 21:29 - 00000000 ____D () C:\Users\Uriy\AppData\Roaming\mystartsearch 2015-03-09 21:23 - 2015-03-11 16:39 - 00008656 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini 2015-03-09 21:23 - 2015-03-11 16:39 - 00008656 _____ () C:\Windows\system32\BasementDusterOff.ini 2015-03-09 21:22 - 2015-03-09 21:22 - 00000000 ____D () C:\Program Files (x86)\IGS 2015-03-09 21:20 - 2015-03-11 23:17 - 00000000 ____D () C:\Users\Uriy\AppData\Local\DAC7F800-1425936053-81DF-30D0-20CF301B0E94 2015-03-09 21:15 - 2015-03-11 23:17 - 00000000 ____D () C:\Users\Uriy\AppData\Local\SmartWeb 2015-03-09 21:15 - 2015-03-11 19:55 - 00000000 ____D () C:\Users\Uriy\AppData\Local\gmsd_ru_157 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\Program Files (x86)\gmsd_ru_157 2015-03-09 20:32 - 2015-03-09 20:32 - 00000000 ____D () C:\Users\Все пользователи\Reimage Protector 2015-03-09 20:32 - 2015-03-09 20:32 - 00000000 ____D () C:\ProgramData\Reimage Protector 2015-03-09 20:31 - 2015-03-09 20:31 - 00000000 ____D () C:\rei 2015-03-09 19:48 - 2015-03-11 23:17 - 00000000 ____D () C:\Users\Uriy\AppData\Roaming\DAC7F800-1425919730-81DF-30D0-20CF301B0E94 2015-03-09 19:48 - 2015-03-09 19:48 - 00000000 ____D () C:\Users\Uriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2015-03-09 19:44 - 2015-03-11 23:17 - 00000000 ____D () C:\Users\Uriy\AppData\Roaming\Browsers 2015-03-09 19:44 - 2015-03-09 19:45 - 00000000 ____D () C:\Program Files (x86)\Application Assistance 2015-03-10 13:41 - 2014-09-12 09:53 - 00000000 ____D () C:\Users\Uriy\AppData\Local\Amigo C:\Users\Uriy\AppData\Local\Temp\AEDE187A-0922-F80D-8F78-9100E2A5DC6E.dll C:\Users\Uriy\AppData\Local\Temp\AEDE187A-0922-F80D-8F78-9100E2A5DC6E.exe C:\Users\Uriy\AppData\Local\Temp\AmigoDistrib.exe C:\Users\Uriy\AppData\Local\Temp\amigo_setup.exe C:\Users\Uriy\AppData\Local\Temp\appshat_generic.exe C:\Users\Uriy\AppData\Local\Temp\bitool.dll C:\Users\Uriy\AppData\Local\Temp\cabex.dll C:\Users\Uriy\AppData\Local\Temp\E472837F-20C6-45F5-ABB3-00F1EB7692C6.exe C:\Users\Uriy\AppData\Local\Temp\eFixProPackage.exe C:\Users\Uriy\AppData\Local\Temp\iclmbrowser.exe C:\Users\Uriy\AppData\Local\Temp\[email protected] C:\Users\Uriy\AppData\Local\Temp\lite_installer.exe C:\Users\Uriy\AppData\Local\Temp\mailruhomesearchvbm.exe C:\Users\Uriy\AppData\Local\Temp\pps-qq-19.exe C:\Users\Uriy\AppData\Local\Temp\qweee.exe C:\Users\Uriy\AppData\Local\Temp\sender.exe C:\Users\Uriy\AppData\Local\Temp\smt_mystartsearch.exe C:\Users\Uriy\AppData\Local\Temp\SpOrder.dll C:\Users\Uriy\AppData\Local\Temp\unelevate.exe C:\Users\Uriy\AppData\Local\Temp\Uninstall.exe C:\Users\Uriy\AppData\Local\Temp\UniProtectorPackage.exe C:\Users\Uriy\AppData\Local\Temp\UUCB04B.exe C:\Users\Uriy\AppData\Local\Temp\UUCEE64.exe C:\Users\Uriy\AppData\Local\Temp\vuupc.exe C:\Users\Uriy\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe Reboot:- Запустите FRST, нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
- Обратите внимание, что компьютер будет перезагружен.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Сделано.
Что с проблемой?
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Все вроде работает. Спасибо!
Уважаемый(ая) -Mikl_V-, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.