Появилась какая-то программа с китайскими иероглифами, постоянно висит в правом нижнем углу рабочего стола. Ее не получается удалить.
Появилась какая-то программа с китайскими иероглифами, постоянно висит в правом нижнем углу рабочего стола. Ее не получается удалить.
Уважаемый(ая) Nikolay61, спасибо за обращение на наш форум!
Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Выполните скрипт в AVZ
Будет выполнена перезагрузка компьютера.Код:begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); if not IsWOW64 then begin SearchRootkit(true, true); SetAVZGuardStatus(True); end; QuarantineFile('C:\Users\Николай\appdata\local\smartweb\__u.exe',''); QuarantineFile('C:\Users\Николай\AppData\Local\SystemMonitor2016\3874491137.exe',''); QuarantineFile('C:\Users\Николай\AppData\Local\Hostinstaller\3874491137_installcube.exe',''); QuarantineFile('C:\Users\Николай\AppData\Local\SmartWeb\SmartWebHelper.exe',''); DelCLSID('{63332668-8CE1-445D-A5EE-25929176714E}'); QuarantineFile('C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe',''); QuarantineFile('C:\Program Files (x86)\Hostify\idsccom_EG8.exe',''); QuarantineFile('C:\Program Files (x86)\Hostify\idsccom_CWC.exe',''); QuarantineFile('C:\Program Files (x86)\Hostify\idsccom_8CL.exe',''); QuarantineFile('C:\Program Files (x86)\Hostify\idsccom_0K0.exe',''); QuarantineFile('C:\Program Files (x86)\Hostify\idsccom_3MZ.exe',''); QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe',''); QuarantineFile('C:\Users\Николай\AppData\Roaming\MyDesktop\qweeeCL.exe',''); QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe',''); QuarantineFile('C:\Program Files (x86)\SunnyDay21\SunnyDay.exe',''); SetServiceStart('QMUdisk', 4); SetServiceStart('QQSysMonX64', 4); SetServiceStart('SRepairDrv', 4); SetServiceStart('TAOAccelerator', 4); SetServiceStart('TAOKernelDriver', 4); SetServiceStart('TFsFlt', 4); SetServiceStart('TS888x64', 4); SetServiceStart('tsnethlpx64', 4); SetServiceStart('TSSysKit', 4); DeleteService('TSSKX64'); DeleteService('TSSysKit'); DeleteService('tsnethlpx64'); DeleteService('TS888x64'); DeleteService('TFsFlt'); DeleteService('TAOKernelDriver'); DeleteService('TAOAccelerator'); DeleteService('SRepairDrv'); DeleteService('QQSysMonX64'); DeleteService('QMUdisk'); SetServiceStart('QQPCRTP', 4); DeleteService('QQPCRTP'); DeleteService('WdMan'); DeleteService('voriboby'); DeleteService('Winsere'); DeleteService('wucotusy'); DeleteService('zutuzuni'); QuarantineFile('C:\Program Files (x86)\00000000-1451148427-0000-0000-6CF0490AAD59\jnsdE103.tmp',''); QuarantineFile('C:\Program Files (x86)\00000000-1451148427-0000-0000-6CF0490AAD59\hnstF9C3.tmp',''); QuarantineFile('C:\Program Files (x86)\Winsere\Winsere\Winsere.exe',''); QuarantineFile('C:\Program Files (x86)\00000000-1451148427-0000-0000-6CF0490AAD59\knstC85F.tmpfs',''); QuarantineFile('C:\Users\Николай\AppData\Local\Virtual Ball\{1A8BA432-EAC8-3751-44B1-CFB487010A5A}\bdgz.dll',''); QuarantineFile('C:\Users\Николай\AppData\Local\Virtual Ball\{1A8BA432-EAC8-3751-44B1-CFB487010A5A}\VirtualBall.dll',''); QuarantineFile('C:\Users\Николай\AppData\Local\Virtual Ball\{1A8BA432-EAC8-3751-44B1-CFB487010A5A}\{055D8A01-DA90-9276-5378-1F84B49A3B76}.dat',''); TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmdl.exe'); TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\plugins\qmnetmon\qqpcnetflow.exe'); TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qqpcrealtimespeedup.exe'); TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qqpcrtp.exe'); TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qqpctray.exe'); TerminateProcessByName('c:\programdata\3wdm3\wdman.exe'); QuarantineFile('c:\programdata\3wdm3\wdman.exe',''); TerminateProcessByName('C:\Program Files (x86)\sunnyday\otutnetwork.exe'); QuarantineFile('C:\Program Files (x86)\sunnyday\otutnetwork.exe',''); DeleteFile('C:\Program Files (x86)\sunnyday\otutnetwork.exe','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmdl.exe','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\plugins\qmnetmon\qqpcnetflow.exe','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qqpcrealtimespeedup.exe','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qqpcrtp.exe','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qqpctray.exe','32'); DeleteFile('c:\programdata\3wdm3\wdman.exe','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\7z.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\AndroidAssistHelper.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\AndroidServer\1.0.0.510\AndroidDevice.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\AndroidServer\1.0.0.510\NetworkMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\AndroidServer\1.0.0.510\QQPMIpc.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\AndroidServer\1.0.0.510\Sdkclient.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\arkGraphic.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\CheckSysHung.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Common.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\communic.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\dr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GameUpgrade.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GarbageCleaner.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GF.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GFCustom.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GFFtsysCustom.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\gjdatareport.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\jgImage.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\jgIOStub.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\MemDefrag.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\MobileSoftMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\NetflowMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\oDayProtect.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Plugins\HPScanUIPlugin\HPScanUIPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMBDScanner.dat','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMCloudInter\QMCloudInter.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMHipsEngine.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\arkGraphic.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\Common.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\GF.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\jgImage.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\jgIOStub.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\tinyxml.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\xGraphic32.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMonPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMRepairPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ProcessManager.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ptrate.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAntiInject.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAssocScan.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAVProxy.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCommon.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDlder.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDns.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMEmMat.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMExt.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMFileMon.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMForbiddenWinKey.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMHIPSHeart.dll','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmhipslogpolicy.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMHIPSPolicyEng.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMIEPlus.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMIESAFEDLL.DLL','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMInfoEng.DLL','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMInjectUtils.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMIpc.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMLoader\QQPCDetector_Spsc.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMMain.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMNetworkMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMPluginMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRtpCheck.dll','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmrtpcontroller.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRtpDLL.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSafeBoxHelperDll.dll','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmscripthost.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSkinMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSpeedupPlugin\SpeedupRocket\SpeedupRocket.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSSO\Bin\SSOCommon.DLL','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSSO\Bin\SSOLUIControl.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSSO\Bin\SSOPlatform.dll','32'); DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmsysrepprov.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\GameUpgradeTrayPlugin\GameUpgradeTrayPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMAutoTaskPlugin\QMAutoTaskPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupExposure.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupGiftBagMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\SpeedupMsg.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMBJTrayPlugin\QMBJTrayPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMClinicTrayPlugin\QMClinicTrayPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMCmcTrayPlugin\QMCmcTrayPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMDnsMonitor\QMDnsMonitor.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMHwFloatWnd\QMHwFloatWnd.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMKCheck\QMKCheck.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMLogCtrl\QMLogCtrl.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMMobileTrayPlugin\QMMobileTrayPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMNewsTips\QMNewsTips.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMPerfCtrl\QMPerf.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMPerfCtrl\QMPerfCtrl.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMPreDownload\QMPreDownload.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMQQLoginPlugin\QMQQLoginPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMRtpPlugin\QMRtpPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMSccTrayPlugin\QMSccTrayPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMSoftPlugin\QMSoftPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMSpecTips\QMSpecTips.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMStartupMonitorNotify\QMStartupMonitorNotify.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMSwitchesMgrPlugin\QMSwitchesMgrPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMSXTrayPlugin\QMSXTrayPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMTPIEStartPage\QMTPIEStartPage.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMTrojanPlugin\QMTrojanPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMUDiskMgr\QMUDiskMgr.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMUpdateModule\QMUpdateModule.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMVulPlugin\QMVulPlugin.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmtrayplugin\QMWebFWCtrl\QMWebFWCtrl.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QmTtInterface.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUl.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMWlanMacDll.dll','32'); DeleteFile('C:\Users\Николай\AppData\Local\Virtual Ball\{1A8BA432-EAC8-3751-44B1-CFB487010A5A}\{055D8A01-DA90-9276-5378-1F84B49A3B76}.dat','32'); DeleteFile('C:\Users\Николай\AppData\Local\Virtual Ball\{1A8BA432-EAC8-3751-44B1-CFB487010A5A}\VirtualBall.dll','32'); DeleteFile('C:\Users\Николай\AppData\Local\Virtual Ball\{1A8BA432-EAC8-3751-44B1-CFB487010A5A}\bdgz.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\xImage.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\xGraphic32.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSZip.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKitProxy.dll','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv','32'); DeleteFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys','32'); DeleteFile('C:\Windows\system32\Drivers\TAOKernel64.sys','32'); DeleteFile('C:\Windows\system32\Drivers\TFsFltX64.sys','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys','32'); DeleteFile('C:\Program Files (x86)\00000000-1451148427-0000-0000-6CF0490AAD59\knstC85F.tmpfs','32'); DeleteFile('C:\Program Files (x86)\Winsere\Winsere\Winsere.exe','32'); DeleteFile('C:\Program Files (x86)\00000000-1451148427-0000-0000-6CF0490AAD59\hnstF9C3.tmp','32'); DeleteFile('C:\Program Files (x86)\00000000-1451148427-0000-0000-6CF0490AAD59\jnsdE103.tmp','32'); DeleteFile('C:\Program Files (x86)\SunnyDay21\SunnyDay.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sun21'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','QQPCTray'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MyDesktop'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','svchost0'); DeleteFile('C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe','32'); DeleteFile('C:\Users\Николай\AppData\Roaming\MyDesktop\qweeeCL.exe','32'); DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextScan.dll','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{63332668-8CE1-445D-A5EE-25929176714E}'); DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','32'); DeleteFile('C:\Program Files (x86)\Hostify\idsccom_3MZ.exe','32'); DeleteFile('C:\Program Files (x86)\Hostify\idsccom_0K0.exe','32'); DeleteFile('C:\Program Files (x86)\Hostify\idsccom_8CL.exe','32'); DeleteFile('C:\Program Files (x86)\Hostify\idsccom_CWC.exe','32'); DeleteFile('C:\Program Files (x86)\Hostify\idsccom_EG8.exe','32'); DeleteFile('C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_LWWC1'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','WINDOWS_SCREEN_MANAGER_UPDATER_1'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','IDSCCOMEG8'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','IDSCCOMCWC'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','IDSCCOM8CL'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','IDSCCOM0K0'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','IDSCCOM3MZ'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SpaceSoundPro'); DeleteFile('C:\Users\Николай\AppData\Local\SmartWeb\SmartWebHelper.exe','32'); DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64'); DeleteFile('C:\Users\Николай\AppData\Local\Hostinstaller\3874491137_installcube.exe','32'); DeleteFile('C:\Users\Николай\AppData\Local\SystemMonitor2016\3874491137.exe','32'); DeleteFile('C:\Windows\system32\Tasks\Soft installer','64'); DeleteFile('C:\Windows\system32\Tasks\SystemMonitor2016','64'); DeleteFile('C:\Windows\system32\Tasks\Virtual Ball','64'); DeleteFile('C:\Windows\system32\Tasks\Virtual Ball2','64'); DeleteFile('C:\Windows\system32\Tasks\WinTaske','64'); DeleteFile('C:\Windows\system32\Tasks\{CB33B363-6A5F-45ED-BB11-D6C02113E6CE}','64'); DeleteFile('C:\Users\Николай\appdata\local\smartweb\__u.exe','32'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(false); end.
Выполните скрипт в AVZ
c:\quarantine.zip пришлите по красной ссылке Прислать запрошенный карантин над первым сообщением в Вашей теме.Код:begin CreateQurantineArchive('c:\quarantine.zip'); end.
Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Вы получили мой карантин?
Последний раз редактировалось Nikolay61; 10.04.2016 в 13:59.
Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
- Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
2. Убедитесь, что в окне Optional Scan отмечены List BCD, Driver MD5 и 90 Days Files.
3. Нажмите кнопку Scan.
4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа.
5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt).
6. Полученные в пп. 4 и 5 логи заархивируйте (в один архив) и прикрепите к сообщению.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
архив
Внимание
Выполнять написанное ниже в БЕЗОПАСНОМ режиме
1. Откройте Блокнот и скопируйте в него приведенный ниже текст
2. Нажмите Файл – Сохранить какКод:CreateRestorePoint: HKLM-x32\...\Run: [gmsd_ru_005010188] => [X] HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-04-09] (Tencent) ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll [2016-04-09] (Tencent) ProxyServer: [S-1-5-21-114433863-1215090012-1946796935-1001] => http=localhost:5050 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1457963637&z=7f2013c660237c67a804addg9z5wcm8taq0c5qacbm&from=wpm0314&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.l114la.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1452247798&z=87daf105aaa88a281647965g3z3w3o6obz0m6bbe6t&from=wpm01073&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1452247798&z=87daf105aaa88a281647965g3z3w3o6obz0m6bbe6t&from=wpm01073&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457963637&z=7f2013c660237c67a804addg9z5wcm8taq0c5qacbm&from=wpm0314&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457963637&z=7f2013c660237c67a804addg9z5wcm8taq0c5qacbm&from=wpm0314&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1452247798&z=87daf105aaa88a281647965g3z3w3o6obz0m6bbe6t&from=wpm01073&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1452247798&z=87daf105aaa88a281647965g3z3w3o6obz0m6bbe6t&from=wpm01073&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607&q={searchTerms} HKU\S-1-5-21-114433863-1215090012-1946796935-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqPtD4YKNNDe8_k3_XfHdIuvGbJR2xITIcXeTUcxRmqUtf0BnYYlMcf9MIAQFEf445PvqW9Kzvom7p0pjs1yfQl_G6jY18EUoXQoMHfvBRoZ_iCZuUqGTBPcf5D97X1vMJlq1X8OEs24jvHBEG4D7U0lxsYL0Vp_XUvUxMmvWgo,&q={searchTerms} HKU\S-1-5-21-114433863-1215090012-1946796935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.l114la.com HKU\S-1-5-21-114433863-1215090012-1946796935-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457963637&z=7f2013c660237c67a804addg9z5wcm8taq0c5qacbm&from=wpm0314&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607 HKU\S-1-5-21-114433863-1215090012-1946796935-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1457963637&z=7f2013c660237c67a804addg9z5wcm8taq0c5qacbm&from=wpm0314&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607&q={searchTerms} HKU\S-1-5-21-114433863-1215090012-1946796935-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqPtD4YKNNDe8_k3_XfHdIuvGbJR2xITIcXeTUcxRmqUtf0BnYYlMcf9MIAQFEf445PvqW9Kzvom7p0pjs1yfQl_G6jY18EUoXQoMHfvBRoZ_iCZuUqGTBPcf5D97X1vMJlq1X8OEs24jvHBEG4D7U0lxsYL0Vp_XUvUxMmvWgo,&q={searchTerms} HKU\S-1-5-21-114433863-1215090012-1946796935-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqPtD4YKNNDe8_k3_XfHdIuvGbJR2xITIcXeTUcxRmqUtf0BnYYlMcf9MIAQFEf445PvqW9Kzvom7p0pjs1yfQl_G6jY18EUoXQoMHfvBRoZ_iCZuUqGTBPcf5D97X1vMJlq1X8OEs24jvHBEG4D7U0lxsYL0Vp_XUvUxMmvWgo,&q={searchTerms} SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqPtD4YKNNDe8_k3_XfHdIuvGbJR2xITIcXeTUcxRmqUtf0BnYYlMcf9MIAQFEf445PvqW9Kzvom7p0pjs1yfQl_G6jY18EUoXQoMHfvBRoZ_iCZuUqGTBPcf5D97X1vMJlq1X8OEs24jvHBEG4D7U0lxsYL0Vp_XUvUxMmvWgo,&q={searchTerms} SearchScopes: HKU\S-1-5-21-114433863-1215090012-1946796935-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457963637&z=7f2013c660237c67a804addg9z5wcm8taq0c5qacbm&from=wpm0314&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607&q={searchTerms} SearchScopes: HKU\S-1-5-21-114433863-1215090012-1946796935-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqPtD4YKNNDe8_k3_XfHdIuvGbJR2xITIcXeTUcxRmqUtf0BnYYlMcf9MIAQFEf445PvqW9Kzvom7p0pjs1yfQl_G6jY18EUoXQoMHfvBRoZ_iCZuUqGTBPcf5D97X1vMJlq1X8OEs24jvHBEG4D7U0lxsYL0Vp_XUvUxMmvWgo,&q={searchTerms} BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat [2016-04-09] (Tencent) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1451150725&z=91125ebd3b852898de6d187gdz2w8g0gbw7eem9cem&from=cmi&uid=SAMSUNGXHD103SI_S1VSJ9BSB10607 CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bhbldcgbjblipegbeclmcnnddnopnhjm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx OPR Extension: (SuperMegaBest - find best prices) - C:\Users\Николай\AppData\Roaming\Opera Software\Opera Stable\Extensions\cbbpicnbcjaeeenbmilcnaojfgnmlhhb [2016-01-22] R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-04-09] (Tencent) U2 QQRepair1d34; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1d34 [136512 2016-04-10] () S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-04-10] () S2 QQRepair166f; "C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair166f" [X] S2 QQRepair395; "C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair395" [X] R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [184536 2016-03-02] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys [138488 2016-04-09] (电脑管家) R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [35064 2016-04-09] (Tencent) R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-04-10] () R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent) R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [137976 2016-04-09] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87800 2016-04-09] (电脑管家) R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys [38520 2016-04-10] (Tencent) R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys [28984 2016-04-09] (Tencent) R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [48376 2016-04-09] () S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45304 2016-04-09] (电脑管家) R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys [87288 2016-04-09] (电脑管家) 2016-04-09 13:07 - 2016-04-09 13:07 - 00000000 ____D C:\Users\Николай\AppData\Local\Tencent 2016-04-09 13:06 - 2016-04-09 13:07 - 45333760 _____ (Tencent Inc.) C:\Users\Николай\AppData\Roaming\TXQBINSTX.EXE 2016-04-09 12:40 - 2016-04-10 13:22 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys 2016-04-09 12:07 - 2016-04-10 13:22 - 00000000 ____D C:\Users\Все пользователи\TXQMPC 2016-04-09 12:07 - 2016-04-10 13:22 - 00000000 ____D C:\ProgramData\TXQMPC 2016-04-09 12:07 - 2016-04-09 12:07 - 00005120 _____ C:\Users\Николай\AppData\Roaming\GiftBag.db 2016-04-09 12:07 - 2016-04-09 12:07 - 00000000 ____D C:\Program Files\Common Files\Tencent 2016-04-09 12:07 - 2016-04-09 12:06 - 00137976 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys 2016-04-09 12:07 - 2016-04-09 12:06 - 00045304 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys 2016-04-09 12:07 - 2016-03-15 18:28 - 00101472 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys 2016-04-09 12:06 - 2016-04-09 15:36 - 00000000 ____D C:\Program Files (x86)\Tencent 2016-04-09 12:06 - 2016-04-09 13:07 - 00000000 ____D C:\Users\Николай\AppData\Roaming\Tencent 2016-04-09 12:06 - 2016-04-09 12:21 - 00000000 ____D C:\Users\Все пользователи\Tencent 2016-04-09 12:06 - 2016-04-09 12:21 - 00000000 ____D C:\ProgramData\Tencent 2016-04-09 12:06 - 2016-04-09 12:06 - 00087800 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2016-04-09 11:40 - 2016-04-09 11:40 - 00000000 ____D C:\Users\Николай\AppData\Local\UCBrowser 2016-04-09 09:15 - 2016-04-09 09:15 - 00000000 ____D C:\Users\Николай\AppData\Local\rec_ru_247 2016-04-09 09:12 - 2016-04-09 12:08 - 00000000 ____D C:\Users\Николай\AppData\Local\SunnyDay21 2016-04-05 17:45 - 2016-04-05 17:45 - 00002401 _____ C:\Windows\SysWOW64\findit.xml 2016-03-17 19:10 - 2016-04-10 12:45 - 00000000 ____D C:\Users\Все пользователи\3WdM3 2016-03-17 19:10 - 2016-04-10 12:45 - 00000000 ____D C:\ProgramData\3WdM3 2016-01-22 19:41 - 2016-04-10 12:45 - 00000000 ____D C:\Users\Николай\AppData\Local\SystemMonitor2016 C:\Users\Николай\AppData\Local\Temp\0S0IK6RJPC.exe C:\Users\Николай\AppData\Local\Temp\23333.exe C:\Users\Николай\AppData\Local\Temp\2ZLU38V3PN.exe C:\Users\Николай\AppData\Local\Temp\4GIZ7SG7SE.exe C:\Users\Николай\AppData\Local\Temp\7QJLDSYI2J.exe C:\Users\Николай\AppData\Local\Temp\86E3F8R2SW.exe C:\Users\Николай\AppData\Local\Temp\AmigoDistrib.exe C:\Users\Николай\AppData\Local\Temp\AU3BNOA78S.exe C:\Users\Николай\AppData\Local\Temp\Browser_V5.6.11466.7_r_4728_(Build1603281525).exe C:\Users\Николай\AppData\Local\Temp\downloader.exe C:\Users\Николай\AppData\Local\Temp\EY89T0MTA7.exe C:\Users\Николай\AppData\Local\Temp\FYDNPQ89TD.exe C:\Users\Николай\AppData\Local\Temp\GB8KGFNSM6.exe C:\Users\Николай\AppData\Local\Temp\HDRHRDMP4T.exe C:\Users\Николай\AppData\Local\Temp\HE73HIPR0A.exe C:\Users\Николай\AppData\Local\Temp\IANQINAW7B.exe C:\Users\Николай\AppData\Local\Temp\MailRuUpdater.exe C:\Users\Николай\AppData\Local\Temp\MBSetup103.exe C:\Users\Николай\AppData\Local\Temp\MBSetup165.exe C:\Users\Николай\AppData\Local\Temp\MBSetup473.exe C:\Users\Николай\AppData\Local\Temp\MBSetup917.exe C:\Users\Николай\AppData\Local\Temp\nvStInst.exe C:\Users\Николай\AppData\Local\Temp\OQ4GBKJPGV.exe C:\Users\Николай\AppData\Local\Temp\PZQ8841Y1D.exe C:\Users\Николай\AppData\Local\Temp\QWJC15ING8.exe C:\Users\Николай\AppData\Local\Temp\R0D6PKSJ8E.exe C:\Users\Николай\AppData\Local\Temp\rft_sb.exe C:\Users\Николай\AppData\Local\Temp\RPHN21L0ZO.exe C:\Users\Николай\AppData\Local\Temp\TAH4RZAX1F.exe C:\Users\Николай\AppData\Local\Temp\X69J2TW0ZB.exe C:\Users\Николай\AppData\Local\Temp\_is165E.exe C:\Users\Николай\AppData\Local\Temp\_is8EB7.exe C:\Users\Николай\AppData\Local\Temp\TempQMSystemSetup_11.4.17339.217_256814941(1).exe C:\Users\Николай\AppData\Local\Temp\TempQMSystemSetup_11.4.17339.217_256814941(2).exe C:\Users\Николай\AppData\Local\Temp\TempQMSystemSetup_11.4.17339.217_256814941.exe C:\Users\Николай\AppData\Local\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa.exe Task: {1A253F65-DA65-41BE-B501-F7A3E7B4C165} - \{CB33B363-6A5F-45ED-BB11-D6C02113E6CE} -> No File <==== ATTENTION Task: {3C237298-BBB3-4049-BF56-74ADA3072544} - \Virtual Ball -> No File <==== ATTENTION Task: {62F45178-D649-4C91-9DC4-DB6C36FED974} - \Virtual Ball2 -> No File <==== ATTENTION Task: {6C46863B-09EA-42B8-9805-37BB11E52CE4} - \WinTaske -> No File <==== ATTENTION Task: {C1D77797-77DF-44EB-8CD2-05E82466E0A0} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {C8E1FD0C-C748-4B86-9397-AFCF66809246} - \Soft installer -> No File <==== ATTENTION Task: {E721352F-63E8-46A9-8CAC-6CD990E676AC} - \SystemMonitor2016 -> No File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" FirewallRules: [{CF775789-D742-48D1-8EF5-A198296F0FEC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{288B34B6-3335-41B6-BB88-900D305CF430}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCmgrInstallGuide.exe FirewallRules: [{E7FBDAEF-9D25-4F27-8F4C-5A3C32328F3A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{4DF4C558-2DA2-4970-9C91-560A6D1039DE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe FirewallRules: [{D7871467-0DA8-42BB-B14A-185E22C5CBCB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCMgr.exe FirewallRules: [{5936E27D-8FF0-43F2-8951-88ADD0813E2A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe FirewallRules: [{E64886FB-3E42-4E97-966B-3F579C578914}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDL.exe FirewallRules: [{A00857E3-28BB-4809-BAF4-3836CAB199EE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\bugreport.exe FirewallRules: [{1F8633F6-76F2-406A-84AE-F43AC4EAE5ED}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCFileOpen.exe FirewallRules: [{02B22ADD-ACC4-4121-9F96-2B5EBFD49ECE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCLeakScan.exe FirewallRules: [{AB56D3ED-BC00-4ED6-B05A-75C140C2B2EA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPConfig.exe FirewallRules: [{A7023AF8-08CC-4E4A-B1A6-AC48FF0B385D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftMgr.exe FirewallRules: [{50D67337-3CB5-4D82-AD58-182944961628}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{0FB917DC-A60F-4989-BD04-3AC65EEC9892}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCBTU.exe FirewallRules: [{D9436AEB-991F-439D-845B-69668F458840}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCClinic.exe FirewallRules: [{F4F7757C-CA8C-4C54-BDFA-0A06C5798808}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCLaunch.exe FirewallRules: [{2AF77702-E3F0-4580-A1F0-01E20F4E252A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{4FCA592C-E0B6-4623-A64F-0C75693FCE65}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftGame.exe FirewallRules: [{58D2E5DD-F5F6-41CA-97FF-1E9C60631746}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSysOptimize.exe FirewallRules: [{32D68ABD-D0E6-4DD0-92CA-230FB6B8B79F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCUpdateAVLib.exe FirewallRules: [{55DC2105-640D-4FED-83B4-ACAC06626D7E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.exe FirewallRules: [{EAB08AFF-002E-4765-A86B-3FB68D3DF8C8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Uninst.exe FirewallRules: [{453325A9-74CF-41A9-A19D-5A8F20FBCFBA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe FirewallRules: [{F8DC1AC7-451F-4149-BC3A-E5E4D051FA8D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TpkUpdate.exe FirewallRules: [{DAD29252-E02D-4E77-A5D8-54CD06D91A7F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRouterMgr.exe FirewallRules: [{E6E1E4EE-1995-4858-B202-E7A574D26A7E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAccountProtection.exe FirewallRules: [{716D1F46-5BE9-4670-8133-ECB785205901}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAdBlock.exe FirewallRules: [{4FA532E9-CB9C-44E5-8ADB-61D429649D45}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{450124FC-5EDB-4BCE-896A-570ECF4DD303}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{0B8A2D57-B94E-4021-8322-2279CB07DD51}] => (Allow) C:\Users\Николай\AppData\Roaming\TXQBINSTX.EXE FirewallRules: [{6B8B31FD-D5E3-4042-AE69-B31005EB544A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{669018E1-BD24-46C8-94D3-46BFAF30157C}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{FF0B68EF-1A0C-4D05-B149-05286623EFFD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{7728C8E1-3A19-4639-B6D3-802567F51159}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe Reboot:
3. Выберите папку, откуда была запущена утилита Farbar Recovery Scan Tool
4. Укажите Тип файла – Все файлы (*.*)
5. Введите имя файла fixlist.txt и нажмите кнопку Сохранить
6. Запустите FRST, нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
- Обратите внимание, что компьютер будет перезагружен.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Сделал
Сделайте лог AdwCleaner
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Сделал
Отметьте и удалите все найденное
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Все удалил. Вроде нормально. Спасибо большое за помощь!
Уважаемый(ая) Nikolay61, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.