Вирус забрал права админа, и я не могу полностью удалить его

[Maxsul]

Всем доброго дня, недавно по моей глупости был подхвачен вирус, который полностью загружал мой ЦП... Две ночи без сна и он вроде бы был удачно отправлен в карантин, но успев полностью обезопасить свои остальные файлы которые не отправились в карантин. Сидеть на такой бомбе не очень то и хотелось, но при попытке изменения доступа к его файлам, мне резко запрещают их изменять... Прошу помогите полностью удалить его. Сам он притворяется Internet Exsplorer в Programs Files, хотя настоящий лежит в x86. Логи тут

[Info_bot]

Уважаемый(ая) Maxsul, спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.

Информация

Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста, поддержите проект.

[Vvvyg]

Скачайте, распакуйте и запустите утилиту ClearLNK. Скопируйте текст ниже в окно утилиты и нажмите "Лечить".

Код:

>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2\Удалить MediaGet.lnk"       -> ["C:\Users\ДОМ\AppData\Local\MediaGet2\mediaget-uninstaller.exe"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uBar.lnk"         -> ["C:\ProgramData\uBar\uBar\uBar.exe"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net\Wargaming.net Game Center.lnk"    -> ["C:\ProgramData\Wargaming.net\GameCenter\wgc.exe"]
>>>  "C:\ProgramData\Microsoft\Windows\GameExplorer\{00000000-0000-0000-0000-000000000000}\PlayTasks\0\Play.lnk"         -> ["C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe"]
>>>  "C:\ProgramData\Microsoft\Windows\GameExplorer\{00000000-0000-0000-0000-000000000000}\PlayTasks\1\Play - DirectX9.lnk"        -> ["C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe"  =>> -dx9]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Зарплата 2017\Зарплата 2017.lnk"          -> ["C:\Бухсофт\Зарплата 2017\зарплата 2017.exe"]
>>>  "C:\Users\ДОМ\Documents\Panasonic\MFS\History Tool.lnk"           -> ["C:\Program Files (x86)\Panasonic\MFStation\MccHistory.exe"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft\Advanced Archive Password Recovery\Advanced Archive Password Recovery.lnk"    -> ["C:\Program Files (x86)\ElcomSoft\Advanced Archive Password Recovery\ARCHPR.EXE"]
>>>  "C:\Users\ДОМ\Desktop\uBar.lnk"     -> ["C:\ProgramData\uBar\uBar\uBar.exe"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2\MediaGet.lnk"     -> ["C:\Users\ДОМ\AppData\Local\MediaGet2\mediaget.exe"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Call of Duty(R) 4 - Modern Warfare(TM) - сетевая игра.lnk"    -> ["C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Call of Duty(R) 4 - Modern Warfare(TM) - одиночная игра.lnk"  -> ["C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3sp.exe"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Документация\Файл Readme.lnk"   -> ["C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\readme.htm"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Документация\Руководство к игре Call of Duty(R) 4 - Modern Warfare(TM).lnk"       -> ["C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\Docs\manual.pdf"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Документация\Справочная документация.lnk"           -> ["C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\Docs\help.htm"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Документация\Техническая поддержка.lnk"   -> ["C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\customer_support.htm"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Innova Co. SARL\4game.lnk"      -> ["C:\Program Files (x86)\Innova\4game2.0\4game.exe"]
>>>  "C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"      -> ["C:\Users\defaultuser0\AppData\Local\Microsoft\OneDrive\OneDrive.exe"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Gecata 5\Movavi Gecata 5.lnk"  -> ["C:\Users\ДОМ\AppData\Roaming\Movavi Gecata 5\Gecata.exe"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Gecata 5\Удалить Movavi Gecata 5.lnk"    -> ["C:\Users\ДОМ\AppData\Roaming\Movavi Gecata 5\uninst.exe"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Gecata 5\Сайт Movavi Gecata 5.lnk"       -> ["C:\Users\ДОМ\AppData\Roaming\Movavi Gecata 5\Movavi Gecata 5.url"]
>>>  "C:\Users\ДОМ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FACEIT Ltd\FACEIT.lnk"      -> ["C:\Users\ДОМ\AppData\Local\FACEITApp\FACEIT.exe"]
>>>  "C:\Users\ДОМ\Favorites\Links\Интернет.url"  ->                  hxxp://khovymush.ru/?utm_source=favorites03&utm_content=0364b03b136a2336e4308b0954d7096a&utm_term=E1261F179B454120496C0DAA91DE6331&utm_d=20170321

Отчёт о работе прикрепите.

Запустите HijackThis, расположенный в папке Autologger (в Windows Vista/7/8/10 необходимо запускать через правую кнопку мыши Запуск от имени администратора))и пофиксите только эти строки:

Код:

O22 - Task: \Microsoft\Windows\Wininet\Taskhost - C:\Programdata\RealtekHD\taskhostw.exe (file missing)
O22 - Task: \Microsoft\Windows\Wininet\Taskhostw - C:\Programdata\RealtekHD\taskhostw.exe (file missing)

Деинсталлируйте программу Служба автоматического обновления программ.

Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу. Когда программа запустится, нажмите Yes для соглашения с предупреждением.

Нажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt в той же папке, откуда была запущена программа.
Прикрепите эти файлы к своему следующему сообщению (лучше оба в одном архиве).

[Maxsul]

Ну вроде вот

[Vvvyg]

Отключите до перезагрузки все антивирусы.
Выделите и скопируйте в буфер обмена следующий код:

Код:

Start::
CreateRestorePoint:
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\Run: [Zoom] => [X]
Toolbar: HKU\S-1-5-21-3816310004-1287091216-1637430114-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
2020-09-09 18:27 - 2020-09-10 06:38 - 000000000 ____D C:\Program Files\RDP Wrapper
2020-09-09 18:26 - 2020-09-10 06:33 - 000000000 __SHD C:\ProgramData\WindowsTask
2020-09-09 18:26 - 2020-09-10 06:32 - 000000000 __SHD C:\ProgramData\Windows
2020-09-09 18:26 - 2020-09-10 06:31 - 000000000 __SHD C:\ProgramData\RealtekHD
2020-09-09 18:26 - 2020-09-10 06:23 - 000000000 __SHD C:\ProgramData\Setup
2020-09-09 18:26 - 2020-09-09 22:31 - 000000000 __SHD C:\ProgramData\Doctor Web
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\RunDLL
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\Norton
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\McAfee
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\grizzly
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\ESET
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\AVAST Software
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\360safe
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\SpyHunter
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\ESET
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\COMODO
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Cezurity
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\ByteFence
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\AVG
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\AVAST Software
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\360
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\KVRT_Data
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\AdwCleaner
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 ____D C:\WINDOWS\speechstracing
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 ____D C:\ProgramData\System32
2018-09-02 20:08 - 2018-09-02 20:08 - 000000229 _____ () C:\Users\ДОМ\AppData\Roaming\del.bat
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`pgyjhioihinfh [0]
AlternateDataStreams: C:\Users\ДОМ\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\ДОМ\AppData\Local\Temp:$DATA​ [16]
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "MediaGet2"
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "uBar"
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "Adguard"
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "FACEIT"
FirewallRules: [{AAE3C423-8339-4CB0-8C5E-644AA26CC1F7}] => (Block) C:\users\дом\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [{1A478DBC-7EF3-4DD3-AAD8-C123D5F814C8}] => (Block) C:\users\дом\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [TCP Query User{58137EFF-5AC7-4BBA-BC72-56F57FFC9B1F}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [UDP Query User{8E72356B-5B1D-469C-AAF1-C9362D40A856}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [{982DAB37-8568-410D-B958-E84FBEFCE51E}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [{896F052D-4AC3-41F4-AFF9-9FB10B96C7ED}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [TCP Query User{48541D2F-6556-4765-B61D-901214D1DA77}C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe] => (Allow) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{46089E1A-0602-4504-8B6B-2A1194BC6186}C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe] => (Allow) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [{2E7669D7-32DE-4CF3-85C5-C625379777C3}] => (Block) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [{28CA5BAF-AA48-4938-9D73-E8F90DC7ABA5}] => (Block) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{3BC0B107-9F33-4B84-928C-FDFAB65932CD}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [UDP Query User{C31702CE-A854-406C-89CA-730DC0A569ED}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [{6EE37E16-4FF5-441F-9512-FFBC57115103}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [{4C7CA8D3-33F4-4FCB-9CCD-7F045378A211}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [TCP Query User{610AB915-9741-4128-B228-25BBC58584E0}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [UDP Query User{1286904F-91BD-4402-8556-93F04ED7F443}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [{3BAD0DFF-39C6-477E-A16B-44CDF004BDDA}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [{2D5FB5C4-BFAF-474A-914B-3416CBC25090}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [TCP Query User{E034C05F-670A-4166-A5FB-047C148063B4}C:\users\дом\appdata\local\temp\scoped_dir5312_1612230557\zclient.exe] => (Allow) C:\users\дом\appdata\local\temp\scoped_dir5312_1612230557\zclient.exe => No File
FirewallRules: [UDP Query User{BE62D099-BA47-4C81-9EF1-2F9D13BB6696}C:\users\дом\appdata\local\temp\scoped_dir5312_1612230557\zclient.exe] => (Allow) C:\users\дом\appdata\local\temp\scoped_dir5312_1612230557\zclient.exe => No File
FirewallRules: [{AF8422E7-4AF3-42DA-8DA9-39BEA64EEFB5}] => (Block) C:\users\дом\appdata\local\temp\scoped_dir5312_1612230557\zclient.exe => No File
FirewallRules: [{F6BDB641-4120-44C0-AB8D-44906D1F42F4}] => (Block) C:\users\дом\appdata\local\temp\scoped_dir5312_1612230557\zclient.exe => No File
FirewallRules: [TCP Query User{DB674DC3-9637-4E45-B572-AD118C0C05B2}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [UDP Query User{4C1E8130-F21A-4810-BFFF-CD570E8DFFFE}C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [{101F60B1-4359-4582-9E94-6F825ED1418D}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [{E036DEB2-834A-44F2-805F-F5C3B8D6BC76}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [{A4AA6B6B-8508-4827-991D-213541EC30E1}] => (Block) LPort=445
FirewallRules: [{D176C98C-527C-4F9F-B890-FE4363C8AD77}] => (Block) LPort=445
FirewallRules: [{D114A3AF-E15B-43E4-896F-53EB9AFDE302}] => (Block) LPort=139
FirewallRules: [{8548CA5D-B3C2-48E8-A7C6-C22D0DDA3756}] => (Block) LPort=139
FirewallRules: [{C55D9C7E-B76B-41A2-819F-018D4708E530}] => (Allow) LPort=3389
CMD: attrib -s -h -r /S /D "C:\ProgramData\Kaspersky Lab Setup Files"
CMD: attrib -s -h -r /S /D "C:\ProgramData\Kaspersky Lab"
CMD: attrib -s -h -r /S /D "C:\Program Files (x86)\Kaspersky Lab"
Reboot:
End::

Запустите FRST.EXE/FRST64.EXE, нажмите один раз Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

В системе две защитных программы: Bitdefender Internet Security и Kaspersky Internet Security, это недопустимо и неизбежно приводит к конфликтам и тормозам, часть Ваших проблем - именно из-за этого. Удалите один из антивирусов, Malwarebytes тоже. Активных вирусов нет, остатки того, что было удалится фиксом в FRST, и запреты на папки тоже будут сняты.

[Maxsul]

Вот по идее

- - - - -Добавлено - - - - -

Сделал

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2020
Ran by ДОМ (11-09-2020 15:52:45) Run:2
Running from C:\Users\ДОМ\Desktop
Loaded Profiles: ДОМ
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\Run: [Zoom] => [X]
Toolbar: HKU\S-1-5-21-3816310004-1287091216-1637430114-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
2020-09-09 18:27 - 2020-09-10 06:38 - 000000000 ____D C:\Program Files\RDP Wrapper
2020-09-09 18:26 - 2020-09-10 06:33 - 000000000 __SHD C:\ProgramData\WindowsTask
2020-09-09 18:26 - 2020-09-10 06:32 - 000000000 __SHD C:\ProgramData\Windows
2020-09-09 18:26 - 2020-09-10 06:31 - 000000000 __SHD C:\ProgramData\RealtekHD
2020-09-09 18:26 - 2020-09-10 06:23 - 000000000 __SHD C:\ProgramData\Setup
2020-09-09 18:26 - 2020-09-09 22:31 - 000000000 __SHD C:\ProgramData\Doctor Web
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\RunDLL
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\Norton
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\McAfee
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\grizzly
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\ESET
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\AVAST Software
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\ProgramData\360safe
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\SpyHunter
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\ESET
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\COMODO
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\Cezurity
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\ByteFence
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\AVG
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files\AVAST Software
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\Program Files (x86)\360
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\KVRT_Data
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 __SHD C:\AdwCleaner
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 ____D C:\WINDOWS\speechstracing
2020-09-09 18:26 - 2020-09-09 18:26 - 000000000 ____D C:\ProgramData\System32
2018-09-02 20:08 - 2018-09-02 20:08 - 000000229 _____ () C:\Users\ДОМ\AppData\Roaming\del.bat
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`pg yjhioihinfh [0]
AlternateDataStreams: C:\Users\ДОМ\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\ДОМ\AppData\Local\Temp:$DATA​ [16]
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "MediaGet2"
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "uBar"
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "Adguard"
HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\...\StartupApproved\Run: => "FACEIT"
FirewallRules: [{AAE3C423-8339-4CB0-8C5E-644AA26CC1F7}] => (Block) C:\users\дом\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [{1A478DBC-7EF3-4DD3-AAD8-C123D5F814C8}] => (Block) C:\users\дом\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [TCP Query User{58137EFF-5AC7-4BBA-BC72-56F57FFC9B1F}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [UDP Query User{8E72356B-5B1D-469C-AAF1-C9362D40A856}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [{982DAB37-8568-410D-B958-E84FBEFCE51E}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [{896F052D-4AC3-41F4-AFF9-9FB10B96C7ED}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [TCP Query User{48541D2F-6556-4765-B61D-901214D1DA77}C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe] => (Allow) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{46089E1A-0602-4504-8B6B-2A1194BC6186}C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe] => (Allow) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [{2E7669D7-32DE-4CF3-85C5-C625379777C3}] => (Block) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [{28CA5BAF-AA48-4938-9D73-E8F90DC7ABA5}] => (Block) C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{3BC0B107-9F33-4B84-928C-FDFAB65932CD}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.177\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [UDP Query User{C31702CE-A854-406C-89CA-730DC0A569ED}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.177\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [{6EE37E16-4FF5-441F-9512-FFBC57115103}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [{4C7CA8D3-33F4-4FCB-9CCD-7F045378A211}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.177\opera.exe => No File
FirewallRules: [TCP Query User{610AB915-9741-4128-B228-25BBC58584E0}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [UDP Query User{1286904F-91BD-4402-8556-93F04ED7F443}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [{3BAD0DFF-39C6-477E-A16B-44CDF004BDDA}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [{2D5FB5C4-BFAF-474A-914B-3416CBC25090}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [TCP Query User{E034C05F-670A-4166-A5FB-047C148063B4}C:\users\дом\appdata\local\temp\scope d_dir5312_1612230557\zclient.exe] => (Allow) C:\users\дом\appdata\local\temp\scoped_dir5312_161 2230557\zclient.exe => No File
FirewallRules: [UDP Query User{BE62D099-BA47-4C81-9EF1-2F9D13BB6696}C:\users\дом\appdata\local\temp\scope d_dir5312_1612230557\zclient.exe] => (Allow) C:\users\дом\appdata\local\temp\scoped_dir5312_161 2230557\zclient.exe => No File
FirewallRules: [{AF8422E7-4AF3-42DA-8DA9-39BEA64EEFB5}] => (Block) C:\users\дом\appdata\local\temp\scoped_dir5312_161 2230557\zclient.exe => No File
FirewallRules: [{F6BDB641-4120-44C0-AB8D-44906D1F42F4}] => (Block) C:\users\дом\appdata\local\temp\scoped_dir5312_161 2230557\zclient.exe => No File
FirewallRules: [TCP Query User{DB674DC3-9637-4E45-B572-AD118C0C05B2}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.191\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [UDP Query User{4C1E8130-F21A-4810-BFFF-CD570E8DFFFE}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.191\opera.exe] => (Allow) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [{101F60B1-4359-4582-9E94-6F825ED1418D}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [{E036DEB2-834A-44F2-805F-F5C3B8D6BC76}] => (Block) C:\users\дом\appdata\local\programs\opera gx\68.0.3618.191\opera.exe => No File
FirewallRules: [{A4AA6B6B-8508-4827-991D-213541EC30E1}] => (Block) LPort=445
FirewallRules: [{D176C98C-527C-4F9F-B890-FE4363C8AD77}] => (Block) LPort=445
FirewallRules: [{D114A3AF-E15B-43E4-896F-53EB9AFDE302}] => (Block) LPort=139
FirewallRules: [{8548CA5D-B3C2-48E8-A7C6-C22D0DDA3756}] => (Block) LPort=139
FirewallRules: [{C55D9C7E-B76B-41A2-819F-018D4708E530}] => (Allow) LPort=3389
CMD: attrib -s -h -r /S /D "C:\ProgramData\Kaspersky Lab Setup Files"
CMD: attrib -s -h -r /S /D "C:\ProgramData\Kaspersky Lab"
CMD: attrib -s -h -r /S /D "C:\Program Files (x86)\Kaspersky Lab"
Reboot:

*****************

Error: (0) Failed to create a restore point.
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\Software\Microsoft\Windows\CurrentVersion\Run \\Zoom" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C500C267-63BF-451F-8797-4D720C9A2ED9}" => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.c om/3DVision => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.c om/3DVisionStreaming => not found
"C:\Program Files\RDP Wrapper" => not found
"C:\ProgramData\WindowsTask" => not found
"C:\ProgramData\Windows" => not found
"C:\ProgramData\RealtekHD" => not found
"C:\ProgramData\Setup" => not found
"C:\ProgramData\Doctor Web" => not found
"C:\ProgramData\RunDLL" => not found
"C:\ProgramData\Norton" => not found
"C:\ProgramData\McAfee" => not found
"C:\ProgramData\grizzly" => not found
"C:\ProgramData\ESET" => not found
"C:\ProgramData\AVAST Software" => not found
"C:\ProgramData\360safe" => not found
"C:\Program Files\SpyHunter" => not found
"C:\Program Files\Malwarebytes" => not found
"C:\Program Files\ESET" => not found
"C:\Program Files\Enigma Software Group" => not found
"C:\Program Files\COMODO" => not found
"C:\Program Files\Common Files\McAfee" => not found
"C:\Program Files\Cezurity" => not found
"C:\Program Files\ByteFence" => not found
"C:\Program Files\AVG" => not found
"C:\Program Files\AVAST Software" => not found
"C:\Program Files (x86)\SpyHunter" => not found
"C:\Program Files (x86)\Panda Security" => not found
"C:\Program Files (x86)\Microsoft JDX" => not found
"C:\Program Files (x86)\GRIZZLY Antivirus" => not found
"C:\Program Files (x86)\Cezurity" => not found
"C:\Program Files (x86)\AVG" => not found
"C:\Program Files (x86)\AVAST Software" => not found
"C:\Program Files (x86)\360" => not found
"C:\KVRT_Data" => not found
"C:\AdwCleaner" => not found
"C:\WINDOWS\speechstracing" => not found
"C:\ProgramData\System32" => not found
"C:\Users\ДОМ\AppData\Roaming\del.bat" => not found
"C:\ProgramData\Reprise" => ":jhqduwvxlctbqqijsf`usjbm`pgyjhioihinfh" ADS not found.
"C:\Users\ДОМ\Application Data" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS not found.
"C:\Users\ДОМ\AppData\Local\Temp" => ":$DATA​" ADS not found.
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\\MediaGet2" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\MediaGet2" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\\uBar" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\uBar" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\\Adguard" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\Adguard" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\\FACEIT" => not found
"HKU\S-1-5-21-3816310004-1287091216-1637430114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\FACEIT" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{AAE3C 423-8339-4CB0-8C5E-644AA26CC1F7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{1A478 DBC-7EF3-4DD3-AAD8-C123D5F814C8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{58137EFF-5AC7-4BBA-BC72-56F57FFC9B1F}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.129\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E72356B-5B1D-469C-AAF1-C9362D40A856}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.129\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{982DA B37-8568-410D-B958-E84FBEFCE51E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{896F0 52D-4AC3-41F4-AFF9-9FB10B96C7ED}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{48541D2F-6556-4765-B61D-901214D1DA77}C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{46089E1A-0602-4504-8B6B-2A1194BC6186}C:\users\дом\desktop\scrap mechanic\release\scrapmechanic.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{2E766 9D7-32DE-4CF3-85C5-C625379777C3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{28CA5 BAF-AA48-4938-9D73-E8F90DC7ABA5}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3BC0B107-9F33-4B84-928C-FDFAB65932CD}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.177\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C31702CE-A854-406C-89CA-730DC0A569ED}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.177\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{6EE37 E16-4FF5-441F-9512-FFBC57115103}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{4C7CA 8D3-33F4-4FCB-9CCD-7F045378A211}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{610AB915-9741-4128-B228-25BBC58584E0}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.186\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1286904F-91BD-4402-8556-93F04ED7F443}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.186\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{3BAD0 DFF-39C6-477E-A16B-44CDF004BDDA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{2D5FB 5C4-BFAF-474A-914B-3416CBC25090}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E034C05F-670A-4166-A5FB-047C148063B4}C:\users\дом\appdata\local\temp\scope d_dir5312_1612230557\zclient.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BE62D099-BA47-4C81-9EF1-2F9D13BB6696}C:\users\дом\appdata\local\temp\scope d_dir5312_1612230557\zclient.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{AF842 2E7-4AF3-42DA-8DA9-39BEA64EEFB5}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{F6BDB 641-4120-44C0-AB8D-44906D1F42F4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DB674DC3-9637-4E45-B572-AD118C0C05B2}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.191\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C1E8130-F21A-4810-BFFF-CD570E8DFFFE}C:\users\дом\appdata\local\programs\o pera gx\68.0.3618.191\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{101F6 0B1-4359-4582-9E94-6F825ED1418D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{E036D EB2-834A-44F2-805F-F5C3B8D6BC76}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{A4AA6 B6B-8508-4827-991D-213541EC30E1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{D176C 98C-527C-4F9F-B890-FE4363C8AD77}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{D114A 3AF-E15B-43E4-896F-53EB9AFDE302}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{8548C A5D-B3C2-48E8-A7C6-C22D0DDA3756}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{C55D9 C7E-B76B-41A2-819F-018D4708E530}" => not found

========= attrib -s -h -r /S /D "C:\ProgramData\Kaspersky Lab Setup Files" =========

Access denied - C:\ProgramData\Kaspersky Lab Setup Files

========= End of CMD: =========


========= attrib -s -h -r /S /D "C:\ProgramData\Kaspersky Lab" =========


========= End of CMD: =========


========= attrib -s -h -r /S /D "C:\Program Files (x86)\Kaspersky Lab" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 15:56:31 ====

[Vvvyg]

Два раза не нужно было запускать.
Лишние антивирусы удалили?
Что с проблемой?

[Maxsul]

Подозрительной активности не наблюдается, но папку с вирусом полностью удалить не выходит, компьютер простит разрешения администратора. Полные разрешения к папке с вирусом находится у TruestedInstaller, и изменить разрешения на хоть какие-то не выходит. А так все отлично. Спасибо

[Vvvyg]

Что за папка? Полный путь укажите.

[Maxsul]

C:\Program Files\internet explorer

[Vvvyg]

Выделите и скопируйте в буфер обмена следующий код:

Код:

Start::
Folder: c:\Program Files\internet explorer
End::

Запустите FRST.EXE/FRST64.EXE, нажмите один раз Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.

[Maxsul]

Сорян что так поздно

[Vvvyg]

В папке только файлы от Mirosoft. Какие основания были полагать, что там вирус?