- This topic has 1 ответ, 2 участника, and was last updated 8 years, 3 months назад by
.
Просмотр 2 сообщений - с 1 по 2 (из 2 всего)
-
Сообщения
-
Здравствуйте, добро пожаловать на Spyware-ru форум.
Количество вирусов просто зашкаливает. Как такое произошло ?
В панели управления зайдите в Удаление программ и удалите все ненужные и неизвестные вам программы. Включая:
HPRewriter
Kometa
My Web Shield
New Tab Helper
SnapDo
SpaceSoundPro
sunnyday
WeatherChickn
WebShield
WINЗапустите программу Блокнот и вставьте в открытое окно следующий текст
CreateRestorePoint: HKLM\...\Run: [WINCOMOSN] => C:\Program Files (x86)\mpck\wincom_OSN.exe [4270080 2016-08-21] () HKLM\...\Run: [IDSCCOMOSN] => C:\Program Files (x86)\EasyHotspot\idsccom_OSN.exe [4270080 2016-08-21] () HKLM\...\Run: [WINCOMJKH] => C:\Program Files (x86)\sunnyday\wincom_JKH.exe [4270080 2016-08-21] () HKLM\...\Run: [WINCOMAEH] => C:\Program Files (x86)\sunnyday\wincom_AEH.exe [4270080 2016-08-21] () HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro) HKLM\...\Run: [WINCOMCM0] => C:\Program Files (x86)\sunnyday\wincom_CM0.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMYSX] => C:\Program Files (x86)\sunnyday\wincom_YSX.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMJQI] => C:\Program Files (x86)\sunnyday\wincom_JQI.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOM79V] => C:\Program Files (x86)\sunnyday\wincom_79V.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOM9J9] => C:\Program Files (x86)\sunnyday\wincom_9J9.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOM854] => C:\Program Files (x86)\sunnyday\wincom_854.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMTDK] => C:\Program Files (x86)\sunnyday\wincom_TDK.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMD2L] => C:\Program Files (x86)\sunnyday\wincom_D2L.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMH6Z] => C:\Program Files (x86)\sunnyday\wincom_H6Z.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMJNX] => C:\Program Files (x86)\sunnyday\wincom_JNX.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMF5Z] => C:\Program Files (x86)\sunnyday\wincom_F5Z.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMWW4] => C:\Program Files (x86)\sunnyday\wincom_WW4.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMS26] => C:\Program Files (x86)\sunnyday\wincom_S26.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMY74] => C:\Program Files (x86)\sunnyday\wincom_LIY.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMU3Y] => C:\Program Files (x86)\sunnyday\wincom_U3Y.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMADG] => C:\Program Files (x86)\sunnyday\wincom_ADG.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMN1Z] => C:\Program Files (x86)\sunnyday\wincom_N1Z.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOM7ZU] => C:\Program Files (x86)\sunnyday\wincom_7ZU.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOMKIS] => C:\Program Files (x86)\sunnyday\wincom_KIS.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOM2AO] => C:\Program Files (x86)\sunnyday\wincom_2AO.exe [4270080 2016-08-22] () HKLM\...\Run: [WINCOM9YJ] => C:\Program Files (x86)\sunnyday\wincom_9YJ.exe [4270080 2016-08-22] HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.RU\raidcall.exe [4152984 2015-03-31] (RAIDCALL.COM) HKLM-x32\...\Run: [ChromeExtensionUpdater] => "C:\Users\User\AppData\Local\extension\ChromeExtensionUpdater.exe" HKLM-x32\...\Run: [ServerCore] => C:\Program Files (x86)\Application Installer\ServerCore.exe HKLM-x32\...\Run: [RublikAutostartSetting] => "C:\Program Files (x86)\Rublik\rublik.exe" HKLM-x32\...\Run: [2143992dd0b8a519687f1aa6a3e6bda1] => .. [0 ] () HKLM-x32\...\Run: [kxesc] => "c:\program files (x86)\kingsoft\kingsoft antiviruskxetray.exe" -autorun HKLM-x32\...\Run: [Chedot] => "C:\Users\User\AppData\Local\Chedot\Application\chedot.exe" HKLM-x32\...\Run: [app-helper1] => C:\Program Files (x86)\Application Assistance\app-helper1.exe HKLM-x32\...\Run: [Kinoroom Browser] => "C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe" --auto-run-reg HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\sbqh\uc.exe [233520 2016-08-20] ( ) HKLM-x32\...\Run: [EYAN] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\THREADAPP.exe [9216000 2016-07-05] (eee) HKLM-x32\...\Run: [win_en_77] => C:\Program Files (x86)\win_en_77\win_en_77.exe [4065792 2016-07-22] () HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DPower\DiskPower.exe [210432 2016-07-21] () HKLM-x32\...\Run: [sun21] => C:\Program Files (x86)\SunnyDay21\SunnyDay.exe [3973288 2016-08-03] () HKLM\...\RunOnce: [OTUTPRODUCT_X7T6W] => C:\Program Files (x86)\mpck\otutnetwork.exe [786432 2016-08-21] (Ou) HKLM\...\RunOnce: [OMEWPRODUCT_0W43X] => C:\Program Files (x86)\DPower\wemoservice.exe [966656 2016-08-22] (Ia0) HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files (x86)\host\idscservice.exe [965120 2016-08-22] (Ia0) HKLM\...\RunOnce: [OTUTPRODUCT_OY6ET] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [951296 2016-08-22] (OOpE) HKLM\...\RunOnce: [OMEWPRODUCT_3784O] => C:\Program Files (x86)\DPower\wemoservice.exe [966656 2016-08-22] (Ia0) HKLM\...\RunOnce: [OTUTPRODUCT_S2Y13] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [951296 2016-08-22] (OOpE) HKLM-x32\...\RunOnce: [usun.exe] => C:\Users\TEMP\AppData\Local\SunnyDay21\usun.exe [3272192 2016-08-03] () <===== ATTENTION HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files (x86)\microsoft\desktoplayer.exe,c:\program files (x86)\raidcall.ru\raidcallsrv.exe [X] HKLM\...\Policies\Explorer\Run: [KRB Updater Utility] => C:\ProgramData\KRB Updater Utility\krbupdater.exe [179942 2015-12-17] () HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [Clownfish] => "C:\Windows\system32\config\systemprofile\Desktop\Clownfish.exe" HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [GameCenterMailRu] => C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5431200 2016-08-17] (LLC Mail.Ru) HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [MailRuUpdater] => C:\Users\TEMP\AppData\Local\Mail.Ru\MailRuUpdater.exe [5168856 2016-08-11] (Mail.Ru) <===== ATTENTION HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [ZetaGamesNews] => C:\Windows\system32\config\systemprofile\AppData\Local\ZetaGamesNews\zeta.exe HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [ZetaGamesViewer] => C:\Windows\system32\config\systemprofile\AppData\Local\ZetaGamesViewer\zetaviewer.exe --show-hidden HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [cchoinhodn] => explorer "hxxp://tsarlima.ru/?utm_source=uoua03&utm_content=de7599e53a189bc33ff78437f11ec378&utm_term=B3BC0AF583F0B65C0B62682187154C7D&utm_d=20160705" <===== ATTENTION HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [autoDENGI] => D:\autoDENGI\autoDENGI.exe HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [QGuan10in12] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UPUpdata\service90132.exe [1831424 2016-08-21] () HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [QGuan10in1] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UPUpdata\service72564.exe [1831424 2016-08-21] () HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [msiql] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UPUpdata\msiql.exe [1886720 2016-08-21] () HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [TF7SC3BOK3] => C:\Program Files (x86)\DPower\H5I3EC3T7X.exe [369664 2016-08-21] () HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [Caster] => C:\Program Files (x86)\host\wizzcaster.exe [181760 2016-08-22] (JJ_89) HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [JLDK71IORE] => C:\Program Files (x86)\DPower\T2L5EW6ZBH.exe [369664 2016-08-21] () HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [apphide] => C:\Program Files (x86)\sbqh\uc.exe [233520 2016-08-20] ( ) HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2949544 2016-08-10] () HKU\S-1-5-21-1779386917-132062185-2250381859-1000\...\Run: [OZ4DHPWRN8] => C:\Program Files (x86)\DPower\HTAKRAF5MP.exe [369664 2016-08-22] () HKU\S-1-5-18\...\Run: [BingSvc] => C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\BingSvc\BingSvc.exe HKU\S-1-5-18\...\Run: [Notices] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\NotepadApp\Notices.exe [2293192 2016-07-07] (gqolva Kelesynibl) HKU\S-1-5-18\...\Run: [ZetaGamesNews] => C:\Windows\system32\config\systemprofile\AppData\Local\ZetaGamesNews\zeta.exe HKU\S-1-5-18\...\Run: [ZetaGamesViewer] => C:\Windows\system32\config\systemprofile\AppData\Local\ZetaGamesViewer\zetaviewer.exe --show-hidden HKU\S-1-5-18\...\Run: [qspbdzadei] => explorer "hxxp://rokrana.ru/?utm_source=uoua03&utm_content=bdd14c56c2e13d0b471624e2ba54923e&utm_term=B3BC0AF583F0B65C0B62682187154C7D&utm_d=20160705" <===== ATTENTION HKU\S-1-5-18\...\Run: [GameCenterMailRu] => C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5431200 2016-08-17] (LLC Mail.Ru) HKU\S-1-5-18\...\Run: [KometaLaunchPanel] => C:\Users\Default\AppData\Local\Kometa\Panel\KometaLaunchPanel.exe [4105312 2016-08-17] (Kometa LCC) HKU\S-1-5-18\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2949544 2016-08-10] () HKU\S-1-5-18\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe HKU\S-1-5-18\...\Run: [apphide] => C:\Program Files (x86)\sbqh\uc.exe [233520 2016-08-20] ( ) ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\їмС№\X64\KZipShell.dll [2016-08-21] () CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\.DEFAULT\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Tcpip\..\Interfaces\{0688FF8B-E5D0-49BB-8C3A-4CB14E20B1D1}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{1E4BAA1F-F875-4D6F-BFE1-825B81965433}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{2E5E832C-3888-4532-9FBE-B8BC135CD022}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{30DA6BE0-D019-4427-A78C-1B32BB47118C}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{63DAF431-FA5C-4A9F-A5D0-BF03D9B2F21B}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{8119014A-EEEC-4AE6-B242-4A2E958A94EC}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{8CE91CD1-72AE-47C2-8655-DF17D4055B5F}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{C126132F-DA3B-4C28-BFD1-34123CFE91AA}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{E0EB2CD3-DDBF-44F3-A7BD-AFE0A7424B90}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{E4117C4E-6179-4F7C-B758-BDBDB8F10716}: [NameServer] 104.197.191.4 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rokrana.ru/?utm_source=startpage03&utm_content=3ae2abf8b0e3b7aa65fe678fed753122&utm_term=B3BC0AF583F0B65C0B62682187154C7D&utm_d=20160705 SearchScopes: HKU\.DEFAULT -> {D76C8CCC-F907-43A3-AFAB-092FCD337558} URL = hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1779386917-132062185-2250381859-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=iextn&gp=800000 SearchScopes: HKU\S-1-5-21-1779386917-132062185-2250381859-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=iextn&gp=800000 BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File BHO: Aiduwb -> {F525CC93-970E-4841-8524-C7A087F4B650} -> C:\Program Files\Aiduwb\Valkof64.dll => No File BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File BHO-x32: Aiduwb -> {F525CC93-970E-4841-8524-C7A087F4B650} -> C:\Program Files\Aiduwb\Valkof.dll => No File Toolbar: HKU\S-1-5-21-1779386917-132062185-2250381859-1000 -> No Name - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - No File Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File FF Plugin-x32: @kingsfot.com/npkws -> C:\Program Files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File] FF Plugin-x32: @unity3d.com/UnityPlayer,version=1.0 -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [No File] CHR HKLM-x32\...\Chrome\Extension: [bgknpfancpeamejmcooedljjnaddldhg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gndaciceccgapjhpniecknjlmmlanaem] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lanabbpahpjnaljebnpgkjemcbkepiak] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx R2 AsOImbke; C:\Program Files (x86)\WebShield\WebShield.exe [360448 2016-08-13] () [File not signed] R2 coYClPzx; C:\Program Files (x86)\WebShield\WebShield.exe [360448 2016-08-13] () [File not signed] R2 dowidoly; C:\Program Files (x86)\E3707020-1471799425-11D9-9C44-14DAE9B52883\jnslFC50.tmp [244224 2016-08-21] () [File not signed] S2 ghmMntIfuspvboge.exe; C:\Program Files (x86)\Shociph\ghmMntIfuspvboge.exe [390232 2016-08-12] () R2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [239016 2016-07-21] () <==== ATTENTION R2 HPWriter Service; C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HPRewriter\HPWriterSrv.exe [373248 2016-07-26] () [File not signed] R2 ihctrl32; C:\Windows\SysWOW64\ihctrl32.dll [221184 2010-11-21] () [File not signed] R2 KuaizipUpdateChecker; C:\Program Files\їмС№\X86\kuaizipUpdateChecker.dll [219072 2016-08-21] () R2 Local Policy Client; C:\Windows\SysWOW64\lpclient.exe [315392 2010-11-21] () [File not signed] R2 MaohaWifiSvr; C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe [170464 2014-12-18] (猫哈网络 版权所有) R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-08-21] (DotC United Inc) R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-08-11] (Mail.Ru) R2 mweshield; C:\Program Files\My Web Shield\mweshield.exe [930144 2016-07-22] ("My Web Shield") R2 mweshieldup; C:\Program Files\My Web Shield\mweshieldup.exe [348512 2016-07-22] ("My Web Shield") S2 nplus; C:\Program Files\nplus\nplus.exe [312320 2016-08-22] () [File not signed] R2 ocep; C:\ProgramData\\ocep\\ocep.exe [400896 2016-08-22] () [File not signed] R2 PFHttpContentFilter.exe; C:\Program Files\netfilter\PFHttpContentFilter.exe [192000 2015-06-17] () [File not signed] R2 ProntSpooler; C:\Users\TEMP\AppData\Local\Apps\2.0\abril.exe [134656 2016-05-19] () [File not signed] R2 rijufoze; C:\Program Files (x86)\E3707020-1471799425-11D9-9C44-14DAE9B52883\hnsg1A0E.tmp [138240 2016-08-21] () [File not signed] S2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [926208 2016-08-22] () [File not signed] R2 SDDUpdate; C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [238392 2016-08-21] (SNDA) R2 SoEasySvc; C:\Program Files (x86)\SoEasySvc\SoEasySvc.exe [214168 2016-08-12] (TODO:) S2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [899984 2016-08-02] () R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [5168856 2016-08-11] (Mail.Ru) R2 Viokdojvaf; C:\Users\TEMP\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe [170496 2016-08-11] () [File not signed] R2 voxipudyzbt; C:\Program Files (x86)\E3707020-1471799425-11D9-9C44-14DAE9B52883\knsu63A8.tmp [1364992 2016-08-22] () [File not signed] R2 WeatherChiknSrvr; C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe [235520 2016-08-21] () [File not signed] R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe [768320 2016-08-16] (YANDEX LLC) R2 zigipyro; C:\Users\TEMP\AppData\Local\E3707020-1471981720-11D9-9C44-14DAE9B52883\qnsrBA0D.tmp [158720 2015-12-26] () [File not signed] R2 05B93BAB-FAE5-44A8-9846-753385F00C07; "C:\Program Files\Aiduwb\Jijfes.exe" [X] R2 Aiduwb Updater; C:\Program Files\Aiduwb\Sutxotga.exe [X] S2 Citdhwa; "C:\Users\TEMP\AppData\Roaming\AzigcWig\Geeswu.exe" -cms [X] R2 DifkuCiabf; "C:\Program Files\Aiduwb\DifkuCiabf.exe" [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 ir16_32; %SystemRoot%\System32\ir16_32.dll [X] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X] S3 Origin Client Service; "C:\Users\Public\Desktop\Origin\OriginClientService.exe" [X] S2 ptservice; d:\Users\User\Desktop\PrivateTunnel\ptservice.exe [X] S2 SpotfluxUpdateService; d:\Users\User\Desktop\Spotflux\services\SpotfluxUpdateService.exe [X] R2 tizyjekuzbt; C:\Program Files (x86)\E3707020-1471837439-11D9-9C44-14DAE9B52883\knsz9B59.tmpfs [X] S3 WinHttpAutoProxySvc; winhttp.dll [X] R1 bsdpf64; C:\Windows\system32\Drivers\bsdpf64.sys [27456 2016-08-22] () R1 bsdpr64; C:\Windows\system32\Drivers\bsdpr64.sys [26944 2016-08-22] () R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-08-22] (Cherimoya Ltd) R2 ComputerZLock; C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [44264 2016-05-19] (www.ludashi.com) <==== ATTENTION R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92872 2016-08-21] (WinMount International Inc) R1 MaohaWifiNetPro; C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaoHaWiFiNet64.sys [871152 2015-10-27] () R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-21] (DotC United Inc) R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [30424 2015-06-06] () U3 aebfoa3d; no ImagePath S3 41F7C2E; \??\C:\Windows\TEMP\41F7C2E.sys [X] S3 4C58427; \??\C:\Windows\TEMP\4C58427.sys [X] S3 4F8885B5B53C74F2; \??\C:\Windows\TEMP\4080AFD.sys [X] S3 cpuz134; \??\C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S2 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X] S1 netfilter2; system32\drivers\netfilter2.sys [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 X6va023; \??\C:\Windows\SysWOW64\Drivers\X6va023 [X] S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X] NETSVCx32: KBDMAI -> no filepath. NETSVCx32: ir16_32 -> C:\Windows\SysWOW64\ir16_32.dll ==> No File NETSVCx32: d3dadapter -> no filepath. NETSVCx32: wlanmgrHpSvc -> no filepath. NETSVCx32: HpSvc -> C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll () Task: {011D1606-A57F-4E9F-8E4F-1004947F36B9} - \QtraxPlayer -> No File <==== ATTENTION Task: {06F13BF5-A540-48F2-88DB-B4F8FFA909C6} - System32\Tasks\MailRuUpdater => C:\Users\TEMP\AppData\Local\Mail.Ru\MailRuUpdater.exe [2016-08-11] (Mail.Ru) <==== ATTENTION Task: {10BADCD9-2EA3-4210-854A-4C9121EF4679} - System32\Tasks\Microsoft\KRBUUS\KRB Updater Utility Service => C:\ProgramData\KRB Updater Utility\krbupdater.exe [2015-12-17] () Task: {28D884E3-56A6-4F86-9E82-3625F744FEE1} - System32\Tasks\soundcontrol => C:\Windows\system32\config\systemprofile\AppData\Local\soundcontrol\soundcontrol.exe <==== ATTENTION Task: {30EDE01B-6D42-43BD-B808-0351E9AFEE2E} - \LaunchSignup -> No File <==== ATTENTION Task: {383CC146-8864-4436-8509-94D3BA74FDB2} - System32\Tasks\SearchGo Task => C:\Windows\system32\config\systemprofile\AppData\Local\SearchGo\searchgo.exe <==== ATTENTION Task: {400E168C-1B91-4B8E-8339-8E25BB745F25} - System32\Tasks\{7DFEF21E-CD31-42AD-8698-3D88C3ACDC65} => pcalua.exe -a "C:\Program Files (x86)\MPC Cleaner\Uninstall.exe" Task: {45306168-44CA-42F2-9BF3-9B69CC0B3E71} - System32\Tasks\{BDFFB253-DC1F-403C-A7D0-F8A80D6F2BAE} => pcalua.exe -a D:\Users\User\Documents\setup_goat_simulator_1.0.27849.exe -d C:\Windows\system32 Task: {45CBC9E4-0E3D-41C0-B348-579B83F9A40C} - System32\Tasks\{C0389072-4284-4EFB-8437-71E8E04ED7D7} => pcalua.exe -a "d:\Users\User\Desktop\Terraria - Version 1.2.3.1\Terraria 1.2.3.1 Installation - notabenoid.com.exe" -d "d:\Users\User\Desktop\Terraria - Version 1.2.3.1" Task: {465222D7-2133-4A0C-9F4E-AC3AA5E8894B} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\User\AppData\Local\Temp\cis474C.exe <==== ATTENTION Task: {46B74293-324F-4325-A380-E1ECAF1D0F67} - System32\Tasks\UrlControl => C:\Users\TEMP\AppData\Roaming\UrlControl_\url_opener.exe <==== ATTENTION Task: {480B75F1-EC8B-4EA8-998B-D7DE3C205BFD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {4B0FF4A1-7DA8-4703-82EA-AAE248CF9385} - System32\Tasks\Ghmersevversp Monitor => C:\Program Files (x86)\Shociph\ghmMntVevary.exe [2016-08-12] () Task: {4DAAD852-9001-4F5C-97E6-2AB58D380E5C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: {65947EF8-6479-401B-8AAF-8FBE16B306A1} - System32\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-1779386917-132062185-2250381859-1000UA => C:\Users\User\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe Task: {6DC46B7B-0968-4275-BF03-5051F8453DAF} - System32\Tasks\fupdate => C:\Windows\SysWOW64\config\systemprofile\AppData\Local\fupdate\fupdate.exe [2016-08-04] () <==== ATTENTION Task: {6F0A6C3E-86B0-4832-A26C-37F42B9F40D7} - \YTDownloaderUpd -> No File <==== ATTENTION Task: {71CFD42C-980E-4B4F-9BC5-D16A91B6516F} - System32\Tasks\{FC29346C-FBE2-1222-E862-6FA8F11B1E58} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\2cd7f032\4dbe6c54.dll" <==== ATTENTION Task: {78E55C6B-8672-4E97-A485-80F721A5E76B} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe Task: {7C994C73-0EC1-4026-8A46-33E45463CF30} - \Super Optimizer Schedule -> No File <==== ATTENTION Task: {8F29E0E3-BA57-4BEC-BDE8-ADD72D2350E2} - System32\Tasks\KuaiZip_Update => C:\Program Files\їмС№\X86\Update.exe [2016-08-21] (Shanghai Guangle Network Technology Ltd ) <==== ATTENTION Task: {90BCA63F-8BF6-4D60-A9E3-5B170AE27881} - System32\Tasks\{1494CE0E-557D-4E29-9816-91892BA4E134} => pcalua.exe -a E:\demo32.exe -d E:\ Task: {90D3F1EF-00BF-4858-9A1B-9881378AA7B2} - \ExtensionInstallerX_14 -> No File <==== ATTENTION Task: {91DA38A9-B0CC-4224-BAE6-36D1BCFF48F2} - \Safebrowser -> No File <==== ATTENTION Task: {94370EE5-5078-410F-B734-DB0E475C075D} - \GameNet -> No File <==== ATTENTION Task: {9536BDD4-BCD9-4C9D-B677-45299BDC7BF2} - System32\Tasks\{12845EBD-ADB5-4CB0-AB45-66F053F2BE5A} => pcalua.exe -a "D:\Users\User\Desktop\Grand Theft Auto San Andreas\Grand Theft Auto San Andreas.rar.part1.exe" -d "D:\Users\User\Desktop\Grand Theft Auto San Andreas" Task: {986A94EF-81F1-465F-B659-7AD3429C6FF1} - System32\Tasks\MzIzNTM0Mzc= => C:\Users\TEMP\AppData\Local\MzIzNTM0Mzc=\s_inst.exe <==== ATTENTION Task: {A9088EF8-6361-48C1-93AE-E9C3E832E15D} - System32\Tasks\{C5F2F72D-96D4-492E-83D4-BB1EDF930779} => pcalua.exe -a d:\Users\User\Desktop\Counter-Strike\Uninstal.exe -d d:\Users\User\Desktop\Counter-Strike\ Task: {AD7F0250-09E9-47A0-BBE2-DC69FB5834C4} - System32\Tasks\ComDev => C:\Windows\system32\config\systemprofile\AppData\Local\ComDev\ComDev.exe <==== ATTENTION Task: {AF28BD34-C9D1-4D41-B35A-BAC23B942769} - System32\Tasks\appdistrib => C:\Program Files (x86)\Common Files\Distribute Application\appdistrib.exe Task: {BD32D35A-3387-4EF4-8CB7-BD493D00A21B} - \Kbupdater Utility -> No File <==== ATTENTION Task: {BE32718C-0750-495A-AD27-BAAF92C600A8} - System32\Tasks\Microsoft\KRBUUS\KRBLNKRUN => C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe Task: {C2AA5C45-68CC-4E01-AD79-CDC496FB23C5} - \ScriptWriter -> No File <==== ATTENTION Task: {C6AF310B-91FF-4E1B-A60A-192FFB424B84} - System32\Tasks\{BCD02807-105A-4CE1-951F-9B86E29C8967} => pcalua.exe -a "C:\Program Files (x86)\Edu App\EduAppuninstall.exe" Task: {C70B9BC5-5FD1-4729-94B5-A7E70C0AE7CA} - System32\Tasks\ExtensionInstallerX_8 => C:\Users\User\local settings\application data\ExtensionInstaller_8\extinst.exe Task: {E1591062-0854-4931-BD34-C25BCAAD98D1} - System32\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-1779386917-132062185-2250381859-1000Core => C:\Users\User\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe Task: {EC1B3B06-3F40-4B01-A4D8-06F36787E6C7} - System32\Tasks\{BF12C817-8574-4AC5-8995-EDCFF9D48E5A} => C:\Voltage\Voltage.exe Task: {EC2C5F53-1932-43B4-849C-C9F8F99C8CA6} - System32\Tasks\{7C566BC6-40C5-46C4-9DA1-8987FFD2B11D} => pcalua.exe -a C:\Users\User\Downloads\Counter-Strike_1.6.exe -d C:\Users\User\Downloads Task: {ED6C46DF-C247-4C70-B7E3-5CF7902B6E7A} - \nethost task -> No File <==== ATTENTION Task: {F776C553-789E-47D3-AEB9-59E7609B0937} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {FA06A81F-22C5-404C-88D0-BF10F82CC696} - System32\Tasks\launchspotflux => d:\Users\User\Desktop\Spotflux\spotflux.exe Task: {FBF53E7A-5D57-4EF4-9B3F-C448FF45A1B1} - \YTDownloader -> No File <==== ATTENTION Task: {FCF308A1-91D6-4445-96F2-965DC3A5B431} - \extsetup -> No File <==== ATTENTION Task: {FF7AA39F-8C66-4CDD-A9B0-7F9221BED682} - System32\Tasks\KRB Updater Utility => C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe Task: C:\Windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-1779386917-132062185-2250381859-1000Core.job => C:\Users\User\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe Task: C:\Windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-1779386917-132062185-2250381859-1000UA.job => C:\Users\User\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe Task: C:\Windows\Tasks\MzIzNTM0Mzc=.job => C:\Users\TEMP\AppData\Local\MzIzNTM0Mzc=\s_inst.exe <==== ATTENTION Task: C:\Windows\Tasks\UrlControl.job => C:\Users\TEMP\AppData\Roaming\UrlControl_\url_opener.exe <==== ATTENTION Task: C:\Windows\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Вoйти в Интeрнет.lnk C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Поиcк в Интeрнете.lnk C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\276bc18f565c8259\Google Chrome.lnk AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [149] AlternateDataStreams: C:\Users\User\Local Settings:wa [146] AlternateDataStreams: C:\Users\User\AppData\Local:wa [146] AlternateDataStreams: C:\Users\User\AppData\Local\Application Data:wa [146] AlternateDataStreams: C:\Users\Все пользователи\TEMP:05E9FFE5 [149] EmptyTemp: Reboot: Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist
Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.После этого выполните новую проверку программой FRST (перед нажатием клавиши Scan поставьте галочку в пункте Addition.txt) и оба её лога прикрепите к вашему ответу.
Просмотр 2 сообщений - с 1 по 2 (из 2 всего)
- Для ответа в этой теме необходимо авторизоваться.
