Перейти к содержанию

Рекомендуемые сообщения

Ваши файлы были зашифрованы.
Чтобы расшифровать их, Вам необходимо отправить код:
F1BA7E1BFD01EB06CC88|0
на электронный адрес decode00001@gmail.com или decode00002@gmail.com .
Далее вы получите все необходимые инструкции.  
Попытки расшифровать самостоятельно не приведут ни к чему, кроме безвозвратной потери информации.
 
 
All the important files on your computer were encrypted.
To decrypt the files you should send the following code:
F1BA7E1BFD01EB06CC88|0
to e-mail address decode00001@gmail.com or decode00002@gmail.com .
Then you will receive all necessary instructions.
All the attempts of decryption by yourself will result only in irrevocable loss of your data.
----------------------------------------------------------------------------------------------------------------------------

 

На рабочем столе вместо фонового рисунка на чёрном фоне красными буквами: Внимание !все важные файлы на всех дисках компьютера зашифрованы и т.д.

Будьте добры, помогите!

CollectionLog-2015.03.06-18.30.zip

Ссылка на сообщение
Поделиться на другие сайты

Выполните скрипт в AVZ

 

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
  begin
   SearchRootkit(true, true);
   SetAVZGuardStatus(True);
  end;
DelBHO('{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}');
DelBHO('{3C3AF70A-BB1E-1112-FECA-EFC7674A76B3}');
DelBHO('{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}');
DelBHO('{b608cc98-54de-4775-96c9-097de398500c}');
DelBHO('{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}');
DelBHO('{7CE987D5-11B3-44FC-9C3D-03069360D462}');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PriceFountain\PriceFountainIE.dll','');
QuarantineFile('C:\Program Files\DigiHelp\DigiHelpBHO.dll','');
QuarantineFile('C:\Program Files\VK Downloader\Toolbar32.dll','');
QuarantineFile('C:\Program Files\ver9BlockAndSurf\186.dll','');
QuarantineFile('C:\Program Files\advPlugin\Toolbar32.dll','');
QuarantineFile('C:\ProgramData\TimeTasks\TimeTasksSetup.exe','');
QuarantineFile('C:\Program Files\Twilight Tech\Pretty Search\dummyDlg.exe','');
QuarantineFile('C:\Program Files\Microsoft Data\InstallAddons.exe','');
QuarantineFile('C:\Program Files\Common Files\Distribute Application\appdistrib.exe','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Kbupdater Utility\kbupdater-utility.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PriceFountain\pricefountainw.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\toolbar.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe\Flash Player\airappinstaller.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\eTranslator\eTranslator.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworbefas.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb-mooronik.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.rehcnual.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.emorhc.bat','');
QuarantineFile('C:\DOCUME~1\Admin\APPLIC~1\PriceFountain\UpdateProc\bkup.dat','');
SetServiceStart('{97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gt', 4);
DeleteService('{97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gt');
SetServiceStart('{2b4f8230-394e-4951-9495-bafd44d837da}Gt', 4);
DeleteService('{2b4f8230-394e-4951-9495-bafd44d837da}Gt');
SetServiceStart('{1fceab11-b7eb-4010-811f-3f56268f9366}Gt', 4);
DeleteService('{1fceab11-b7eb-4010-811f-3f56268f9366}Gt');
SetServiceStart('BDSafeBrowser', 4);
DeleteService('BDSafeBrowser');
SetServiceStart('BDMWrench', 4);
DeleteService('BDMWrench');
SetServiceStart('BDArKit', 4);
DeleteService('BDArKit');
SetServiceStart('bd0004', 4);
DeleteService('bd0004');
SetServiceStart('bd0001', 4);
DeleteService('bd0001');
DeleteService('serveras');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ASPackage\ASSrv.exe','');
QuarantineFile('C:\Program Files\ver9BlockAndSurf\z2LS186.exe','');
QuarantineFile('C:\WINDOWS\temp\PCGuangjia\PCGuangjia','');
DeleteService('BlockAndSurf');
DeleteService('BDSGRTP');
QuarantineFile('C:\WINDOWS\temp\PCGuangjia\3442','');
QuarantineFile('C:\windows\system32\drivers\{9eaa49e2-6918-49c4-9a04-be590dd80dc6}t.sys','');
QuarantineFile('C:\windows\system32\drivers\{97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gt.sys','');
QuarantineFile('C:\windows\system32\drivers\{2b4f8230-394e-4951-9495-bafd44d837da}Gt.sys','');
QuarantineFile('C:\windows\system32\drivers\{1fceab11-b7eb-4010-811f-3f56268f9366}Gt.sys','');
TerminateProcessByName('c:\program files\iqiyi video\common\qykernel.exe');
TerminateProcessByName('c:\program files\iqiyi video\common\qyfragment.exe');
TerminateProcessByName('c:\program files\iqiyi video\lstyle\mobprotect.exe');
QuarantineFile('c:\program files\iqiyi video\lstyle\mobprotect.exe','');
TerminateProcessByName('c:\documents and settings\admin\application data\pay-by-ads\yahoo! search\1.3.19.2\dsrlte.exe');
QuarantineFile('c:\documents and settings\admin\application data\pay-by-ads\yahoo! search\1.3.19.2\dsrlte.exe','');
TerminateProcessByName('c:\program files\iqiyi video\lstyle\androidservice.exe');
QuarantineFile('c:\program files\iqiyi video\lstyle\androidservice.exe','');
DeleteFile('c:\program files\iqiyi video\lstyle\androidservice.exe','32');
DeleteFile('c:\documents and settings\admin\application data\pay-by-ads\yahoo! search\1.3.19.2\dsrlte.exe','32');
DeleteFile('c:\program files\iqiyi video\lstyle\mobprotect.exe','32');
DeleteFile('c:\program files\iqiyi video\common\qyfragment.exe','32');
DeleteFile('c:\program files\iqiyi video\common\qykernel.exe','32');
DeleteFile('C:\windows\system32\drivers\{1fceab11-b7eb-4010-811f-3f56268f9366}Gt.sys','32');
DeleteFile('C:\windows\system32\drivers\{2b4f8230-394e-4951-9495-bafd44d837da}Gt.sys','32');
DeleteFile('C:\windows\system32\drivers\{97daceee-c4d3-4ae1-975b-b77d85ce2d13}Gt.sys','32');
DeleteFile('C:\windows\system32\drivers\{9eaa49e2-6918-49c4-9a04-be590dd80dc6}t.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\BDMWrench.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\BDSafeBrowser.sys','32');
DeleteFile('C:\Program Files\ver9BlockAndSurf\z2LS186.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ASPackage\ASSrv.exe','32');
DeleteFile('C:\DOCUME~1\Admin\APPLIC~1\PriceFountain\UpdateProc\bkup.dat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.emorhc.bat','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\RunOnce','PriceFountain');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.rehcnual.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb-mooronik.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworbefas.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Вoйти в Интeрнет 2inf.net.lnk','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Yahoo! Search');
DeleteFile('C:\Documents and Settings\Admin\Application Data\eTranslator\eTranslator.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','eTranslator Update');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\toolbar.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PriceFountain\pricefountainw.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','pricefountainw.exe');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Kbupdater Utility\kbupdater-utility.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','HCDNClient');
DeleteFile('C:\Program Files\IQIYI Video\Common\HCDNClient.exe','32');
DeleteFile('C:\Program Files\Microsoft Data\InstallAddons.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','chrome5');
DeleteFile('C:\Program Files\Twilight Tech\Pretty Search\dummyDlg.exe','32');
DeleteFile('C:\Program Files\baidu\baidus.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\TimeTasksSetup.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Timestasks');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','baidu');
DeleteFile('C:\Program Files\advPlugin\Toolbar32.dll','32');
DeleteFile('C:\Program Files\ver9BlockAndSurf\186.dll','32');
DeleteFile('C:\Program Files\VK Downloader\Toolbar32.dll','32');
DeleteFile('C:\Program Files\IQIYI Video\Common\Accelerator\IEHelper.dll','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\windows\Tasks\BlockAndSurf Update.job','32');
DeleteFile('C:\Program Files\IQIYI Video\LStyle\MobProtect.exe','32');
DeleteFile('C:\windows\Tasks\MobProtect.job','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.

 

Выполните скрипт в AVZ

 

begin
CreateQurantineArchive('c:\quarantine.zip');
end.
c:\quarantine.zip отправьте через данную форму.

1. Выберите тип запроса "Запрос на исследование вредоносного файла".

2. В окне "Подробное описание возникшей ситуации" наберите "Выполняется запрос хэлпера".

3. Прикрепите файл карантина

4. Введите изображенное на картинке число и нажмите "Далее".

5. Если размер карантина превышает 15 Мб, то карантин отправьте по адресу newvirus@kaspersky.com

Полученный ответ сообщите здесь (с указанием номера KLAN)

 

  • Скачайте ClearLNK и сохраните архив с утилитой на рабочем столе.
  • Распакуйте архив с утилитой в отдельную папку.
  • Перенесите Check_Browsers_LNK.log на ClearLNK как показано на рисунке
    move.gif
  • Отчет о работе ClearLNK-<Дата>.log будет сохранен в папке LOG.
  • Прикрепите этот отчет к своему следующему сообщению.

 

Сделайте новые логи по правилам

 

Скачайте Farbar Recovery Scan Tool  NAAC5Ba.png и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.

  • Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
  • Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".
    B92LqRQ.png
  • Нажмите кнопку Scan.
  • После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
  • Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.

Ссылка на сообщение
Поделиться на другие сайты

  • Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку, откуда была запущена утилита Farbar Recovery Scan Tool:
     
    CreateRestorePoint:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-1659004503-1965331169-1801674531-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-1659004503-1965331169-1801674531-500] => http=127.0.0.1:14225;https=127.0.0.1:14225
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP&q={searchTerms}
    HKU\S-1-5-21-1659004503-1965331169-1801674531-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://rts.dsrlte.com/?m=tab&affID=na" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1659004503-1965331169-1801674531-500 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1659004503-1965331169-1801674531-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1659004503-1965331169-1801674531-500 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1659004503-1965331169-1801674531-500 -> {DB9ED677-CA81-4798-8ED9-F5065A27D541} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}
    BHO: DigiHelp 1.0.0.6 -> {5bee7be9-df29-4c14-a18e-2bdd06205e29} -> C:\Program Files\DigiHelp\DigiHelpBHO.dll No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP
    FF Plugin: @iqiyi.com/npclient -> C:\Program Files\IQIYI Video\LStyle\npclient.dll ()
    FF Plugin: @iqiyi.com/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll (?????)
    FF Plugin HKU\S-1-5-21-1659004503-1965331169-1801674531-500: @iqiyi.com/npWebPlayer -> C:\Program Files\IQIYI Video\LStyle\npWebPlayer.dll (?????)
    FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dsrlte.xml
    FF Extension: FullProtected v15.1.5 - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\exinfo@tele-stream.org [2015-01-11]
    FF Extension: VK Downloader - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6} [2015-01-11]
    FF Extension: PriceFountain - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-01-11]
    FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{95778f0c-827d-4aba-b416-f07dd840fd6a} [Not Found]
    FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [Not Found]
    FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [Not Found]
    FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [Not Found]
    CHR Extension: (No Name) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljkclecopoekhbfminabgfoaflilgbfa [2015-02-25]
    CHR HKLM\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - http://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - http://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - https://clients2.google.com/service/update2/crx
    StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP
    OPR Extension: (SocialLife for Google Chrome™) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-01-12]
    OPR Extension: (SocialLife for Google Chrome™) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-02-03]
    OPR Extension: (SocialLife for Google Chrome™) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-01-12]
    OPR Extension: (Everysale.Net) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\iapdadaeaebaoigieglfababneoaifnf [2015-02-17]
    OPR Extension: (Neiron Search Tools) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\oehahoblpagnioelpmminjmlpnabnmok [2015-02-17]
    OPR Extension: (PhoenixGuard - бесплатный антивирусный тулбар) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\pleoihkpdomoijdpaibdciidfoeedamm [2015-02-17]
    S1 bd0001; system32\DRIVERS\bd0001.sys [X]
    S1 bd0002; system32\DRIVERS\bd0002.sys [X]
    S1 bd0004; system32\DRIVERS\bd0004.sys [X]
    S1 BDMWrench; system32\DRIVERS\BDMWrench.sys [X]
    S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\QMUdisk.sys [X]
    S3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\TS888.sys [X]
    S1 {9eaa49e2-6918-49c4-9a04-be590dd80dc6}t; system32\drivers\{9eaa49e2-6918-49c4-9a04-be590dd80dc6}t.sys [X]
    2015-03-05 13:22 - 2015-03-06 12:39 - 00000000 ___HD () C:\Documents and Settings\Admin\Application Data\AA666EC5
    2015-03-01 05:09 - 2015-03-01 05:09 - 00000000 ____D () C:\Documents and Settings\Admin\Главное меню\Программы\???
    2015-02-27 14:45 - 2015-02-27 14:47 - 04464320 _____ (Visicom Media Inc.) C:\Documents and Settings\NetworkService\Мои документы\dlsecureTb_1.0.4.1 (2).exe
    2015-02-26 15:44 - 2015-03-06 12:39 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\SystemDir
    2015-02-25 01:42 - 2015-02-25 01:42 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Pay-By-Ads
    2015-02-24 21:42 - 2015-02-24 21:47 - 04464320 _____ (Visicom Media Inc.) C:\Documents and Settings\NetworkService\Мои документы\dlsecureTb_1.0.4.1.exe
    2015-02-17 15:33 - 2015-02-17 15:33 - 00000000 ____D () C:\Program Files\Twilight Tech
    2015-02-17 15:33 - 2015-02-17 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Главное меню\Программы\Web Search Tools
    2015-02-17 15:33 - 2015-02-17 15:33 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\phoenixguard
    2015-02-17 15:33 - 2015-02-17 15:33 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Neiron
    2015-02-17 15:33 - 2015-02-17 15:33 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\everysale3
    2015-02-17 15:19 - 2015-02-23 16:13 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\MobProtect
    2015-02-17 14:15 - 2015-02-17 14:15 - 00030392 _____ (Tencent) C:\windows\system32\Drivers\TS888.sys
    2015-02-17 00:04 - 2015-02-17 14:29 - 00000064 _____ () C:\windows\QMNetworkMgr.ini
    2015-02-16 15:04 - 2015-03-05 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\TXQMPC
    2015-02-16 14:56 - 2015-03-06 11:01 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\ppslog
    2015-02-16 14:49 - 2015-02-17 15:16 - 00000000 ____D () C:\Documents and Settings\Admin\Главное меню\Программы\????
    2015-02-16 14:49 - 2015-02-16 15:33 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Tencent
    2015-02-16 14:49 - 2015-02-16 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Tencent
    2015-02-16 14:49 - 2015-02-16 14:49 - 00000000 ____D () C:\Program Files\Tencent
    2015-02-16 14:49 - 2015-02-16 14:49 - 00000000 ____D () C:\Program Files\Common Files\Tencent
    2015-02-16 14:49 - 2015-02-16 14:49 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Tencent
    2015-02-16 14:46 - 2015-03-01 05:09 - 00001764 _____ () C:\Documents and Settings\Admin\Главное меню\Программы\???PPS??.lnk
    2015-02-16 14:46 - 2015-03-01 05:09 - 00001758 _____ () C:\Documents and Settings\Admin\Главное меню\???PPS??.lnk
    2015-02-16 14:45 - 2015-03-06 22:35 - 00000636 _____ () C:\windows\PPStream.ini
    2015-02-16 14:45 - 2015-03-04 13:05 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\IQIYI Video
    2015-02-16 14:45 - 2015-03-01 05:09 - 00000000 ____D () C:\Program Files\IQIYI Video
    2015-02-16 14:45 - 2015-02-16 14:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\QiYi
    2015-02-16 14:43 - 2015-03-06 12:39 - 00000000 ____D () C:\Program Files\Application Assistance
    2015-02-14 06:06 - 2015-02-14 06:07 - 04202040 _____ (Visicom Media Inc.) C:\Documents and Settings\NetworkService\Мои документы\dlsecureTb_1.0.1.5 (5).exe
    2015-02-25 03:10 - 2014-12-26 21:25 - 00000492 __RSH () C:\Documents and Settings\All Users\ntuser.pol
    2015-01-11 05:40 - 2015-01-11 05:40 - 0613057 ____C (CMI Limited) C:\Documents and Settings\Admin\Local Settings\Application Data\nse60.tmp
    2015-01-11 02:35 - 2015-01-11 02:35 - 0628496 ____C (CMI Limited) C:\Documents and Settings\Admin\Local Settings\Application Data\nsg41B.tmp
    2015-01-11 10:54 - 2015-01-11 10:54 - 0613057 ____C (CMI Limited) C:\Documents and Settings\Admin\Local Settings\Application Data\nszA2.tmp
    C:\Documents and Settings\Admin\Local Settings\Temp\MdSfdtJMUuZ7.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net15A0.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net16E.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net1BA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net1D8C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net1DE0.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net234C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net239D.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net25DC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net28BC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net2B9B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net2BEF.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net315A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net33F3.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net33F6.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net343D.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net36CB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net39AA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net3A00.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net3C93.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net3F6B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net3FBB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net41FB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net424A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net47BD.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net480C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net4A9B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net4AEC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net4D7B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net4DCC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net500B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net500C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net505D.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net55CA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net561B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net58AC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net58FD.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net5B8F.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net5BDD.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net5E1B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net5E6C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net63DA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net642C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net670A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net699B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net69EC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net6C2B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net6C81.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net6F5E.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net71EA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net751A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net7A8B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net7D6E.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net7FFB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net832D.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net85BC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net884A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net889A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net8E0B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net8E5B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net90ED.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net913C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net93DF.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net96AA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net9C1A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net9C6C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net9EFB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\net9F4B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netA1DB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netA4BA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netAA7D.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netAD0B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netAD5B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netAFED.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netB2CB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netBB1C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netBB6C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netC0DA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netC92C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netC97C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netC9D.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netCEE.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netCEEF.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netD45D.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netD73A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netD78C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netDF90.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netDFDC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netE26B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netE54C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netE59A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netED9C.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netEDEB.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netF07A.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netF365.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netF3AC.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netF80.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netFBFA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netFCA.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\netFE8B.tmp.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\NuQ2qOuwpJJ2.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\Qb60ckliXHfU.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\QYAgent_runxx.dl.dll
    C:\Documents and Settings\Admin\Local Settings\Temp\toolbar.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\witcher2_day0_patch.exe
    C:\Documents and Settings\Admin\Local Settings\Temp\zEd7fT5LTaVt.exe
    C:\Documents and Settings\LocalService\Local Settings\Temp\FixSe.exe
    Reboot:
    
  • Запустите FRST, нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
  • Обратите внимание, что компьютер будет перезагружен.

Ссылка на сообщение
Поделиться на другие сайты
Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку, откуда была запущена утилита Farbar Recovery Scan Tool:



CreateRestorePoint:


HKU\S-1-5-21-1659004503-1965331169-1801674531-500\...\Run: [amigo] => [X]
FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{95778f0c-827d-4aba-b416-f07dd840fd6a} [Not Found]
FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [Not Found]
FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [Not Found]
FF Extension: No Name -  C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [Not Found]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - https://clients2.google.com/service/update2/crx
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1423487804&from=smt&uid=ST3500418AS_9VMP3NLPXXXX9VMP3NLP
S2 3442; C:\WINDOWS\temp\PCGuangjia\3442 [125408 2015-02-17] ()
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
S1 BDMWrench; system32\DRIVERS\BDMWrench.sys [X]
S3 EagleXNt; \?\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \?\C:\Documents and Settings\All Users\Application Data\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 mnmdd; No ImagePath
S1 QMUdisk; \?\C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\QMUdisk.sys [X]
S3 TS888; \?\C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\TS888.sys [X]
U1 WS2IFSL; No ImagePath
S3 XDva424; \?\C:\WINDOWS\system32\XDva424.sys [X]
S1 {9eaa49e2-6918-49c4-9a04-be590dd80dc6}t; system32\drivers\{9eaa49e2-6918-49c4-9a04-be590dd80dc6}t.sys [X]
2015-03-05 13:21 - 2015-03-06 12:39 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\Windows
2015-01-11 01:32 - 2015-01-11 01:33 - 0000040 _____ () C:\Program Files\{AACE8122-B27D-421C-A5BB-95060941AFD7}.sys
2015-03-05 14:11 - 2015-03-05 14:11 - 2359350 _____ () C:\Documents and Settings\Admin\Application Data\1C36B0D51C36B0D5.bmp
2015-01-11 05:40 - 2015-01-11 05:40 - 0613057 ____C (CMI Limited) C:\Documents and Settings\Admin\Local Settings\Application Data\nse60.tmp
2015-01-11 02:35 - 2015-01-11 02:35 - 0628496 ____C (CMI Limited) C:\Documents and Settings\Admin\Local Settings\Application Data\nsg41B.tmp
2015-01-11 10:54 - 2015-01-11 10:54 - 0613057 ____C (CMI Limited) C:\Documents and Settings\Admin\Local Settings\Application Data\nszA2.tmp
C:\Documents and Settings\Admin\removeSAddons.bat
C:\Documents and Settings\Admin\Local Settings\Temp\masauto_runxx.dl.dll
C:\Documents and Settings\Admin\Local Settings\Temp\masblog_runxx.dl.dll
C:\Documents and Settings\Admin\Local Settings\Temp\masflag_runxx.dl.dll
C:\Documents and Settings\Admin\Local Settings\Temp\MdSfdtJMUuZ7.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net15A0.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net16E.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net1BA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net1D8C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net1DE0.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net234C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net239D.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net25DC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net28BC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net2B9B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net2BEF.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net315A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net33F3.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net33F6.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net343D.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net36CB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net39AA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net3A00.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net3C93.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net3F6B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net3FBB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net41FB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net424A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net47BD.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net480C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net4A9B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net4AEC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net4D7B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net4DCC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net500B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net500C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net505D.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net55CA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net561B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net58AC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net58FD.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net5B8F.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net5BDD.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net5E1B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net5E6C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net63DA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net642C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net670A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net699B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net69EC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net6C2B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net6C81.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net6F5E.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net71EA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net751A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net7A8B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net7D6E.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net7FFB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net832D.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net85BC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net884A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net889A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net8E0B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net8E5B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net90ED.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net913C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net93DF.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net96AA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net9C1A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net9C6C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net9EFB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\net9F4B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netA1DB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netA4BA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netAA7D.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netAD0B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netAD5B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netAFED.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netB2CB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netBB1C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netBB6C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netC0DA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netC92C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netC97C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netC9D.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netCEE.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netCEEF.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netD45D.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netD73A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netD78C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netDF90.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netDFDC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netE26B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netE54C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netE59A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netED9C.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netEDEB.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netF07A.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netF365.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netF3AC.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netF80.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netFBFA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netFCA.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\netFE8B.tmp.exe
C:\Documents and Settings\Admin\Local Settings\Temp\NuQ2qOuwpJJ2.exe
C:\Documents and Settings\Admin\Local Settings\Temp\Qb60ckliXHfU.exe
C:\Documents and Settings\Admin\Local Settings\Temp\QYAgent_runxx.dl.dll
C:\Documents and Settings\Admin\Local Settings\Temp\toolbar.exe
C:\Documents and Settings\Admin\Local Settings\Temp\witcher2_day0_patch.exe
C:\Documents and Settings\Admin\Local Settings\Temp\zEd7fT5LTaVt.exe
C:\Documents and Settings\LocalService\Local Settings\Temp\FixSe.exe
EmptyTemp:

Reboot:


Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!

Обратите внимание, что компьютер будет перезагружен.

Ссылка на сообщение
Поделиться на другие сайты

Присоединяйтесь к обсуждению

Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.

Гость
Ответить в этой теме...

×   Вставлено с форматированием.   Вставить как обычный текст

  Разрешено использовать не более 75 эмодзи.

×   Ваша ссылка была автоматически встроена.   Отображать как обычную ссылку

×   Ваш предыдущий контент был восстановлен.   Очистить редактор

×   Вы не можете вставлять изображения напрямую. Загружайте или вставляйте изображения по ссылке.

×
×
  • Создать...