Перейти к содержанию

Снова XTBL

charlys
 Share

Рекомендуемые сообщения

charlys Новичок

charlys

Опубликовано
Опубликовано

Господа!

 

Прошу помощи. Ребенок притащил какую-то гадость на компьютер. Как результат, все документы у меня теперь зашифрованы и имеют расширение .xtbl Примерный вид имени файла таков:

5GhjfZ03Kj+fV0aaKRDQ98RjwY-BBbwP5oWbjmK42LA=.xtbl

 

Есть ли возможность восстановить данные?

"Порядок оформления запроса о помощи" соблюден. Kaspersky Virus Removal Tool 2015 и Dr.Web CureIt! подчистили всякие бяки. Файл протоколов логов прикладываю.

Очень надеюсь на ваши знания и, возможную, помощь. Заранее благодарю!

CollectionLog-2015.08.22-17.15.zip

Ссылка на комментарий
Поделиться на другие сайты
thyrex Мудрец

thyrex

Опубликовано
Опубликовано

Выполните скрипт в AVZ

 

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
  begin
   SearchRootkit(true, true);
   SetAVZGuardStatus(True);
  end;
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
QuarantineFile('C:\Program Files\YTDownloader\updater.exe','');
QuarantineFile('C:\Users\Helen\AppData\Local\Microsoft\Windows\toolbar.exe','');
QuarantineFile('C:\Program Files\ShopperPro\JSDriver\1.42.1.1847\jsdrv.exe','');
QuarantineFile('C:\ProgramData\ShopperPro\spbihe.js','');
QuarantineFile('C:\Program Files\ShopperPro\updater.exe','');
QuarantineFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','');
QuarantineFile('C:\ProgramData\Kbrowser utility\kbrowser-updater-utility.exe','');
QuarantineFile('C:\Program Files\Common Files\Distribute Application\appdistrib.exe','');
QuarantineFile('C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe','');
QuarantineFile('C:\Users\Helen\AppData\Roaming\newSI_608\s_inst.exe','');
QuarantineFile('C:\Users\Helen\AppData\Roaming\newSI_21591\s_inst.exe','');
QuarantineFile('C:\Users\Helen\AppData\Roaming\newSI_1801\s_inst.exe','');
QuarantineFile('C:\Program Files\miss sunshine\miss_sunshine_updating_service.exe','');
QuarantineFile('C:\Program Files\miss sunshine\miss_sunshine_notification_service.exe','');
QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','');
QuarantineFile('C:\Users\Helen\AppData\Roaming\EJMb8VW77lJED9dsLaj0fw0cqZc.exe','');
QuarantineFile('C:\Users\Helen\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('C:\Program Files\ver1BlockAndSurf\J6BlockAndSurfR79.exe','');
QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','');
QuarantineFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-7.exe','');
QuarantineFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-6.exe','');
QuarantineFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5.exe','');
QuarantineFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4.exe','');
QuarantineFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10.exe','');
QuarantineFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7.exe','');
QuarantineFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6.exe','');
QuarantineFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-7.exe','');
QuarantineFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-6.exe','');
QuarantineFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5.exe','');
QuarantineFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-4.exe','');
QuarantineFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-7.exe','');
QuarantineFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-6.exe','');
QuarantineFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-7.exe','');
QuarantineFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-6.exe','');
QuarantineFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-5.exe','');
QuarantineFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-4.exe','');
QuarantineFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-3.exe','');
QuarantineFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-10.exe','');
QuarantineFile('C:\Program Files\Media+PlayerVidEd2.5\Media+PlayerVidEd2.5-codedownloader.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-7.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-6.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-5.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-4.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-3.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-10.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-1-7.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-1-6.exe','');
QuarantineFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-7.exe','');
QuarantineFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-6.exe','');
QuarantineFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-5.exe','');
QuarantineFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-4.exe','');
QuarantineFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-10.exe','');
QuarantineFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-7.exe','');
QuarantineFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-6.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-6.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-5.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-4.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-3.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-10.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-7.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-6.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-7.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-6.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-5.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-4.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-3.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-10.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-1-7.exe','');
QuarantineFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-1-6.exe','');
QuarantineFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-7.exe','');
QuarantineFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-6.exe','');
QuarantineFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-5.exe','');
QuarantineFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-4.exe','');
QuarantineFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-1-7.exe','');
QuarantineFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-1-6.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-7.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-6.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-5.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-4.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-3.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-11.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-10.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-7.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-6.exe','');
QuarantineFile('C:\ProgramData\Windows\csrss.exe','');
DeleteService('sbmntr');
DeleteService('skinapp');
DeleteService('SPDRIVER_1.42.1.1847');
DeleteService('wpnfd_1_10_0_5');
QuarantineFile('C:\Windows\system32\drivers\wpnfd_1_10_0_5.sys','');
QuarantineFile('C:\Program Files\ShopperPro\JSDriver\1.42.1.1847\jsdrv.sys','');
QuarantineFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys','');
QuarantineFile('C:\Windows\skinapp.sys','');
QuarantineFile('C:\PROGRA~1\YTDOWN~1\sbmntr.sys','');
DeleteService('BDMWrench');
QuarantineFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys','');
DeleteService('innfd_1_10_0_14');
DeleteService('Util Air Globe');
DeleteService('Update Air Globe');
QuarantineFile('C:\Program Files\Air Globe\bin\utilAirGlobe.exe','');
QuarantineFile('C:\Program Files\Air Globe\updateAirGlobe.exe','');
QuarantineFile('C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE','');
QuarantineFile('C:\Program Files\ClickCaption_1.10.0.6\Service\ccsvc.exe','');
DeleteService('ccsvc_1.10.0.6');
DeleteService('BrsHelper');
DeleteService('BaiduUpdater');
SetServiceStart('qirorejo', 4);
DeleteService('qirorejo');
TerminateProcessByName('c:\users\helen\appdata\roaming\1e0060c7-1431690179-3d01-b245-001fc6e4a14d\hnsi1e3b.tmp');
QuarantineFile('c:\users\helen\appdata\roaming\1e0060c7-1431690179-3d01-b245-001fc6e4a14d\hnsi1e3b.tmp','');
DeleteFile('c:\users\helen\appdata\roaming\1e0060c7-1431690179-3d01-b245-001fc6e4a14d\hnsi1e3b.tmp','32');
DeleteFile('C:\Program Files\ClickCaption_1.10.0.6\Service\ccsvc.exe','32');
DeleteFile('C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE','32');
DeleteFile('C:\Program Files\Baidu\BaiduUpdate\bdupdate.exe','32');
DeleteFile('C:\Program Files\Air Globe\updateAirGlobe.exe','32');
DeleteFile('C:\Program Files\Air Globe\bin\utilAirGlobe.exe','32');
DeleteFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys','32');
DeleteFile('C:\PROGRA~1\YTDOWN~1\sbmntr.sys','32');
DeleteFile('C:\Windows\skinapp.sys','32');
DeleteFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys','32');
DeleteFile('C:\Program Files\ShopperPro\JSDriver\1.42.1.1847\jsdrv.sys','32');
DeleteFile('C:\Windows\system32\drivers\wpnfd_1_10_0_5.sys','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader','command');
DeleteFile('C:\ProgramData\Windows\csrss.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Client Server Runtime Subsystem','command');
DeleteFile('C:\Users\Helen\AppData\Local\Temp\TasksWatch.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TasksWatch','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','x64');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-6.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-7.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-10.exe','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-10_user.job','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-11.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-11.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-3.exe','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-3.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-4.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-5.exe','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-5_user.job','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-5.job','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-4.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-6.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV17.04\02d2d88d-984f-4b33-a84d-6a90e6862de1-7.exe','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-7.job','32');
DeleteFile('C:\Windows\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-6.job','32');
DeleteFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-1-6.exe','32');
DeleteFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-1-7.exe','32');
DeleteFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-4.exe','32');
DeleteFile('C:\Windows\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-4.job','32');
DeleteFile('C:\Windows\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-1-7.job','32');
DeleteFile('C:\Windows\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-1-6.job','32');
DeleteFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-5.exe','32');
DeleteFile('C:\Windows\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-5.job','32');
DeleteFile('C:\Windows\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-5_user.job','32');
DeleteFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-6.exe','32');
DeleteFile('C:\Program Files\Sense\055a401c-792d-4408-bfe7-bf042b25d955-7.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-1-6.job','32');
DeleteFile('C:\Windows\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-7.job','32');
DeleteFile('C:\Windows\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-6.job','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-1-7.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-10.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-3.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-4.exe','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-4.job','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-3.job','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-10_user.job','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-5.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-6.exe','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-6.job','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-5_user.job','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-5.job','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1a56e579-6eca-4665-9508-3bc1f422b979-7.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-6.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-7.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-10.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-3.exe','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-3.job','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-10_user.job','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-7.job','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-6.job','32');
DeleteFile('C:\Windows\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-7.job','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-4.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-5.exe','32');
DeleteFile('C:\Program Files\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-6.exe','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-6.job','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-5_user.job','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-5.job','32');
DeleteFile('C:\Windows\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-4.job','32');
DeleteFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-6.exe','32');
DeleteFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-7.exe','32');
DeleteFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-10.exe','32');
DeleteFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-4.exe','32');
DeleteFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-5.exe','32');
DeleteFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-6.exe','32');
DeleteFile('C:\Program Files\Ge-Force\6af65f66-48d9-4e45-845b-ab0cad8d1432-7.exe','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-7.job','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-6.job','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-5_user.job','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-5.job','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-4.job','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-10_user.job','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-7.job','32');
DeleteFile('C:\Windows\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-6.job','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-1-6.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-1-7.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-10.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-3.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-4.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-5.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-6.exe','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-6.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-5_user.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-5.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-4.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-3.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-10_user.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-1-7.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-1-6.job','32');
DeleteFile('C:\Program Files\CinemaPlus-4.5vV17.05\99a75547-4ace-47d6-a932-8dec59b65f34-7.exe','32');
DeleteFile('C:\Program Files\Media+PlayerVidEd2.5\Media+PlayerVidEd2.5-codedownloader.exe','32');
DeleteFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-10.exe','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-10_user.job','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-1.job','32');
DeleteFile('C:\Windows\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-7.job','32');
DeleteFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-3.exe','32');
DeleteFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-4.exe','32');
DeleteFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-5.exe','32');
DeleteFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-6.exe','32');
DeleteFile('C:\Program Files\Media+PlayerVidEd2.5\9f468e23-cfa8-47e7-9c28-e9d03736b55a-7.exe','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-7.job','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-6.job','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-5_user.job','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-5.job','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-4.job','32');
DeleteFile('C:\Windows\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-3.job','32');
DeleteFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-6.exe','32');
DeleteFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-7.exe','32');
DeleteFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-4.exe','32');
DeleteFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5.exe','32');
DeleteFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-6.exe','32');
DeleteFile('C:\Program Files\Sense\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-7.exe','32');
DeleteFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6.exe','32');
DeleteFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7.job','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6.job','32');
DeleteFile('C:\Windows\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-7.job','32');
DeleteFile('C:\Windows\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-6.job','32');
DeleteFile('C:\Windows\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5_user.job','32');
DeleteFile('C:\Windows\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5.job','32');
DeleteFile('C:\Windows\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-4.job','32');
DeleteFile('C:\Windows\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-7.job','32');
DeleteFile('C:\Windows\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-6.job','32');
DeleteFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10.exe','32');
DeleteFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4.exe','32');
DeleteFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5.exe','32');
DeleteFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-6.exe','32');
DeleteFile('C:\Program Files\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-7.exe','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-7.job','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-6.job','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5_user.job','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5.job','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4.job','32');
DeleteFile('C:\Windows\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10_user.job','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Program Files\ver1BlockAndSurf\J6BlockAndSurfR79.exe','32');
DeleteFile('C:\Windows\Tasks\BlockAndSurf Update.job','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\Users\Helen\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\DSite.job','32');
DeleteFile('C:\Users\Helen\AppData\Roaming\EJMb8VW77lJED9dsLaj0fw0cqZc.exe','32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\Tasks\EJMb8VW77lJED9dsLaj0fw0cqZc.job','32');
DeleteFile('C:\Program Files\miss sunshine\miss_sunshine_notification_service.exe','32');
DeleteFile('C:\Windows\Tasks\miss_sunshine_notification_service.job','32');
DeleteFile('C:\Windows\Tasks\miss_sunshine_updating_service.job','32');
DeleteFile('C:\Program Files\miss sunshine\miss_sunshine_updating_service.exe','32');
DeleteFile('C:\Users\Helen\AppData\Roaming\newSI_1801\s_inst.exe','32');
DeleteFile('C:\Users\Helen\AppData\Roaming\newSI_21591\s_inst.exe','32');
DeleteFile('C:\Users\Helen\AppData\Roaming\newSI_608\s_inst.exe','32');
DeleteFile('C:\Windows\Tasks\newSI_608.job','32');
DeleteFile('C:\Windows\Tasks\newSI_21591.job','32');
DeleteFile('C:\Windows\Tasks\newSI_1801.job','32');
DeleteFile('C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe','32');
DeleteFile('C:\Windows\Tasks\SpeedUpMyPC Maintenance.job','32');
DeleteFile('C:\Windows\Tasks\SpeedUpMyPC Startup.job','32');
DeleteFile('C:\Windows\Tasks\SpeedUpMyPC Subscription.job','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-11','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-3','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-4','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-5','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-6','32');
DeleteFile('C:\Windows\system32\Tasks\02d2d88d-984f-4b33-a84d-6a90e6862de1-7','32');
DeleteFile('C:\Windows\system32\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-4','32');
DeleteFile('C:\Windows\system32\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-5','32');
DeleteFile('C:\Windows\system32\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-6','32');
DeleteFile('C:\Windows\system32\Tasks\055a401c-792d-4408-bfe7-bf042b25d955-7','32');
DeleteFile('C:\Windows\system32\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-3','32');
DeleteFile('C:\Windows\system32\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-4','32');
DeleteFile('C:\Windows\system32\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-5','32');
DeleteFile('C:\Windows\system32\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-6','32');
DeleteFile('C:\Windows\system32\Tasks\1a56e579-6eca-4665-9508-3bc1f422b979-7','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-3','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-4','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-5','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-6','32');
DeleteFile('C:\Windows\system32\Tasks\1c895bea-87f1-49b9-8fef-94dd222ff36f-7','32');
DeleteFile('C:\Windows\system32\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-4','32');
DeleteFile('C:\Windows\system32\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-5','32');
DeleteFile('C:\Windows\system32\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\6af65f66-48d9-4e45-845b-ab0cad8d1432-6','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-3','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-4','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-5','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-6','32');
DeleteFile('C:\Windows\system32\Tasks\99a75547-4ace-47d6-a932-8dec59b65f34-7','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-1','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-3','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-4','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-5','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-6','32');
DeleteFile('C:\Windows\system32\Tasks\9f468e23-cfa8-47e7-9c28-e9d03736b55a-7','32');
DeleteFile('C:\Windows\system32\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-4','32');
DeleteFile('C:\Windows\system32\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5','32');
DeleteFile('C:\Windows\system32\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-6','32');
DeleteFile('C:\Windows\system32\Tasks\9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-7','32');
DeleteFile('C:\Windows\system32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4','32');
DeleteFile('C:\Windows\system32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5','32');
DeleteFile('C:\Windows\system32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-7','32');
DeleteFile('C:\Program Files\Common Files\Distribute Application\appdistrib.exe','32');
DeleteFile('C:\Windows\system32\Tasks\appdistrib','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\Windows\system32\Tasks\ASP','32');
DeleteFile('C:\Windows\system32\Tasks\BaiduBrowserUpdater','32');
DeleteFile('C:\Windows\system32\Tasks\BlockAndSurf Update','32');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','32');
DeleteFile('C:\Windows\system32\Tasks\DSite','32');
DeleteFile('C:\ProgramData\Kbrowser utility\kbrowser-updater-utility.exe','32');
DeleteFile('C:\Windows\system32\Tasks\kbrowser-updater-utility','32');
DeleteFile('C:\Windows\system32\Tasks\LaunchSignup','32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Maintenance\SMupdate2','32');
DeleteFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Multimedia\SMupdate3','32');
DeleteFile('C:\Windows\system32\Tasks\newSI_1801','32');
DeleteFile('C:\Windows\system32\Tasks\newSI_21591','32');
DeleteFile('C:\Windows\system32\Tasks\newSI_608','32');
DeleteFile('C:\Windows\system32\Tasks\ShopperPro','32');
DeleteFile('C:\Windows\system32\Tasks\ShopperProJSUpd','32');
DeleteFile('C:\Program Files\ShopperPro\updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\SMupdate1','32');
DeleteFile('C:\Windows\system32\Tasks\SPBIW_UpdateTask_Time_3331303034383133312d3437415a556c2a3223346c41','32');
DeleteFile('C:\ProgramData\ShopperPro\spbihe.js','32');
DeleteFile('C:\Windows\system32\Tasks\SPDriver','32');
DeleteFile('C:\Windows\system32\Tasks\SpeedUpMyPC Maintenance','32');
DeleteFile('C:\Windows\system32\Tasks\SpeedUpMyPC Startup','32');
DeleteFile('C:\Windows\system32\Tasks\SpeedUpMyPC Subscription','32');
DeleteFile('C:\Program Files\ShopperPro\JSDriver\1.42.1.1847\jsdrv.exe','32');
DeleteFile('C:\Users\Helen\AppData\Local\Microsoft\Windows\toolbar.exe','32');
DeleteFile('C:\Windows\system32\Tasks\SystemScript','32');
DeleteFile('C:\Windows\system32\Tasks\UNELEVATE_25079','32');
DeleteFile('C:\Windows\system32\Tasks\YTDownloader','32');
DeleteFile('C:\Windows\system32\Tasks\YTDownloaderUpd','32');
DeleteFile('C:\Program Files\YTDownloader\updater.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.

 

Выполните скрипт в AVZ

 

begin
CreateQurantineArchive('c:\quarantine.zip');
end.
c:\quarantine.zip отправьте по адресу newvirus@kaspersky.com

Полученный ответ сообщите здесь (с указанием номера KLAN)

 

Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи

Ссылка на комментарий
Поделиться на другие сайты
charlys Новичок

charlys

Опубликовано
  • Автор
Опубликовано
ответ от newvirus@kaspersky.com

=========================================

KLAN-3071960234

=========================================

 

Здравствуйте,

 

Это сообщение сформировано автоматической системой приёма писем. Сообщение содержит информацию о том, какие вердикты на файлы (если таковые есть в письме) выносит Антивирус с последними обновлениями.

 

csrss.exe,

hnsi1e3b.tmp,

spbiw.sys,

SysMenu.dll

 

Получен набор неизвестных файлов, они будут переданы в Вирусную Лабораторию.

 

kbrowser-updater-utility.exe

 

Вредоносный код в файле не обнаружен.

=========================================

 

CollectionLog-2015.08.22-20.21.zip

Ссылка на комментарий
Поделиться на другие сайты
  • 1 month later...
thyrex Мудрец

thyrex

Опубликовано
Опубликовано
Скачайте Farbar Recovery Scan Tool  NAAC5Ba.png и сохраните на Рабочем столе.

  • Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.


 

1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.

2. Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".

B92LqRQ.png

3. Нажмите кнопку Scan.

4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите этот отчет в следующем сообщении.

5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt). Пожалуйста, и его тоже прикрепите в следующем сообщении.
Ссылка на комментарий
Поделиться на другие сайты
thyrex Мудрец

thyrex

Опубликовано
Опубликовано

1. Откройте Блокнот и скопируйте в него приведенный ниже текст

 

CreateRestorePoint:
Task: {002DF34B-C62A-4F82-AC3D-CFC7CAF119EF} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-1-7 -> No File <==== ATTENTION
Task: {00DD4EE8-1AF7-4F8E-91A4-43C50D536B6F} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-3 -> No File <==== ATTENTION
Task: {017C52C6-D70F-43F5-A3EF-37591096974C} - \99a75547-4ace-47d6-a932-8dec59b65f34-4 -> No File <==== ATTENTION
Task: {01893E7B-D585-4A3E-B946-CAA2C7372AAC} - \ShopperPro -> No File <==== ATTENTION
Task: {0195CAF6-99A5-4805-8EFA-DE11B9D37016} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {0279CE5F-16C5-4F43-93BC-C5078109BC58} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-2 -> No File <==== ATTENTION
Task: {03E1D1E2-7241-484E-B230-FAAA186A9B63} - \ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10_user -> No File <==== ATTENTION
Task: {050942F3-796A-44CE-BE4F-4965958745DF} - \ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4 -> No File <==== ATTENTION
Task: {0746D10E-DDCC-4F49-921E-8AA25F5CA858} - \YTDownloader -> No File <==== ATTENTION
Task: {0C03B91A-DF77-4EEE-ADBE-1A9A767F48BF} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-3 -> No File <==== ATTENTION
Task: {10BCCD6B-EAB9-4AF4-BC79-DB6C1FB7167E} - \1a56e579-6eca-4665-9508-3bc1f422b979-3 -> No File <==== ATTENTION
Task: {14574535-E4A3-4D3D-80E2-7E0F0DDE71F7} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-11 -> No File <==== ATTENTION
Task: {1D93BED0-BF88-41CC-9B89-FD0D08AA57D5} - \SMupdate1 -> No File <==== ATTENTION
Task: {1DBCAA9A-95A7-4C43-8FE0-44E70EB276FF} - \9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-6 -> No File <==== ATTENTION
Task: {1E0AE0CF-4998-49B2-8840-68EF4A0A21BF} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-10_user -> No File <==== ATTENTION
Task: {231C5D68-FECF-44EE-A94A-439A4FD03DE5} - \055a401c-792d-4408-bfe7-bf042b25d955-6 -> No File <==== ATTENTION
Task: {23F2E681-4CF4-44F5-94DB-F279738AC39F} - \newSI_21591 -> No File <==== ATTENTION
Task: {26D82D4D-FC9E-469E-9C87-D0DE64A480B3} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-5_user -> No File <==== ATTENTION
Task: {2B447516-F172-4395-93B9-1770FB0899BD} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-5_user -> No File <==== ATTENTION
Task: {2DB8E5B2-696E-458D-8271-D5FE678B7F96} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-10_user -> No File <==== ATTENTION
Task: {31001D0C-E53F-4023-AFD4-E41A19705138} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-4 -> No File <==== ATTENTION
Task: {325943D8-716D-444E-B8C3-3CACA8184885} - \UpnCH -> No File <==== ATTENTION
Task: {370D9543-A508-4FAC-BF5F-5924454AAA9F} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-7 -> No File <==== ATTENTION
Task: {370E1F46-3E8B-4B31-AC79-24D4FA324015} - \6af65f66-48d9-4e45-845b-ab0cad8d1432-1-7 -> No File <==== ATTENTION
Task: {38435084-84D5-4722-B7E3-79860ABD702F} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-1 -> No File <==== ATTENTION
Task: {38B3280C-8349-4D98-AE26-4772C3837E71} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-3 -> No File <==== ATTENTION
Task: {39330347-1BE0-4DF9-897A-A534A10889CF} - \BaiduBrowserUpdater -> No File <==== ATTENTION
Task: {3A760BD6-B202-4A4F-A0FA-F33C98891849} - \DSite -> No File <==== ATTENTION
Task: {3AE1BD10-AE27-450A-B0E3-E39BC54288A3} - \SpeedUpMyPC Startup -> No File <==== ATTENTION
Task: {3D90A59D-76E9-4FB7-B374-3F1BCB60B278} - \Kbupdater Utility -> No File <==== ATTENTION
Task: {40F9E76F-3933-4401-A19C-08FAAFEFB934} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-5 -> No File <==== ATTENTION
Task: {427808E8-68E8-4D5A-9A67-FC82C5105D1F} - \9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5 -> No File <==== ATTENTION
Task: {42E0E49A-579B-492B-9C98-8E653955A3A0} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-4 -> No File <==== ATTENTION
Task: {4375F016-D96C-4A83-B41F-D760C1FD50F2} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-1-7 -> No File <==== ATTENTION
Task: {4509FF8B-4BCB-4A24-826D-05A67590C058} - \SPDriver -> No File <==== ATTENTION
Task: {45B42533-609F-44B3-B3EE-BBEE43439215} - \055a401c-792d-4408-bfe7-bf042b25d955-5 -> No File <==== ATTENTION
Task: {4653460A-08D1-4E14-9BD3-9B2947D08BEA} - \EJMb8VW77lJED9dsLaj0fw0cqZc -> No File <==== ATTENTION
Task: {48D91B4B-7473-4E5E-B0B3-64D94848123F} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {4B1F33EA-5F63-45B5-9C77-21A346EDDA70} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION
Task: {511BF1FE-FAC8-4F7B-8F46-86A9742CDDCE} - \DealPly -> No File <==== ATTENTION
Task: {534CB6E2-73CB-4310-95EF-37ED6BACFC7F} - \ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5 -> No File <==== ATTENTION
Task: {53D72310-ADD2-411D-A064-8596982066F9} - \SPBIW_UpdateTask_Time_3331303034383133312d3437415a556c2a3223346c41 -> No File <==== ATTENTION
Task: {545574F3-1C00-461D-851D-CA92A77B2F5A} - \1a56e579-6eca-4665-9508-3bc1f422b979-4 -> No File <==== ATTENTION
Task: {55A671C0-1118-45C5-A36B-A37986507DF4} - \055a401c-792d-4408-bfe7-bf042b25d955-5_user -> No File <==== ATTENTION
Task: {579303ED-C8EA-4BEA-BA5B-3A2CC4ACBDC7} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-4 -> No File <==== ATTENTION
Task: {5A644DCC-42B2-410E-AB8D-0B7320301F4C} - \BlockAndSurf Update -> No File <==== ATTENTION
Task: {5BE13293-A85E-43D4-A0DF-7DBD3A08D9A2} - \Crossbrowse -> No File <==== ATTENTION
Task: {5C47D3BB-B00E-446D-9ECD-C6548B33C037} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-6 -> No File <==== ATTENTION
Task: {6312C47B-D06E-4555-B64A-2F0B138602AE} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {68F8B1B6-64B4-4AA7-B2B2-CA031E5BE779} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-5 -> No File <==== ATTENTION
Task: {737A0938-51AA-400E-BA69-2627E5316B6C} - \99a75547-4ace-47d6-a932-8dec59b65f34-10_user -> No File <==== ATTENTION
Task: {73B53D97-1BB7-4119-AD59-D622EE3F158C} - \ASP -> No File <==== ATTENTION
Task: {76CB48FC-F503-42E4-869A-C572D2E3C910} - \SpeedUpMyPC Maintenance -> No File <==== ATTENTION
Task: {78C2F755-8751-4E80-8B17-55DD9445036C} - \ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6 -> No File <==== ATTENTION
Task: {78E26B9F-5FA6-4E1E-B413-CE2F40507698} - \055a401c-792d-4408-bfe7-bf042b25d955-1-6 -> No File <==== ATTENTION
Task: {7BFE9BD5-E835-47E1-AC8F-E678FAB7A754} - \055a401c-792d-4408-bfe7-bf042b25d955-7 -> No File <==== ATTENTION
Task: {7CC0EE47-9046-4F14-8647-0B8A11D52605} - \055a401c-792d-4408-bfe7-bf042b25d955-4 -> No File <==== ATTENTION
Task: {7D29260A-0D87-4D28-8633-3B534983EF05} - \99a75547-4ace-47d6-a932-8dec59b65f34-6 -> No File <==== ATTENTION
Task: {7E6B7146-A93D-4C53-BAD4-8496768ECA67} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-5 -> No File <==== ATTENTION
Task: {848A4799-698E-4A12-8F6C-9990B3B1964D} - \99a75547-4ace-47d6-a932-8dec59b65f34-1-6 -> No File <==== ATTENTION
Task: {890EBF37-7A93-49A7-989D-C6A2204005EF} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-7 -> No File <==== ATTENTION
Task: {8AF51C87-AC72-4C22-B827-863513C08A20} - \1a56e579-6eca-4665-9508-3bc1f422b979-7 -> No File <==== ATTENTION
Task: {8C4A6003-93DC-4109-B292-C6F016D56E43} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-10_user -> No File <==== ATTENTION
Task: {8DFB5642-E652-4151-9ADC-A579A2C3422F} - \9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-5_user -> No File <==== ATTENTION
Task: {8E20451E-6CF5-413B-B25E-BC82C203BFDB} - \6af65f66-48d9-4e45-845b-ab0cad8d1432-4 -> No File <==== ATTENTION
Task: {92636CDF-9624-4F26-86D9-151E2EA6C750} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {945DFFAA-6E77-47C8-B690-F6F73E90C344} - \6af65f66-48d9-4e45-845b-ab0cad8d1432-5_user -> No File <==== ATTENTION
Task: {94A93E14-6841-48FE-97D5-23E816B1CC7F} - \1a56e579-6eca-4665-9508-3bc1f422b979-5 -> No File <==== ATTENTION
Task: {994BA1C3-0480-4E2B-B315-7D1CEBB26111} - \6af65f66-48d9-4e45-845b-ab0cad8d1432-6 -> No File <==== ATTENTION
Task: {9959B3A7-D080-44AC-8C39-E0EB1571B4CD} - System32\Tasks\{A9458291-BC4B-43B3-9728-C2DF74CBDD7C} => c:\users\helen\appdata\local\amigo\application\amigo.exe
Task: {9A285F14-32BC-433D-9A3C-BC93746E301D} - \99a75547-4ace-47d6-a932-8dec59b65f34-7 -> No File <==== ATTENTION
Task: {9CCCD353-D7A8-473E-BBA1-C9B39C9BFE1D} - \6af65f66-48d9-4e45-845b-ab0cad8d1432-5 -> No File <==== ATTENTION
Task: {A0622F08-775B-499F-B83B-D7AE7DD11746} - \9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-7 -> No File <==== ATTENTION
Task: {A07B26DC-1598-40DC-B5A0-1BF33513EE88} - \99a75547-4ace-47d6-a932-8dec59b65f34-5_user -> No File <==== ATTENTION
Task: {A1772D77-4605-41A3-A82B-F6379FF909F8} - \6af65f66-48d9-4e45-845b-ab0cad8d1432-1-6 -> No File <==== ATTENTION
Task: {A294DA87-DBAA-4F5F-8CED-72BB24F93B6F} - \miss_sunshine_updating_service -> No File <==== ATTENTION
Task: {A48C60E3-D820-4D0E-8AE3-7AED27E8BF06} - \ae7e27e2-d0d7-4feb-8fb0-24133894cfee-7 -> No File <==== ATTENTION
Task: {A55881EC-795C-4E53-9A35-804BB6F869B5} - \99a75547-4ace-47d6-a932-8dec59b65f34-1-7 -> No File <==== ATTENTION
Task: {A59D04D7-01FE-4429-984C-CA92DDBD4B92} - \appdistrib -> No File <==== ATTENTION
Task: {A99689A2-A7FF-4144-AE61-BABCA90E04D1} - \miss_sunshine_notification_service -> No File <==== ATTENTION
Task: {AB093F48-391A-444E-BB85-10503897BA3D} - \055a401c-792d-4408-bfe7-bf042b25d955-1-7 -> No File <==== ATTENTION
Task: {AB99092E-EF7E-4ABE-B725-E5A909029C97} - \newSI_608 -> No File <==== ATTENTION
Task: {ACCA6AEA-CCF8-42C6-A8DC-81EED306B4FD} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {AF9A0A33-48F8-402B-9127-928030907609} - \kbrowser-updater-utility -> No File <==== ATTENTION
Task: {B4D4ABC9-2F44-4A5A-98D5-FD250E04EA98} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {B5EAEDEC-E95B-43EC-BA9F-CD010FE37A38} - \extsetup -> No File <==== ATTENTION
Task: {BD677B7E-B925-4ACD-9876-A0A92EA07721} - \ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7 -> No File <==== ATTENTION
Task: {BE910246-D2D2-44C7-A738-401F0E4216FD} - \newSI_1801 -> No File <==== ATTENTION
Task: {C1686194-3018-4C6A-985D-ADA96795F5E0} - \LaunchSignup -> No File <==== ATTENTION
Task: {C86D80AD-972C-47CD-A064-3DA26C950EA9} - \ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5_user -> No File <==== ATTENTION
Task: {CEE19844-3FAB-4CC8-942D-48EC38D4ED2B} - \9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-4 -> No File <==== ATTENTION
Task: {CF0D88CD-F47F-481C-ACEB-E1BCCB27052F} - \SystemScript -> No File <==== ATTENTION
Task: {D0196E7D-2FFF-45A7-9D22-B7FDBF4B357A} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-6 -> No File <==== ATTENTION
Task: {D3D98AB4-481B-4C38-BB97-9B9E50313D00} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-1-6 -> No File <==== ATTENTION
Task: {D487673A-1B69-4D54-B196-E5B9468BCAB9} - \99a75547-4ace-47d6-a932-8dec59b65f34-5 -> No File <==== ATTENTION
Task: {DD673BD6-58DE-4BBC-91D9-6C4C4A3569D7} - \SpeedUpMyPC Subscription -> No File <==== ATTENTION
Task: {DF3C4AF5-C42D-4A3C-BF84-0EF49D33E408} - \Safebrowser -> No File <==== ATTENTION
Task: {DFAE1C89-2E2A-4E8B-85A1-68D51B068143} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-1-6 -> No File <==== ATTENTION
Task: {E1721EE9-0633-4FDC-9A01-894900E51114} - \UNELEVATE_25079 -> No File <==== ATTENTION
Task: {E1DE28E1-0941-4C61-A9AD-27BBF02FA767} - \9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-6 -> No File <==== ATTENTION
Task: {E3AA5792-D548-4851-A082-11CBD69E9AF2} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
Task: {E5301E26-8D28-42C7-9F11-3DDDEDB7FFB3} - \99a75547-4ace-47d6-a932-8dec59b65f34-3 -> No File <==== ATTENTION
Task: {E99E6244-EC2C-4621-98F7-DE785AE14218} - \02d2d88d-984f-4b33-a84d-6a90e6862de1-7 -> No File <==== ATTENTION
Task: {EAED82AB-1C56-4D06-B12C-6E60285A060E} - \9f468e23-cfa8-47e7-9c28-e9d03736b55a-5_user -> No File <==== ATTENTION
Task: {EBA7727F-55C6-44CF-A390-B9DFE5CE5338} - \9fe5f5ef-ba9a-447e-98b6-c8454cfd4e5c-1-7 -> No File <==== ATTENTION
Task: {EC01ED20-ECBB-471F-B9ED-1ED0DD614A0E} - \1a56e579-6eca-4665-9508-3bc1f422b979-1-6 -> No File <==== ATTENTION
Task: {ECB19395-D35F-4480-B6BF-63063F72B415} - \1a56e579-6eca-4665-9508-3bc1f422b979-1-7 -> No File <==== ATTENTION
Task: {ECF14C8C-0449-467A-BDD6-29352734673A} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {EE944B21-3EB7-45A7-9829-E5F0E31DA2CA} - \1a56e579-6eca-4665-9508-3bc1f422b979-6 -> No File <==== ATTENTION
Task: {F0D3DD76-8421-45C7-8D44-37A9B033626E} - \1c895bea-87f1-49b9-8fef-94dd222ff36f-6 -> No File <==== ATTENTION
Task: {F1188851-0D49-40C9-A250-D0225E30D07E} - \nethost task -> No File <==== ATTENTION
Task: {F6C66FE0-D54F-4EBD-AC46-BC18488E4547} - \YTDownloaderUpd -> No File <==== ATTENTION
2015-08-27 16:40 - 2015-08-27 16:40 - 00481632 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\sqlite.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00088416 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\zlib.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00100704 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\tinyxml.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00203104 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQFileFlt.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00063840 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00039776 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-08-27 16:40 - 2015-09-22 20:35 - 00019296 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\oDayProtect.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00137568 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\libexpatw.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00092184 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\xGraphic32.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00342040 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\arkGraphic.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00045920 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\jgImage.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00158048 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\libpng.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00285024 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\libjpegturbo.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00014176 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\jgIOStub.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00194912 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\xImage.dll
2015-08-27 16:40 - 2015-08-27 16:40 - 00076128 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\MemDefrag.dll
2015-08-27 16:48 - 2015-09-02 19:08 - 00368184 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\DlForQd.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00894361.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06059032.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77116944.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00894361.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06059032.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77116944.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCTRAY.EXE [355296 2015-08-27] (Tencent)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt.dll [2015-08-27] (Tencent)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (????)
FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-08-27] (Tencent Technology (Shenzhen) Company Limited)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2013-02-17]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2010-03-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-05-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cfg [2015-05-22] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [kneggodalbcmgdkkfhbhbicbbahnacjb] - hxxp://vkplayerpro.ru/index.xml
CHR HKLM\...\Chrome\Extension: [nhgcieglcpdegkhamigiokdphfhhnlhh] - C:\Program Files\AlterGeo\Html5 geolocation provider\altergeo.crx <not found>
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-09-07] (Tencent)
R2 QQPMSRV; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\plugins\QQPCB1AndroidJmp\QQPmSrv.exe [63032 2015-05-28] (????)
S3 TAOFrame; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-08-27] (Tencent)
S2 2312f024; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TrimSystem\TrimSystem.dll",serv
R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMIEProtect.sys [49976 2015-08-18] ()
R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMUdisk.sys [75192 2015-10-01] (Tencent)
R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQSysMon.sys [108472 2015-08-27] (????)
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [114520 2015-09-25] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2015-08-27] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2015-08-27] (????)
R3 TS888; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TS888.sys [30392 2015-10-10] (Tencent)
R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\tscpm.sys [43448 2015-08-27] (????)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2015-08-27] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [124792 2015-08-27] (????)
R1 tsksp; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSKsp.sys [204920 2015-08-27] (????)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSSysKit.sys [101560 2015-08-27] (????)
2015-10-04 11:18 - 2015-10-04 11:18 - 00000000 ____D C:\Tencent
2015-10-04 19:57 - 2015-07-23 19:25 - 00000000 ____D C:\Program Files\1ca46774-821f-42b2-83e9-62aaf9c4a308
2015-10-04 19:57 - 2015-07-23 14:24 - 00000000 ____D C:\Program Files\ffb2810a-8a9c-42a2-a391-0be19fb036dc
2015-10-04 19:57 - 2015-05-25 11:14 - 00000000 ____D C:\Program Files\fa94652a-966d-4921-8568-01c23586891a
2015-10-04 19:57 - 2015-05-25 11:14 - 00000000 ____D C:\Program Files\1a678d42-a5ec-4b41-83ff-41605af013db
2015-10-04 19:57 - 2015-05-18 16:20 - 00000000 ____D C:\Program Files\ee6645a7-610a-4573-9590-6f794ebfdbf4
2015-10-04 19:57 - 2015-05-17 08:56 - 00000000 ____D C:\Program Files\fd67ce1e-66c0-4072-97b7-bbf2aaff8553
2015-10-04 19:57 - 2015-05-17 08:55 - 00000000 ____D C:\Program Files\5b372822-3d67-47a7-b302-a5d5873787d3
2015-10-04 19:57 - 2015-04-17 20:11 - 00000000 ____D C:\Program Files\033ab7fe-cf21-49fe-a7e8-1a772e38d328
2015-10-04 19:57 - 2015-04-17 20:10 - 00000000 ____D C:\Program Files\globalUpdate
2015-10-04 19:57 - 2014-12-15 09:35 - 00000000 ____D C:\ProgramData\Kbupdater Utility
2015-10-04 11:30 - 2015-08-27 16:40 - 00000000 ____D C:\ProgramData\Tencent
2015-09-25 14:49 - 2015-08-27 16:41 - 00114520 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
Reboot:

2. Нажмите ФайлСохранить как

3. Выберите папку, откуда была запущена утилита Farbar Recovery Scan Tool

4. Укажите Тип файлаВсе файлы (*.*)

5. Введите имя файла fixlist.txt и нажмите кнопку Сохранить

6. Запустите FRST, нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении.

  • Обратите внимание, что будет выполнена перезагрузка компьютера.

Ссылка на комментарий
Поделиться на другие сайты
charlys Новичок

charlys

Опубликовано
  • Автор
Опубликовано (изменено)

Спасибо! Выполнил. Fixlog.txt прикладываю...

Не удивляйтесь ошибкам в логе, всякие китайские QQ... мне удалось удалить самостоятельно

Какими должны быть мои дальнейшие действия?

Напомню, основной целью я имею расшифровку файлов. Я осознаю, что для успешного достижения цели необходима предварительная чистка компьютера (чем мы сейчас и занимаемся). И я буду старательно выполнять ваши рекомендации.

Однако, после восстановления документов, я планирую полную переустановку системы. Просто прошу учесть это, чтобы не совершать лишних действий в вашей стороны. Заранее благодарю за понимание

Fixlog.txt

Изменено пользователем charlys
Ссылка на комментарий
Поделиться на другие сайты

Пожалуйста, войдите, чтобы комментировать

Вы сможете оставить комментарий после входа в



Войти
 Share
Перейти к списку тем
×
×
  • Создать...