Вирус Майнер TiWorker

[Lokuc15]

Обнаружил на своем компьютере процес который грузит процесор на 50%. При открытии стандартного деспетчера задач процес не прячется, при открытии Process Hecker 2 вирус исчезает, если не закрывать Process Hecker 2 вирус сам закроет его и начнет работать. 2 дня назад я удалил папку откуда он работал. Спустя 2 дня он начал работать, но находится в другой дериктории. Как его удалить полностью?

[Mark D. Pearlstone]

Порядок оформления запроса о помощи

[Lokuc15]

CollectionLog-2019.03.24-13.49.zip Касперский ничего не заметил, доктор веб даже не запустился. Лог приложил к сообщению

Порядок оформления запроса о помощи

Все пункты выполнил

[thyrex]

Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.

• Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.

1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.

2. Убедитесь, что в окне Optional Scan отмечены List BCD, Driver MD5 и 90 Days Files.

3. Нажмите кнопку Scan.

4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа.

5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt).

6. Файлы FRST.txt и Addition.txt заархивируйте (в один общий архив) и прикрепите к сообщению.

[Lokuc15]

Отчет

отчет.zip

Изменено 24 марта, 2019 пользователем thyrex

[thyrex]

Не нужно полностью цитировать выдаваемые Вам рекомендации.

 

1. Выделите следующий код:

Start::
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-145608687-4176657684-1420870047-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Task: {01BD2E72-410F-4CA7-8FFE-7A2B6EFB6D96} - System32\Tasks\Phoenix Browser Updater => C:\Users\Kirill\AppData\Local\Phoenix Browser Updater\Phoenix Browser Updater.exe <==== ATTENTION
Task: {04B49998-DE08-40B9-9C82-2D8FF8E178F8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe
Task: {727FA705-9BAD-487E-A0A6-98AB06B83F2C} - \NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {91A09AF2-B72B-4599-B683-039D34A4C986} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe
Task: {BDC4C10F-246A-4B5B-8A50-C53AA3852868} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
"C:\Windows\System32\Tasks\Microsoft\Windows\Google" could not be unlocked Error: 5. <==== ATTENTION
"C:\Windows\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineGU" was unlocked. <==== ATTENTION
Task: {BEE454E3-B132-4DCC-97A9-5F1683E19625} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineGU => C:\Windows\System32\Microsoft\Protect\S-1-46-31\RB_1.4.90.25.exe <==== ATTENTION
Task: {E828C2E6-28B0-43DF-AB1C-6E6042A6701B} - System32\Tasks\Driver Booster SkipUAC (Kirill) => C:\Program Files\IObit\Driver Booster\4.5.0\DriverBooster.exe
HKU\S-1-5-21-145608687-4176657684-1420870047-1000\Software\Classes\.exe:  =>  <==== ATTENTION
HKU\S-1-5-21-145608687-4176657684-1420870047-1000\Software\Classes\.bat:  =>  <==== ATTENTION
FirewallRules: [TCP Query User{A1678D6F-A96B-4C76-B59D-8B254310A4D6}C:\users\kirill\appdata\roaming\.minecraftonly\java\java\bin\java.exe] => (Allow) C:\users\kirill\appdata\roaming\.minecraftonly\java\java\bin\java.exe No File
FirewallRules: [UDP Query User{D2CC56B6-F8B9-438A-A497-06E6658388D7}C:\users\kirill\appdata\roaming\.minecraftonly\java\java\bin\java.exe] => (Allow) C:\users\kirill\appdata\roaming\.minecraftonly\java\java\bin\java.exe No File
FirewallRules: [TCP Query User{231D8C2B-A8D1-4EED-9A17-ACA167499E2F}C:\program files\mytestxpro\mytestserver.exe] => (Allow) C:\program files\mytestxpro\mytestserver.exe No File
FirewallRules: [UDP Query User{E3031644-2B55-4ED9-B869-12C5B33E41F8}C:\program files\mytestxpro\mytestserver.exe] => (Allow) C:\program files\mytestxpro\mytestserver.exe No File
FirewallRules: [TCP Query User{1F3EC3EF-C93E-4A90-A582-579E80739F81}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [UDP Query User{5170E543-545B-4C8E-83DC-D7CDE0A95576}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [TCP Query User{D72B0576-636E-41E7-AD5C-67BAE0BABE35}C:\users\kirill\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kirill\appdata\local\warthunder\launcher.exe No File
FirewallRules: [UDP Query User{DDBED981-9114-40E1-AC9A-31CFE8F5F6DD}C:\users\kirill\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kirill\appdata\local\warthunder\launcher.exe No File
FirewallRules: [TCP Query User{9F53BD80-6276-49CF-84D5-D861CF69804F}C:\users\kirill\appdata\local\warthunder\win32\aces.exe] => (Allow) C:\users\kirill\appdata\local\warthunder\win32\aces.exe No File
FirewallRules: [UDP Query User{435FB9F0-1A7A-47C0-9AED-B514D2071A1F}C:\users\kirill\appdata\local\warthunder\win32\aces.exe] => (Allow) C:\users\kirill\appdata\local\warthunder\win32\aces.exe No File
FirewallRules: [TCP Query User{76AA3D4F-99B9-4D8C-9DFF-77029761BA62}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A2A58C13-C020-48C4-AEC7-39A87B3B9A91}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{2242891E-E300-4C0E-A3BA-4861528081A2}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.142\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.142\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{05D5A6C1-19A7-4881-AE7D-2A6C29B8EF74}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.142\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.142\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{EFAF4E27-28E7-48EF-8E74-9F6E75E52C97}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{30BD3B81-697D-4FA1-92A0-6231C0339CBC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{B2E6FDAD-C78F-4399-8C2B-3D98071EF1E2}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F948640A-CF7F-44A1-B234-662053E5C544}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{509290CB-B907-4490-B5BA-777680C26805}C:\program files\pc remote receiver\pcremotereceiver.exe] => (Allow) C:\program files\pc remote receiver\pcremotereceiver.exe No File
FirewallRules: [UDP Query User{8459B206-2ABE-4253-8774-21B17D211A09}C:\program files\pc remote receiver\pcremotereceiver.exe] => (Allow) C:\program files\pc remote receiver\pcremotereceiver.exe No File
FirewallRules: [{959D527E-D6EC-44F0-9653-58AD767085F8}] => (Allow) C:\Program Files\PC Remote Receiver\PCRemoteReceiver.exe No File
FirewallRules: [{4244C615-6CD5-446C-B711-941BE49601F3}] => (Allow) C:\Program Files\PC Remote Receiver\MonectMediaCenter.exe No File
FirewallRules: [TCP Query User{FDC92026-1A80-49F4-ADEA-805813F60253}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{336DEF67-5D64-47CA-9DD2-0362AE283645}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{94FB70D3-9506-4E61-AE93-B1CA91F7C90B}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe No File
FirewallRules: [UDP Query User{E8301914-E022-46FC-8C54-DF646AA70252}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe No File
FirewallRules: [TCP Query User{64BA9D59-1AA3-4A51-9BDD-97AC5B2794C5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{EC045B9C-6B34-4044-82BC-9D03029BDE1E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{44A07E4D-9E01-4A97-9ECF-DFC000A8F055}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{D12FDC56-C00B-4F3B-9A77-E7CD604FB82B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{86D39123-AE5D-4BE2-A812-4B798E6DBC26}C:\games\terraria v1.3.5.3 rus\terrariaserver.exe] => (Allow) C:\games\terraria v1.3.5.3 rus\terrariaserver.exe No File
FirewallRules: [UDP Query User{0B54E5CE-6DE5-4BA3-924F-62B1C903C7CE}C:\games\terraria v1.3.5.3 rus\terrariaserver.exe] => (Allow) C:\games\terraria v1.3.5.3 rus\terrariaserver.exe No File
FirewallRules: [TCP Query User{58FD05C6-9861-4534-B250-556FCB070EA9}C:\program files\r.g. mechanics\borderlands 2 ru\binaries\win32\borderlands2.exe] => (Allow) C:\program files\r.g. mechanics\borderlands 2 ru\binaries\win32\borderlands2.exe No File
FirewallRules: [UDP Query User{7355C912-3272-4214-AB55-CD3039AF6CA9}C:\program files\r.g. mechanics\borderlands 2 ru\binaries\win32\borderlands2.exe] => (Allow) C:\program files\r.g. mechanics\borderlands 2 ru\binaries\win32\borderlands2.exe No File
FirewallRules: [TCP Query User{40D95E91-9C28-4B5B-BE01-531478D4E97F}C:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Allow) C:\games\borderlands 2\game\binaries\win32\borderlands2.exe No File
FirewallRules: [UDP Query User{F3873FC6-0F8A-4D79-9B37-4FD785439BE7}C:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Allow) C:\games\borderlands 2\game\binaries\win32\borderlands2.exe No File
FirewallRules: [{651FE5C4-C873-4B4B-8444-5E42DF7F0D5B}] => (Allow) C:\Program Files\Opera\53.0.2907.88\opera.exe No File
FirewallRules: [{74C3D2F1-F271-4026-A1F1-2D711F6BCEA5}] => (Allow) C:\Program Files\MCoffline\MCoffline\MCoffline.exe No File
FirewallRules: [{DD2E593B-6090-42B1-9EF7-FF8976F8AD13}] => (Allow) C:\Program Files\MCoffline\MCoffline\MCoffline.exe No File
FirewallRules: [TCP Query User{29153066-A700-489F-BCB9-DB89572E69C4}C:\games\starbound\win32\starbound_server.exe] => (Allow) C:\games\starbound\win32\starbound_server.exe No File
FirewallRules: [UDP Query User{CA094276-DA85-4F5B-A536-91B0400F9886}C:\games\starbound\win32\starbound_server.exe] => (Allow) C:\games\starbound\win32\starbound_server.exe No File
FirewallRules: [TCP Query User{96CA747C-2766-4AC0-B972-C894EDD4B267}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe No File
FirewallRules: [UDP Query User{54461004-569B-4B71-A328-58CD66A47AF4}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe No File
FirewallRules: [TCP Query User{AD78A113-8A8E-4950-BF6A-F7A4F896E0C1}C:\program files\crossout\launcher.exe] => (Allow) C:\program files\crossout\launcher.exe No File
FirewallRules: [UDP Query User{774501D0-4C00-4D5A-9D28-851162AA23C6}C:\program files\crossout\launcher.exe] => (Allow) C:\program files\crossout\launcher.exe No File
FirewallRules: [{569D6A27-D834-4717-BE88-55BBB6A63CE6}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{DEA59160-323E-452F-AAD3-8AC6CCF8BCC4}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{AB703B92-D094-48AE-9C2A-3541876E5AE5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{5C97E5B4-5B16-41A4-BD44-F76B2456E4A6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{354B9F39-7274-4D8E-8197-510BD63B1866}C:\program files\mytestx\mytestserver.exe] => (Allow) C:\program files\mytestx\mytestserver.exe No File
FirewallRules: [UDP Query User{EADB0891-3DDB-4796-A4E2-3CA34CCB1372}C:\program files\mytestx\mytestserver.exe] => (Allow) C:\program files\mytestx\mytestserver.exe No File
FirewallRules: [TCP Query User{4AC7237E-B94D-4E16-9690-EFF9CCDCE667}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{64AA9D3A-DBF5-4B9E-9E52-F60E583F7295}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{CB27367A-CC31-49A4-B4E5-9CD624550CF8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{2C226B29-4F50-470F-883E-793B231AD7EA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{18E6AB96-0CDA-4DB1-9C8B-C3EAA0E15630}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{D0E0D056-E348-4B49-B80B-A75E9866B14F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{E4141E61-AAC2-42FB-A485-C904DF9B8157}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{2DDA3077-7121-4FBD-A156-C19BDF782BD3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{BDA1E3C4-77A2-45B6-A10A-A4B7E5547B14}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{7A738D1B-4713-40B9-835D-BDE09691C619}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{92F535EA-1C60-45E9-A25C-0C83FF82D739}C:\tolyak26 repack\counter-strike global offensive\csgo.exe] => (Allow) C:\tolyak26 repack\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{7F1CDACA-806B-499F-9C83-BF1DA13622C6}C:\tolyak26 repack\counter-strike global offensive\csgo.exe] => (Allow) C:\tolyak26 repack\counter-strike global offensive\csgo.exe No File
FirewallRules: [TCP Query User{10006AF6-0136-45E9-9F3C-59FEF2E2C5B8}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [UDP Query User{00F05407-0A74-4886-B75E-4537E23CA76B}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [{420DDEF0-9807-482D-A630-E4EBBD2E3DFC}] => (Allow) D:\Program Files\Nox\bin\Nox.exe No File
FirewallRules: [{5EEDBB6D-BDB4-4345-A860-8241D36A80DE}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe No File
Reboot:
End::

2. Скопируйте выделенный текст (правая кнопка мыши – Копировать).

3. Запустите Farbar Recovery Scan Tool.

4. Нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении.

• Обратите внимание: будет выполнена перезагрузка компьютера.

[Lokuc15]

ФиксЛог

Fixlog.txt

[thyrex]

Сделайте лог МВАМ

[Lokuc15]

Сделайте лог МВАМ

 лог мвам mdab.txt

[thyrex]

Поместите в карантин МВАМ все найденное

[Lokuc15]

Поместите в карантин МВАМ все найденное

Хорошо, поместил

[thyrex]

Проблема решена?

[Lokuc15]

Проблема решена?

Да, спасибо

[thyrex]

Загрузите SecurityCheck by glax24 & Severnyj и сохраните утилиту на Рабочем столе.

• Запустите двойным щелчком мыши (если Вы используете Windows XP) или из меню по щелчку правой кнопки мыши Запустить от имени администратора (если Вы используете Windows Vista/7/8/10);
• Если увидите предупреждение от вашего фаервола относительно программы SecurityCheck, не блокируйте ее работу;
• Дождитесь окончания сканирования, откроется лог в Блокноте с именем SecurityCheck.txt;
• Если Вы закрыли Блокнот, то найти этот файл можно в корне системного диска в папке с именем SecurityCheck, например C:\SecurityCheck\SecurityCheck.txt;
• Процитируйте содержимое файла в своем следующем сообщении.