Комп у брата жены зажил своей жизнью

[vladmc]

Комп у брата жены зажил своей жизнью

Очень много окон выходит через Internet Explorer, Opera, На рабочем столе реклама

 

[safety]

выполняем скрипт в uVS
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"

;uVS v4.0.9 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

addsgn BA6F9BB2BDC14A720B9C2D754C2190FBDA75303AC9A957FB69E38D31557D984F235F488E76DC9CBFE981F095FC0E49FA7D37F67A55DAF8A7EE3F27EBE75DE1BF 8 Win64/BitCoinMiner 7

addsgn 1A6F719A5583078CF42B95BC5488760550880F3560A61F78850F3A99F8342D4CDC326FB56255626C9B62D89FB933FD1821DF1757ED38EC2C78FC48D0D29EC22F 8 Win32/BitCoinMiner 7

addsgn 0DC977BA156A4C720BD4AEB164C81205258AFCF689FA1F7885C3C5BC50D6714C2717C0573E55AD492B008A9F461621FA7D5FF87255DA302C2DF7BC2FC706BA73 33 Win32/Jawego 7

addsgn 71006B5D514E4E720BD451A49CEA5005CD21020976776B5E854E799B50D6714C820BE0153EAA7DC0DD0D38B8461649FADCCFCB30552550BCBDE734BF5796B2E3 14 Win32/Adware.OnlineIO 7

addsgn 1A8F7E9A5583DD8CF42B627DA804DEC9E946303A4536D3C184C3C5BCA2D961619B678757D549244B2B80846D4906643A0D9BE8995863B32C2D775620D72B9A03 8 Win32/BitCoinMiner 7

addsgn A7679B1BB9D64F720B82C4B19BDD8615648A75730D04E08742465D42AF29714C23170412C6549D492B47012FB8E9B6FA7DDFE88D402EA06D2DD4D44786064A77 8 TrojanDownloader:HTML/Adodb 7

addsgn A7679BF0AA02840D4BD4C69546881261848AFCF689AA7BF1A0C3C5BC50559D14704194DE5BBD625CABD0C49F75C4C32EF4CAE00E1EDA3BE4AC965B2FC706AB7E 8 Miner 7

addsgn 1AE0099A5583358CF42B95BC30DF710550880F356074617885483AE9DB3A27C756039464C16E6A3C2FB34474232F34F208C4001C65DAB0463B292D1F90517524 8 Win32/Deceptor.SingleClickOptimizer 7

addsgn A7679BF0AA02EC524BD4C66171881261848AFCF689AA7BF1A0C3C5BC50559D24704194DE5BBDAE92A2DD78F544E95C7A5D9FE82BD6D7B0F366775BACCA02FD38 8 Win32/Kryptik 7

addsgn 1ABE719A5583C28CF42B519468BD5705AEC7089200F71F7885C39CE30F882AC7C64A92A5FDDED0B9184D76773DE3B6058F36328DAA253B61C14469DD2F6CD78C 8 Adware.OnlineGuard 7

addsgn BA652BBE5D22C5062FC4F9F9E724324CAE72772CC171EEFB7FC2B0B9B859104C235B4890B586D5C2E5C80FC36226017109FBD03AD61E9073C474A42FC7CAEEBF 64 Win64/Adware.Neoreklami 7

zoo %SystemDrive%\PROGRAM FILES (X86)\QYERBVXRHIE\KDCCO6HB.DLL
addsgn A7679B1928664D070E3C19E664C8ED70357589FA768F179082C3C5BCD3127D11E11BC33D323D5D802E906C74411649C9BD9F6307595F4659214E917B3301327C 64 Win32/Adware.Neoreklami 7

zoo %Sys32%\ICACL.EXE
addsgn B6653BBE7526C5362FCCE63830EC024DACC6D8FEC179F3003D9575B2509EF808073F82EE7E559D496A38848F4616F3EA5ADFE8419C25A5E92277A4674E42063B 8 ctfmon 7

addsgn B6653BBE7526C5362FCCE63830EC024DACC6D8FEC179F3003D9575B2509EF808073F82EE7E559D496A38848F4616F3EA5ADFE8419C25A5E92277A4674E42063B 8 Win64/Adware.Apdome 7

zoo %SystemRoot%\MICROSOFT\SVCHOST.EXE
addsgn A7679B19B9621B9AEFD2AEB1EF3097FA51FCAFA0617D1C7885481D5410D2714CA8E74A22C6BD9B4C2B800DDABAFEF7FF7DDF638AD001C462A881D065447BDE73 8 Win32/Adware.RuKoma 7

zoo %SystemRoot%\SYSWOW64\THEMCTRL.DLL
addsgn 79132211B9E9317E0AA1AB59C9A01205DAFFF47DC4EA942D892B2942AF292811E11BC3DCC10016A5C37EAA9F469D04F2F497FC2F963241022D772FE74C47361A 64 Win32/TrojanDownloader.Stantinko 6

zoo %SystemRoot%\SYSWOW64\WBIOSRVP.DLL
addsgn 79132211B9E9317E0AA1AB59B4B21205DAFFF47DC4EA942D892B2942AF292811E11BC3DCC10016A5AA6CAC9C4616EA3A6EDAF8FB5866A3293DFEB197D40332FA 64 Win32/TrojanDownloader.Stantinko 6

zoo %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\HYAI9NZVN5NW.EXE
chklst
delvir

deldirex %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

delref %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\GPLYRA\GPLYRA\START.CMD
del %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\GPLYRA\GPLYRA\START.CMD
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\DC2A47178E3143C9A43AF6323125B821\KHNH3F7IRQ.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\DC2A47178E3143C9A43AF6323125B821\KHNH3F7IRQ.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCSERVICE.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCSERVICE.EXE
delref %SystemDrive%\PROGRAMDATA\D70F5C20514147BA890A62D2EA454740\XLY4OCJPPEB0.EXE
del %SystemDrive%\PROGRAMDATA\D70F5C20514147BA890A62D2EA454740\XLY4OCJPPEB0.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\5F0381E854BE4F4799D9C8BDA187ED4D\VDGGVYFF.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\5F0381E854BE4F4799D9C8BDA187ED4D\VDGGVYFF.EXE
delref %SystemDrive%\PROGRAMDATA\9B5BF3BF63B84FD99928ED8B9FCC0CFA\BCBLPGC.EXE
del %SystemDrive%\PROGRAMDATA\9B5BF3BF63B84FD99928ED8B9FCC0CFA\BCBLPGC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\UCAGENT.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\UCAGENT.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\477E8A9C6C604E9988064ED2CBFB8D9A\TVI27TVSVLEUD.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\477E8A9C6C604E9988064ED2CBFB8D9A\TVI27TVSVLEUD.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\CURL\CURL_7_54.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\CURL\CURL_7_54.EXE
delref HTTP://AMTOMIL.RU/F.EXE
delref %SystemDrive%\USERS\2BA0~1\APPDATA\ROAMING\CURL\CURL.EXE
del %SystemDrive%\USERS\2BA0~1\APPDATA\ROAMING\CURL\CURL.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK\PYTHON\PYTHONW.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK\PYTHON\PYTHONW.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK\ML.PY
del %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK\ML.PY
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK_UPD\PYTHON\PYTHONW.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK_UPD\PYTHON\PYTHONW.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK_UPD\ML.PY
del %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\SETUPSK_UPD\ML.PY
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER.EXE
delref %SystemDrive%\PROGRAM FILES\18758FC5C330045947EC55282D48C3D7\66CE53380D0A840E3D4F4A9D674B14DB.EXE
del %SystemDrive%\PROGRAM FILES\18758FC5C330045947EC55282D48C3D7\66CE53380D0A840E3D4F4A9D674B14DB.EXE
delref %Sys32%\DRIVERS\601229D825213639BBE96FBAB24D5E32.SYS
del %Sys32%\DRIVERS\601229D825213639BBE96FBAB24D5E32.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DODIJCGAFKHPOBJLNFDGIACPDENPMBGME%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPHKDCINMMLJBLPNKOHLIPAIODLONPINF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPMPOAAHLECCAIBBHFJFIMIGEPMFMMBBK%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\888E6484952449BBB1A0C9B8B5354965\PRI1GDXMD4SB6.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\888E6484952449BBB1A0C9B8B5354965\PRI1GDXMD4SB6.EXE
delref %SystemDrive%\PROGRAM FILES\7-ZIP\B8QDV\8E_W5RH2QC.EXE
del %SystemDrive%\PROGRAM FILES\7-ZIP\B8QDV\8E_W5RH2QC.EXE
delref %SystemDrive%\PROGRAMDATA\42B7FECB2CD740A7AAFAC3BD98BE52A2\MLPQKC6S76J.EXE
del %SystemDrive%\PROGRAMDATA\42B7FECB2CD740A7AAFAC3BD98BE52A2\MLPQKC6S76J.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\1E26F91161B6484B9F97687C8570178E\UWWJSLAG4.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\1E26F91161B6484B9F97687C8570178E\UWWJSLAG4.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\62CBBB6444E34AEB9E871CE1B2ECFAFE\UJVJG8KHLOU.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\62CBBB6444E34AEB9E871CE1B2ECFAFE\UJVJG8KHLOU.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\MP3TAGAPP2\MP3TAGAPP.EXE
del %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\MP3TAGAPP2\MP3TAGAPP.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
delref %Sys32%\DRIVERS:UCDRV-X64.SYS
del %Sys32%\DRIVERS:UCDRV-X64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\LIBEGL.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\LIBEGL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCDRV-X64.SYS
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCDRV-X64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\LIBMP3LAME.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\LIBMP3LAME.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X64.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X64.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\STATS_UPLOADER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\STATS_UPLOADER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CHROME_ELF.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CHROME_ELF.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\UPDATER.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\UPDATER.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CONFIG_UPDATER.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CONFIG_UPDATER.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CHROME_CHILD.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CHROME_CHILD.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CHROME.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\CHROME.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\LIBGLESV2.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2716.5\LIBGLESV2.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X86.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X86.EXE
deldirex %SystemDrive%\PROGRAM FILES (X86)\PC PROTECTOR PLUS
deldirex %SystemDrive%\PROGRAMDATA\FRAMEWORK

apply

deltmp
delref %SystemDrive%\PROGRAMDATA\0CBB8490-6A95-0\0CBB8490-6A95-0.D
delref %SystemDrive%\PROGRAMDATA\B2A25E54-4BF1-0\B2A25E54-4BF1-0.D
delref %SystemDrive%\PROGRAMDATA\B2A25E54-42A5-1\B2A25E54-42A5-1.D
delref %SystemDrive%\PROGRAMDATA\0CBB8490-5133-1\0CBB8490-5133-1.D
delref %SystemDrive%\USERS\2BA0~1\APPDATA\LOCAL\TEMP\CHROME_BITS_27216_28885\EXTENSION_7.CRX
delref {9F2B0085-9218-42A1-88B0-9F0E65851666}\[CLSID]
delref {E984D939-0E00-4DD9-AC3A-7ACA04745521}\[CLSID]
delref {FE285C8C-5360-41C1-A700-045501C740DE}\[CLSID]
delref {9CDA66BE-3271-4723-8D35-DD834C58AD92}\[CLSID]
delref %SystemRoot%\SYSWOW64\MAPSTOASTTASK.DLL
delref %SystemRoot%\SYSWOW64\MAPSUPDATETASK.DLL
delref {DEF03232-9688-11E2-BE7F-B4B52FD966FF}\[CLSID]
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\APPVETWCLIENTRES.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\W32TIME.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\WINNAT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBUSR.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\REFS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\HVHOSTSVC.DLL
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SYNTH3DVSC.SYS
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\SPLITTER.X64.AX
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\SPLITTER.AX
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\DXR.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\DXR.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BANDIMPEG1\BDFILTERS64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BANDIMPEG1\BDFILTERS.DLL
delref %Sys32%\BLANK.HTM
delref %Sys32%\DRIVERS\VMBUSR.SYS
delref %Sys32%\DRIVERS\UMDF\USBCCIDDRIVER.DLL
delref %SystemRoot%\INF\UNREGMP2.EXE
delref %SystemDrive%\PROGRAM FILES\MAGIX\VIDEO DELUXE 22\VIDEODELUXE.EXE
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVLICENSINGS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\AVI.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\MKX.X64.DLL
delref %Sys32%\TETHERINGSETTINGHANDLER.DLL
delref %Sys32%\WBEM\WEMSAL_WMIPROVIDER (1).DLL
delref %Sys32%\QUICKACTIONSPS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\MP4.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\TS.X64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\OGM.X64.DLL
delref %Sys32%\CHTADVANCEDDS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SPEECHRUNTIME.EXE
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemRoot%\SYSWOW64\LOCATIONFRAMEWORK.DLL
delref %SystemRoot%\SYSWOW64\MAPSBTSVCPROXY.DLL
delref %SystemRoot%\SYSWOW64\EAPPCFGUI.DLL
delref %SystemRoot%\SYSWOW64\MAPSCSP.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\AVI.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\MKX.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOSTPROXY.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SAPI_EXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\SMARTSCREEN.EXE
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\MP4.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\TS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\OGM.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemRoot%\SYSWOW64\WIFICONFIGSP.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\HAALI\MATROSKASPLITTER\AVS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

;-------------------------------------------------------------

restart

перезагрузка, пишем о старых и новых проблемах.
----------
далее,
выполните быстрое сканирование (угроз) в Malwarebytes

 

[vladmc]

Мой установленный малварбайт не загружается, а новый скачанный не устанавливается, при установке пишет то что на фото..
После перезагрузки проблем стало не меньше, браузер также выскакивает посстоянно с разными ссылками, куча приложений не нужных установлено!

 

[Vvvyg]

Сделайте проверку в AdwCleaner.

 

[safety]

+
добавьте новый образ автозапуска в uVS

 

[vladmc]

Вот что выдаёт при запуске adwcleaner (от имени администратора)

 

[vladmc]

Вот файл из UVs

 

[Vvvyg]

Зоопарк только расширился.

Выполните скрипт в UVS:

;uVS v4.0.9 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
addsgn 0DC977BA156A4D720BD4AFB164C81305258AFDF689FA157885C3C5BC50D6714C2317C3573E559D492B80849F461649FA7DDFE87255DAB02C2D77A42FC7062273 16 TR/Agent.aouob [Avira] 7
addsgn 1AC57F9A5583108CF42BFB3A88A212FA307E2CB189056A707AD6356C17D61945271703A82BAD4D0E2BD07B8ABAC60EFA201CBDF9B95B5C082E77A445D0EE15C3 8 W32.Wajam [Webroot] 7
addsgn A7679B1928664D070E3C228964C8ED70357589FA768F179082C3C5BCD3127D11E11BC33D323DD58028906C18491649C9BD9F6307595F4659214E91C7E102327C 16 Win32.AdWare.Neoreklami.CW [Comodo] 7
addsgn 1A104F9A5583338CF42B627DA89F448E51AEEC7DC5DE0BF3F9E7C937915DA04FE52C3D21366E6546A9E8879F4619F3DF81BCB97254A9B7DF899EB32CC706A38A 48 Win32/Adware.Neoreklami.DA [ESET] 7
chklst
delvir
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\8F0EE4B2E44F4B64B42E9C92928E5313\5VCEHXWZL2.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\2103DCD84009478A883972E8B08BA007\8NQLVIGLA.EXE
delref %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\AMIGO\APPLICATION\AMIGO.EXE
del %Sys32%\DRIVERS:UCDRV-X64.SYS
delref %Sys32%\DRIVERS:UCDRV-X64.SYS
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\90C91A6916844EA7B8734EF5CB996803\E8HMXP8WJT.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\TEMP\A302CFFA48B0458390FBFB02FD12B390\IFIPHVDKIO8U.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\093C1A6A2AA2424C94C1C4520045C569\KSQ8LEDO.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\2401D7CD6B404B0B9D479887CC79917F\LAWMDWNBDUA.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\CEF0B3756AAA443EADCF5D7E6017B2D0\LFKASTVY7.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\MAIL.RU\MAILRUUPDATER.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\MAIL.RU\UPDATE SERVICE\MRUPDSRV.EXE
deldir %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\MAIL.RU
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\4FCE4201A06C48DDA226FA002BC2D729\PRBDG7GZZEHMAQ.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\C0B80D53B3B94CA0A1138753F6933ABA\PVPFRW2ZZ4SNB.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\AFFDA04B81524464AB0BE4E8E0A9F486\QQAKH70K.EXE
deldir %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\SYSLOG
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCDRV-X64.SYS
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X64.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X86.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER.EXE
deldir %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\YC\APPLICATION
zoo %SystemDrive%\PROGRAMDATA\FRAMEWORK\WINDOWS DRIVER.EXE
delall %SystemDrive%\PROGRAMDATA\FRAMEWORK\WINDOWS DRIVER.EXE
delall %SystemDrive%\USERS\МАКСИМ\APPDATA\ROAMING\BB955C7EB0CC4D5CABDFB05E3FB9312C\Y8DUJFMCGV7PO.EXE
deldir %SystemDrive%\PROGRAMDATA\A28713D3056A4031BD4F0889552DBC2F
delref HTTP://GRANENA.RU/?UTM_CONTENT=31B5CEBD524A9AF6C7A772DCA81815E9&UTM_SOURCE=STARTPM&UTM_TERM=08C692DD27D8D5574BAC9679B7B81D6D&UTM_D=20170815
deldir %SystemDrive%\PROGRAMDATA\01474593252446768B84FC580C5BA009
deldir %SystemDrive%\PROGRAM FILES\WINDOWS MAIL\4AH583WHTE0FQR8XFPP70G5TJ
deldir %SystemDrive%\PROGRAM FILES\WINDOWS SECURITY\IF5OBZUB152OK4O9MBN14CYTKOOTPNB
deldir %SystemDrive%\PROGRAM FILES (X86)\QYERBVXRHIE
regt 14
setdns Ethernet\4\{A8C9A0F7-1B5C-4E7F-98EA-483E23B54704}\8.8.8.8,8.8.4.4
dnsreset
delref HTTP://GO.MAIL.RU/DISTIB/EP/?PRODUCT_ID=%7B40B3BF36-53AD-4A1F-A157-7E18731C770C%7D&GP=831106
delref HTTP://MAIL.RU/CNT/10445?GP=831105
deldir %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\7F7325F0F50748F4A77C1E17EEA8B023
delall %SystemDrive%\PROGRAM FILES (X86)\THZXUJVJU\3NWXG8V.DLL
deldir %SystemDrive%\PROGRAM FILES (X86)\GXZIGYYLSHYU2
deldir %SystemDrive%\USERS\МАКСИМ\APPDATA\LOCAL\WUPDATE
deldir %SystemDrive%\PROGRAM FILES\XWINBRAYME
uidel  "C:\Program Files (x86)\PC Protector Plus\unins000.exe"
deldir C:\Program Files (x86)\PC Protector Plus
uidel  C:\Program Files (x86)\dCHHaxjOpqUn\qTSgZZPsbT.exe
deldir C:\Program Files (x86)\dCHHaxjOpqUn
uidel C:\Users\Максим\AppData\Local\Mail.Ru\MailRuUpdater.exe uninstall
uidel "C:\Users\Максим\AppData\Local\Amigo\Application\56.0.2924.180\Installer\setup.exe" --uninstall
delref %SystemDrive%\PROGRAMDATA\B2A25E54-7415-0\B2A25E54-7415-0.D
delref %SystemDrive%\PROGRAMDATA\B2A25E54-7525-1\B2A25E54-7525-1.D
regt 18
deltmp
apply
czoo
restart

В папке с uVS появится архив ZIP с именем, начинающимся с ZOO_ и далее из даты и времени, отправьте этот файл на vvvyg@yandex.ru.

В папке с UVS будет лог выполнения скрипта, текстовый файл с именем из даты и времени выполнения, прикрепите его с своему сообщению.

Сделайте лог Farbar Recovery Scan Tool.

 

[vladmc]

Вот лог, на почту выслал Zoo файл

 

[vladmc]

Вложил файлы скана FRST

 

[safety]

6. Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!

HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
OPR Extension: (Teddy Protection Lite) - C:\Users\Максим\AppData\Roaming\Opera Software\Opera Stable\Extensions\nojkagbjbhgnilkopgljfkhddmdjcjfn [2017-06-28]
OPR Extension: (Блокировщик Рекламы Для Ютуба™) - C:\Users\Максим\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd [2017-08-17]
2017-08-17 16:18 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Все пользователи\74f176762a1e4f8cadacdc1758196d13
2017-08-17 16:18 - 2017-08-17 22:45 - 000000000 ____D C:\ProgramData\74f176762a1e4f8cadacdc1758196d13
2017-08-17 16:18 - 2017-08-17 16:18 - 000000000 ____D C:\Users\Максим\AppData\Roaming\f4f9fe766eb043b888b72bdd52783a19
2017-08-17 16:17 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Roaming\8f0ee4b2e44f4b64b42e9c92928e5313
2017-08-17 16:17 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\b1aff7e3a7fd4d239fca8fe4b630ecec
2017-08-17 13:20 - 2017-08-17 13:20 - 000000000 ____D C:\Users\Максим\AppData\LocalLow\HGQlVNXRXkVsT
2017-08-17 13:00 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\2401d7cd6b404b0b9d479887cc79917f
2017-08-17 13:00 - 2017-08-17 22:45 - 000000000 ____D C:\Program Files (x86)\thzXuJvjU
2017-08-17 13:00 - 2017-08-17 13:00 - 000000000 ____D C:\Users\Максим\AppData\Local\93d5910c52724101b0e7c51f04102f48
2017-08-17 12:59 - 2017-08-17 12:59 - 000000000 ____D C:\Users\Все пользователи\435bd67a5ae14be09ff6380b91c5cb91
2017-08-17 12:59 - 2017-08-17 12:59 - 000000000 ____D C:\ProgramData\435bd67a5ae14be09ff6380b91c5cb91
2017-08-16 21:54 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Roaming\093c1a6a2aa2424c94c1c4520045c569
2017-08-16 21:54 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\affda04b81524464ab0be4e8e0a9f486
2017-08-16 21:54 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\4fce4201a06c48dda226fa002bc2d729
2017-08-16 21:54 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\3e0daf09297a48dc9b41ea04eb0626c7
2017-08-16 21:54 - 2017-08-16 21:54 - 000000000 ____D C:\Users\Максим\AppData\Roaming\4f0fdf66adf640f59e2662c18f7fd1f0
2017-08-16 21:54 - 2017-08-16 21:54 - 000000000 ____D C:\Users\Максим\AppData\Local\e27a8946b9be439b9488b086a1cfe361
2017-08-16 19:29 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Все пользователи\b2a25e54-7525-1
2017-08-16 19:29 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Все пользователи\b2a25e54-7415-0
2017-08-16 19:29 - 2017-08-17 22:45 - 000000000 ____D C:\ProgramData\b2a25e54-7525-1
2017-08-16 19:29 - 2017-08-17 22:45 - 000000000 ____D C:\ProgramData\b2a25e54-7415-0
2017-08-16 19:22 - 2017-08-17 22:45 - 000000000 ____D C:\Program Files\18758fc5c330045947ec55282d48c3d7
2017-08-16 19:19 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\90c91a6916844ea7b8734ef5cb996803
2017-08-16 19:19 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\6e2a05d9eb224259b659534311ed4ae1
2017-08-16 19:19 - 2017-08-16 19:19 - 000000000 ____D C:\Users\Максим\AppData\Roaming\dbad8c24b6a841fc8b3c564faf2c1a11
2017-08-16 17:23 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Roaming\cef0b3756aaa443eadcf5d7e6017b2d0
2017-08-16 17:23 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Roaming\bb955c7eb0cc4d5cabdfb05e3fb9312c
2017-08-16 17:23 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Максим\AppData\Local\c0b80d53b3b94ca0a1138753f6933aba
2017-08-16 17:23 - 2017-08-16 17:23 - 000000000 ____D C:\Users\Все пользователи\a4150e69bc4d41f78c93502168e05fdf
2017-08-16 17:23 - 2017-08-16 17:23 - 000000000 ____D C:\ProgramData\a4150e69bc4d41f78c93502168e05fdf
2017-08-16 12:43 - 2017-08-16 12:43 - 002684928 _____ C:\WINDOWS\7b0efef5355d37d946bddd1f021b92e1.exe
2017-08-15 14:54 - 2017-08-16 19:17 - 000000000 ____D C:\Users\Максим\AppData\Roaming\curl
2017-08-15 14:54 - 2017-08-15 14:54 - 000000000 ____D C:\Users\Максим\AppData\Local\Вoйти в Интeрнет
2017-08-15 14:53 - 2017-08-15 14:53 - 000000000 ____D C:\Users\Максим\AppData\Local\yc
2017-08-15 14:47 - 2017-08-17 16:18 - 000031443 _____ C:\WINDOWS\391ed2683ff54dc32d4303685a8affc1.ps1
2017-08-15 14:47 - 2017-08-17 16:18 - 000003476 _____ C:\WINDOWS\System32\Tasks\391ed2683ff54dc32d4303685a8affc1
2017-08-15 14:47 - 2017-08-17 16:17 - 000003300 _____ C:\WINDOWS\System32\Tasks\18758fc5c330045947ec55282d48c3d7
2017-08-15 14:47 - 2017-08-15 14:47 - 000000000 ____D C:\Users\Максим\AppData\Local\Поиcк в Интeрнете
2017-08-15 14:46 - 2017-08-15 14:46 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-08-15 14:44 - 2017-08-16 19:19 - 000000000 ____D C:\Users\Все пользователи\d70f5c20514147ba890a62d2ea454740
2017-08-15 14:44 - 2017-08-16 19:19 - 000000000 ____D C:\ProgramData\d70f5c20514147ba890a62d2ea454740
2017-08-15 14:44 - 2017-08-16 19:17 - 000000000 ____D C:\Users\Все пользователи\9b5bf3bf63b84fd99928ed8b9fcc0cfa
2017-08-15 14:44 - 2017-08-16 19:17 - 000000000 ____D C:\ProgramData\9b5bf3bf63b84fd99928ed8b9fcc0cfa
2017-08-15 13:01 - 2017-08-15 13:01 - 000000000 ____D C:\Users\Максим\AppData\Roaming\PCPRJ
2017-08-15 13:01 - 2017-08-15 13:01 - 000000000 ____D C:\Users\Максим\AppData\Roaming\Jawego
2017-08-15 13:01 - 2017-08-15 13:01 - 000000000 ____D C:\Users\Максим\AppData\Local\Jawego
2017-08-15 13:01 - 2017-08-15 13:01 - 000000000 ____D C:\Users\Все пользователи\Jawego
2017-08-15 13:01 - 2017-08-15 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Protector Plus
2017-08-15 13:01 - 2017-08-15 13:01 - 000000000 ____D C:\ProgramData\Jawego
2017-08-15 13:01 - 2016-09-26 17:26 - 000026560 _____ C:\WINDOWS\system32\pcplusnative64.exe
2017-08-15 12:54 - 2017-08-16 19:17 - 000000000 ____D C:\Users\Максим\AppData\Local\888e6484952449bbb1a0c9b8b5354965
2017-08-14 22:08 - 2017-08-16 19:18 - 000000000 ____D C:\Users\Все пользователи\b2a25e54-4bf1-0
2017-08-14 22:08 - 2017-08-16 19:18 - 000000000 ____D C:\Users\Все пользователи\b2a25e54-42a5-1
2017-08-14 22:08 - 2017-08-16 19:18 - 000000000 ____D C:\ProgramData\b2a25e54-4bf1-0
2017-08-14 22:08 - 2017-08-16 19:18 - 000000000 ____D C:\ProgramData\b2a25e54-42a5-1
2017-08-14 22:08 - 2017-08-14 22:08 - 000000000 ____D C:\Users\Все пользователи\Microleaves
2017-08-14 22:08 - 2017-08-14 22:08 - 000000000 ____D C:\ProgramData\Microleaves
2017-08-14 22:07 - 2017-08-16 19:17 - 000000000 ____D C:\Users\Максим\AppData\Local\1e26f91161b6484b9f97687c8570178e
2017-08-14 22:05 - 2017-08-16 19:18 - 000000000 ____D C:\Users\Все пользователи\0cbb8490-6a95-0
2017-08-14 22:05 - 2017-08-16 19:18 - 000000000 ____D C:\Users\Все пользователи\0cbb8490-5133-1
2017-08-14 22:05 - 2017-08-16 19:18 - 000000000 ____D C:\ProgramData\0cbb8490-6a95-0
2017-08-14 22:05 - 2017-08-16 19:18 - 000000000 ____D C:\ProgramData\0cbb8490-5133-1
2017-08-14 22:05 - 2017-08-14 22:05 - 000000000 ____D C:\Users\Максим\AppData\Roaming\Microleaves
2017-08-14 22:05 - 2017-08-14 22:05 - 000000000 ____D C:\Users\Максим\AppData\Roaming\gplyra
2017-08-14 22:04 - 2017-08-16 19:17 - 000000000 ____D C:\Users\Максим\AppData\Roaming\Event Monitor
2017-08-14 22:04 - 2017-08-16 19:17 - 000000000 ____D C:\Users\Максим\AppData\Local\477e8a9c6c604e9988064ed2cbfb8d9a
2017-08-14 22:04 - 2017-08-16 19:17 - 000000000 ____D C:\Users\Все пользователи\42b7fecb2cd740a7aafac3bd98be52a2
2017-08-14 22:04 - 2017-08-16 19:17 - 000000000 ____D C:\ProgramData\42b7fecb2cd740a7aafac3bd98be52a2
2017-08-14 22:04 - 2017-08-15 14:45 - 001847296 _____ C:\Users\Максим\AppData\Local\po.db
2017-08-14 22:04 - 2017-08-14 22:04 - 000000000 ____D C:\Users\Максим\AppData\Roaming\c2c6da2b28224a7194c2fdfb14a0c6a7
2017-08-14 22:04 - 2017-08-14 22:04 - 000000000 ____D C:\Program Files (x86)\pccleanplus
2017-08-14 21:44 - 2017-08-14 21:44 - 000000000 ____D C:\Users\Максим\AppData\Local\Crutches
EmptyTemp:
Reboot:

+
добавьте новые логи FRST и новый образ автозапуска uVS.

 

[Vvvyg]

Сделайте сканирование и очистку в AdwCleaner, теперь получится. Лог очистки прикрепите.

 

[vladmc]

Выполнил fixlist, который выложил safety, до этого и после выдаётся сообщение после перезагрузки компа

 

[vladmc]

Вот Fixlog после перезагрузки

 

[vladmc]

Файлы из FRST !

 

[vladmc]

Файлы UVs, чуть позже выложу Adwcleaner

 

[Vvvyg]

Примените в Farbar Recovery Scan Tool такой fixlist.txt:

CreateRestorePoint:
() C:\ProgramData\DirectX11b\System.exe
R2 DirectX11b; C:\ProgramData\DirectX11b\System.exe [8192 2016-02-17] () [File not signed] <==== ATTENTION
S2 Framework; C:\ProgramData\WindowsSQL\System.exe [8192 2016-02-17] () [File not signed] <==== ATTENTION
C:\ProgramData\WindowsSQL
C:\ProgramData\DirectX11b
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-4190512208-3122350677-1920154019-1001\...\Run: [iwdhieiubm] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=08C692DD27D8D5574BAC9679B7B81D6D&utm_d=20170815" <==== ATTENTION
HKU\S-1-5-21-4190512208-3122350677-1920154019-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [RestrictRun] 0
OPR StartupUrls: "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=08C692DD27D8D5574BAC9679B7B81D6D&utm_d=20170815"
R1 5f4742cdad2eefb9ff07e3fe7735f103; C:\WINDOWS\system32\drivers\5f4742cdad2eefb9ff07e3fe7735f103.sys [77184 2017-08-16] (36IHD8) <==== ATTENTION
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
C:\Program Files (x86)\UCBrowser
2017-08-16 12:43 - 2017-08-16 12:43 - 000077184 _____ (36IHD8) C:\WINDOWS\system32\Drivers\5f4742cdad2eefb9ff07e3fe7735f103.sys
2017-08-17 22:45 - 2017-03-29 17:05 - 000000000 ____D C:\Users\Максим\AppData\Local\Mail.Ru
2017-08-16 21:53 - 2017-03-29 17:05 - 000000000 ____D C:\Users\Максим\AppData\Local\Amigo
Reg: reg delete "HKU\S-1-5-21-4190512208-3122350677-1920154019-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo" /f
ContextMenuHandlers1: [PC Protector Plus] -> {63F58340-0CD0-403B-B6E8-4E1449F01C6F} => C:\Users\Максим\AppData\Local\Jawego\PC Protector Plus\pcpluscontexthelper64.dll -> No File
ContextMenuHandlers6: [PC Protector Plus] -> {63F58340-0CD0-403B-B6E8-4E1449F01C6F} => C:\Users\Максим\AppData\Local\Jawego\PC Protector Plus\pcpluscontexthelper64.dll -> No File
Task: {06FACEC3-12E6-4918-A8D5-EACF8D742B9E} - \TnqpiRJoXWMCwN -> No File <==== ATTENTION
Task: {0DEE4EBC-34D3-4C1F-81E2-7B7811A28006} - System32\Tasks\ijhg => "C:\WINDOWS\system32\LaunchWinApp.exe" inewsru.com/ijhg
Task: {102C533D-2A72-41E4-AD0E-2F6C2617A790} - \MSI -> No File <==== ATTENTION
Task: {1497998A-BE30-4B85-8677-D406475549F9} - \391ed2683ff54dc32d4303685a8affc1 -> No File <==== ATTENTION
Task: {17A6F3EE-0693-45F3-9C40-0FF4E5BF8A99} - \XWinBrayMe -> No File <==== ATTENTION
Task: {21C3EE33-31DF-4EE1-912E-A9CF5307E2D9} - \setupsk_upd -> No File <==== ATTENTION
Task: {517BBDAE-3E86-4F00-AFC9-3085D6F7F2CB} - \UCBrowserSecureUpdater -> No File <==== ATTENTION
Task: {5B443E09-8057-4BCC-8B7F-1B0014878C08} - \MailRuUpdater -> No File <==== ATTENTION
Task: {74090AAC-5E63-49B6-B4C6-6B81ED742D9B} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {7B563409-60CE-4D26-81B7-D52704CEB522} - \PC Protector Plus_startup -> No File <==== ATTENTION
Task: {81D1C4B9-0ED1-4B0E-AC20-4643B6F274D6} - \curls -> No File <==== ATTENTION
Task: {822A0C75-8CDF-4870-BE78-A96F87F24EBD} - \RunAtStartup -> No File <==== ATTENTION
Task: {B41CE5CA-F2C5-46A8-BA88-624BA906EECD} - \PC Protector Plus_runnag -> No File <==== ATTENTION
Task: {C7CE3216-E50C-4D67-91DF-61BAD9A87DDA} - \wupdate -> No File <==== ATTENTION
Task: {D205B999-8F7B-4291-A148-BC74E4717F50} - \setupsk -> No File <==== ATTENTION
Task: {D49A7FFC-D4FA-4922-88D3-F38FA0E9D0A8} - \uuxHwpnMkRCRpJh2 -> No File <==== ATTENTION
Task: {D9F6E1CA-2712-4F81-9B81-BAF270D48961} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {FDC47E3A-52C2-49BE-B39C-648B4071036E} - \syslog -> No File <==== ATTENTION
Task: {FF6B116C-F13B-4E17-9C11-F79068A1503E} - \curl -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
HKU\S-1-5-21-4190512208-3122350677-1920154019-1001\...\StartupApproved\Run: => "amigo"
FirewallRules: [{9566C8F1-8111-47FB-86F7-026B7F8CC407}] => (Allow) C:\Program Files\UBar\ubar.exe
FirewallRules: [{2EC26480-CB46-4864-A12A-7DCD43337D68}] => (Allow) C:\Program Files (x86)\Secure Driver Updater\SDU.exe
FirewallRules: [{2607A0E6-F5D8-4836-A21E-4F315A34D973}] => (Allow) C:\Users\Максим\AppData\Local\yc\Application\yc.exe
Reboot:

Новый fixlog.txt прикрепите.

 

[vladmc]

FRST не доделался до конца, вот что выдал

 

[vladmc]

Adwcleaner Скан и Удаление

 

[safety]

@vladmc,
что сейчас с проблемами?