[решено] Нахватал вирусов - Компьютерный форум OSzone.net

Удалите через установку программ в панели управления

Код:

youndoo - Uninstall (HKLM-x32\...\{12ECF142-0C0C-4789-BE77-E18C2DA79F17}) (Version:  - ) <==== ATTENTION

youndoo - Uninstall (HKLM-x32\...\{3A1536B2-AA7D-4D2B-940E-ACF28267DE8E}) (Version:  - ) <==== ATTENTION

Закройте и сохраните все открытые приложения.
Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:

Код:

CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1079846064-3688175298-3292213628-1001\...\Policies\Explorer: [] HKLM\...\Providers\kcj8obw6: C:\Program Files (x86)\Cihophcluvert Host\local64spl.dll [292352 2017-01-03] () ShellExecuteHooks: No Name - {C0670FC0-CCF5-11E6-8AFD-64006A5CFC23} - C:\Users\villi_000\AppData\Roaming\Clossyzertish\Phertytujosp.dll [145920 2017-01-03] () ShellExecuteHooks: No Name - {7F018248-CCF6-11E6-996A-64006A5CFC23} - C:\Users\villi_000\AppData\Roaming\Naleing\Arowesypkosh.dll [147968 2017-01-05] () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX&q={searchTerms} SearchScopes: HKU\S-1-5-21-1079846064-3688175298-3292213628-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX&q={searchTerms} SearchScopes: HKU\S-1-5-21-1079846064-3688175298-3292213628-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX Edge HomeButtonPage: HKU\S-1-5-21-1079846064-3688175298-3292213628-1001 -> hxxp://www.amisites.com/?type=hp&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX C:\Users\villi_000\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\83i4z4db.default\Profiles\83i4z4db.default [not found] FF ProfilePath: C:\Users\villi_000\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\83i4z4db.default\Profiles\83i4z4db.default [not found] FF Homepage: Mozilla\Firefox\Profiles\83i4z4db.default -> hxxp://www.amisites.com/?type=hp&ts=1483650095&z=5819c8820e46d59b965ee75g2zfb4c4q2w7e2e0t0w&from=che0812&uid=HGSTXHTS541010A9E680_JA1009C02X5JPP2X5JPPX FF SearchPlugin: C:\Users\villi_000\AppData\Roaming\Firefox\Firefox\Profiles\83i4z4db.default\searchplugins\amisites.xml [2017-01-06] FF SearchPlugin: C:\Users\villi_000\AppData\Roaming\Firefox\Firefox\Profiles\83i4z4db.default\searchplugins\p00eid1m.xml [2017-01-05] FF SearchPlugin: C:\Users\villi_000\AppData\Roaming\Firefox\Firefox\Profiles\83i4z4db.default\searchplugins\x2c6j6c3.xml [2017-01-03] OPR Extension: (Quick Searcher) - C:\Users\villi_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2016-02-14] OPR Extension: (No Name) - C:\Users\villi_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\bapebekcapehfapcilombbgepgedmnmn [2016-09-21] OPR Extension: (No Name) - C:\Users\villi_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmiehpkiedpkpifcpeplghoibfhhigo [2017-01-03] OPR Extension: (No Name) - C:\Users\villi_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-09-21] R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [361472 2017-01-06] (update) [File not signed] R2 Convxxxx; C:\Users\villi_000\AppData\Roaming\fjcfi\UvConverter.exe [400384 2017-01-05] () [File not signed] R2 Datuch; C:\Program Files (x86)\Edechjiherly\GmcAdapter.dll [177664 2017-01-05] () [File not signed] R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [133632 2017-01-06] () [File not signed] R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [564736 2017-01-05] () [File not signed] <==== ATTENTION S2 Zikacultthojerly; C:\Program Files (x86)\Plrerch\coerdakckoferghupdate.dll [X] R1 21e68a01e3b695908cab6e7f4dc74ab6; C:\WINDOWS\system32\drivers\21e68a01e3b695908cab6e7f4dc74ab6.sys [95040 2016-12-16] (97V68D) <==== ATTENTION R1 ed8a8bdf1a8bae6dec4bfe63acd69919; C:\WINDOWS\system32\drivers\ed8a8bdf1a8bae6dec4bfe63acd69919.sys [95040 2017-01-05] (KFBQDO) <==== ATTENTION 2017-01-06 00:01 - 2017-01-06 00:01 - 00000000 ____D C:\Users\villi_000\AppData\Roaming\fjcfi 2017-01-06 00:01 - 2017-01-06 00:01 - 00000000 ____D C:\Program Files (x86)\UvConverter Folder: C:\Program Files (x86)\Mejash Renew 2017-01-05 23:45 - 2017-01-06 23:16 - 00000000 ____D C:\Program Files (x86)\Edechjiherly 2017-01-05 23:45 - 2017-01-05 23:57 - 00000000 ____D C:\Users\villi_000\AppData\Roaming\Naleing 2017-01-05 23:45 - 2017-01-05 23:45 - 00000000 ____D C:\Users\villi_000\AppData\Local\Ckapodomcoifipy 2017-01-05 23:44 - 2017-01-05 23:44 - 00000000 ____D C:\Users\villi_000\AppData\Local\ZaxarGameBrowser 2017-01-05 23:41 - 2017-01-05 23:44 - 00000000 ____D C:\Program Files (x86)\Zaxar 2017-01-05 19:11 - 2017-01-05 19:11 - 01982132 _____ C:\WINDOWS\ae41d3ee4fd47bfb20913226622e86a1.exe 2017-01-05 19:08 - 2017-01-05 19:08 - 00095040 _____ (KFBQDO) C:\WINDOWS\system32\Drivers\ed8a8bdf1a8bae6dec4bfe63acd69919.sys 2017-01-05 02:51 - 2017-01-05 02:51 - 00000000 ____D C:\Program Files\f09er35s 2017-01-04 22:44 - 2017-01-04 22:45 - 00000000 ____D C:\Program Files\dda164877d46f099fd3516d6035c7d53 2017-01-04 22:43 - 2017-01-07 00:09 - 00000000 ____D C:\Users\villi_000\AppData\Local\MailruSetup 2017-01-04 22:41 - 2017-01-06 14:57 - 00000000 ____D C:\Users\Все пользователи\hdtask 2017-01-04 22:41 - 2017-01-06 14:57 - 00000000 ____D C:\ProgramData\hdtask 2017-01-04 16:13 - 2017-01-04 16:13 - 00000000 ___HD C:\naR2mBLxthmFrDDW 2017-01-04 15:42 - 2017-01-06 00:07 - 00000000 ____D C:\Users\Все пользователи\WinSAPSvc 2017-01-04 15:42 - 2017-01-06 00:07 - 00000000 ____D C:\ProgramData\WinSAPSvc 2017-01-04 15:42 - 2017-01-04 15:42 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-01-04 15:42 - 2017-01-04 15:42 - 00000000 ____D C:\Program Files (x86)\Gubed 2017-01-04 15:40 - 2017-01-05 23:57 - 00000000 ____D C:\Program Files (x86)\Plrerch 2017-01-04 15:39 - 2017-01-06 15:56 - 00000000 ____D C:\Program Files\kcj8obw6 2017-01-04 03:56 - 2017-01-04 04:10 - 00000000 ___HD C:\EQLpKG4Yq1ll3aHt 2017-01-04 03:02 - 2017-01-04 03:02 - 00000532 _____ C:\WINDOWS\Tasks\Windows desktop installer.job 2017-01-04 03:02 - 2017-01-04 03:02 - 00000000 ____D C:\Users\villi_000\AppData\Roaming\MyDesktop 2017-01-03 18:07 - 2017-01-03 18:08 - 00000000 ____D C:\Program Files (x86)\Cihophcluvert Host 2017-01-03 18:05 - 2017-01-03 18:06 - 00000000 ____D C:\Users\villi_000\AppData\Local\Gerpuleluhoght 2017-01-03 18:05 - 2017-01-03 18:05 - 00000000 ____D C:\Users\villi_000\AppData\Roaming\Clossyzertish 2017-01-03 17:34 - 2017-01-03 17:34 - 00000000 ____D C:\Users\Все пользователи\Hotfreshs 2017-01-03 17:34 - 2017-01-03 17:34 - 00000000 ____D C:\ProgramData\Hotfreshs 2017-01-03 17:30 - 2017-01-03 17:34 - 01938537 _____ C:\Users\villi_000\AppData\Roaming\Trantinfax.bin 2017-01-03 17:30 - 2017-01-03 17:30 - 07316480 _____ C:\Users\villi_000\AppData\Roaming\agent.dat 2017-01-03 17:30 - 2017-01-03 17:30 - 01907676 _____ C:\Users\villi_000\AppData\Roaming\Free-Job.tst 2017-01-03 17:30 - 2017-01-03 17:30 - 00126464 _____ C:\Users\villi_000\AppData\Roaming\noah.dat 2017-01-03 17:30 - 2017-01-03 17:30 - 00070704 _____ C:\Users\villi_000\AppData\Roaming\Config.xml 2017-01-03 17:30 - 2017-01-03 17:30 - 00018432 _____ C:\Users\villi_000\AppData\Roaming\Main.dat 2017-01-03 17:30 - 2017-01-03 17:30 - 00005568 _____ C:\Users\villi_000\AppData\Roaming\md.xml 2017-01-03 17:30 - 2017-01-03 17:29 - 00629760 _____ C:\Users\villi_000\AppData\Roaming\Free-Job.exe 2017-01-03 17:29 - 2017-01-03 17:29 - 00278518 _____ C:\Users\villi_000\AppData\Roaming\U-zap.bin 2017-01-03 17:29 - 2017-01-03 17:29 - 00140288 _____ C:\Users\villi_000\AppData\Roaming\Installer.dat 2017-01-03 17:29 - 2017-01-03 17:29 - 00016224 _____ C:\Users\villi_000\AppData\Roaming\InstallationConfiguration.xml 2017-01-03 17:26 - 2017-01-03 17:26 - 00000000 ____D C:\WINDOWS\IObit 2017-01-03 17:26 - 2017-01-03 17:26 - 00000000 ____D C:\Users\villi_000\AppData\Roaming\IObit 2017-01-03 17:25 - 2017-01-04 04:32 - 00000000 ____D C:\Program Files\OBX8K9MUJ7 2016-12-16 18:18 - 2016-12-16 18:18 - 00095040 _____ (97V68D) C:\WINDOWS\system32\Drivers\21e68a01e3b695908cab6e7f4dc74ab6.sys 2017-01-03 17:26 - 2016-02-14 14:55 - 00000000 ____D C:\Users\Все пользователи\ProductData 2017-01-03 17:26 - 2016-02-14 14:55 - 00000000 ____D C:\Users\Все пользователи\IObit 2017-01-03 17:26 - 2016-02-14 14:55 - 00000000 ____D C:\Users\villi_000\AppData\LocalLow\IObit 2017-01-03 17:26 - 2016-02-14 14:55 - 00000000 ____D C:\ProgramData\ProductData 2017-01-03 17:26 - 2016-02-14 14:55 - 00000000 ____D C:\ProgramData\IObit C:\Users\villi_000\AppData\Local\Temp\mpam-b5d94ea2.exe Task: {013C1BF0-6FB5-4A63-80E6-BBFAF98E1740} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {1F4AFB50-00BB-4ACA-AFE4-60143774DF1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {2344D70F-5936-4103-91DF-2A33D1AD72EB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {474591D7-668F-46DE-9939-664CB7D2B4C3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {7562A6D0-D884-404B-A740-B850310294E8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {7FCD32C9-8A9B-4593-B642-E82D50ADFEE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {92DC9487-C5BA-49AC-99D2-D2E6B8A1FD84} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {9EEE5302-3B35-4F2F-8ED7-7BDE00D5CEE7} - System32\Tasks\Kerdcult Module => C:\Program Files (x86)\Edechjiherly\jidule.exe [2017-01-05] (Glarysoft Ltd) Task: {A3387022-3661-46DA-B51C-D939D9133D7B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {ACE2BC85-D04E-45AF-A9E8-428695213103} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {ACF109C1-0C45-4572-BA34-F1842C883FA0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C06F66BC-8D32-4369-BC44-264D061C81C4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {C25FB526-28EF-4F6D-9506-D93341F8E922} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DD2E79AF-555E-41EE-9FB1-469AFE24AAAB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {F01AF12F-0736-49FE-BBD2-5879C4430F1E} - \Microsoft\Windows\Multimedia\MailruSetup -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\Windows desktop installer.job => C:\Users\villi_000\AppData\Roaming\MyDesktop\linkme.exe 2017-01-04 15:42 - 2017-01-05 02:53 - 00564736 _____ () C:\Program Files (x86)\Common Files\Services\iThemes.dll 2017-01-04 15:42 - 2017-01-06 21:55 - 00133632 _____ () c:\program files (x86)\gubed\gubedzl.dll 2017-01-05 23:48 - 2017-01-05 23:48 - 00177664 _____ () c:\program files (x86)\edechjiherly\gmcadapter.dll 2017-01-06 00:00 - 2017-01-05 16:10 - 00186368 _____ () c:\programdata\winsapsvc\winsap.dll AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] AlternateDataStreams: C:\Users\Все пользователи\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] HKU\S-1-5-21-1079846064-3688175298-3292213628-1001\Software\Classes\.scr: scrfile => <===== ATTENTION HKU\S-1-5-21-1079846064-3688175298-3292213628-1001\...\StartupApproved\Run: => "7GT96TJ814" InternetURL: C:\Users\villi_000\Favorites\Links\Интернет.url -> URL: hxxp://dcubege.ru/?utm_source=favorites03&utm_content=0540cd3f39398aa7b086fcb67de19a76&utm_term=2B030964F5AB5047EABD9D46D5624378&utm_d=20160126 Reboot:
Запустите FRST и нажмите один раз на кнопку Fix и подождите.
Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
Обратите внимание, что компьютер будет перезагружен.