- Сообщения
- 16,457
- Решения
- 1
- Реакции
- 3,448
Примите к сведению - после выполнения скрипта (возможно) все открытые вкладки браузеров будут закрыты, произойдет выход из аккаунтов, временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Подробнее читайте в этом руководстве.
- Отключите до перезагрузки антивирус.
- Выделите следующий код:
Код:Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ограничение <==== ВНИМАНИЕ HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ограничение <==== ВНИМАНИЕ HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Нет файла) GroupPolicy: Ограничение - Chrome <==== ВНИМАНИЕ Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ограничение <==== ВНИМАНИЕ HKLM\SOFTWARE\Policies\Google: Ограничение <==== ВНИМАНИЕ HKLM\SOFTWARE\Policies\Microsoft\Edge: Ограничение <==== ВНИМАНИЕ Task: {77D0DF96-10E0-4A40-BBC8-A24D44CAA3DD} - System32\Tasks\CCleanerSkipUAC => "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) (Нет файла) FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://find-it.pro/?utm_source=distr_m FF Notifications: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz FF HomepageOverride: Mozilla\Firefox\Profiles\nahd6ha2.default -> Enabled: homepage@mail.ru FF Extension: (Домашняя страница Mail.Ru) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru.xpi [2020-12-17] [UpdateUrl:hxxps://crxmailru.cdnmail.ru/go_ffhp_update.json] C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddmabhekhhonkmomaklnflhhgbfnioe C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem CHR HomePage: System Profile -> hxxps://find-it.pro/?utm_source=distr_m CHR StartupUrls: System Profile -> "hxxps://find-it.pro/?utm_source=distr_m" CHR DefaultSearchKeyword: System Profile -> cdn C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iddmabhekhhonkmomaklnflhhgbfnioe C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\oikgcnjambfooaigmdljblbaeelmekem CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] CHR HKU\S-1-5-21-3483602661-1754823105-4190519746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeeninnnlhgaojlolnbpljadhbionlal] CHR HKU\S-1-5-21-3483602661-1754823105-4190519746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ldgpjdiadomhinpimgchmeembbgojnjk] CHR HKU\S-1-5-21-3483602661-1754823105-4190519746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] CHR HKU\S-1-5-21-3483602661-1754823105-4190519746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [hglcmagplhbklifejibdeldmmddbechf] CHR HKLM-x32\...\Chrome\Extension: [hjdkfkdkokphfploiiddakjokndinfgb] CHR HKLM-x32\...\Chrome\Extension: [iepoegkaoeljnbhagabakjodgpfniimo] CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-03] (Adobe Inc. -> Adobe) S3 AIDA64Driver; \??\C:\Users\user\AppData\Local\Temp\Rar$EXa4896.43319\kerneld.x64 [X] <==== ВНИМАНИЕ U3 aswbdisk; отсутствует ImagePath 2024-02-24 09:37 - 2024-02-26 20:00 - 000000000 ____D C:\Program Files (x86)\PQNaWREeZnbU2 2024-02-24 09:37 - 2024-02-26 20:00 - 000000000 ____D C:\Program Files (x86)\HxCCxIntlmmAC 2024-02-24 09:37 - 2024-02-26 20:00 - 000000000 ____D C:\Program Files (x86)\dSawpOhOJteWMxnsjER 2024-02-24 09:37 - 2024-02-24 09:37 - 000000000 ____D C:\ProgramData\fCydShCXPZquDnVB 2024-02-24 09:37 - 2024-02-24 09:37 - 000000000 ____D C:\Program Files (x86)\rtKYxtBoEkUn 2024-02-24 08:08 - 2024-02-26 20:00 - 000000000 ____D C:\Program Files (x86)\bEorAAFRU 2024-02-21 18:04 - 2024-02-21 18:04 - 000000000 ____D C:\Program Files (x86)\WondershareUpdate 2024-02-21 18:03 - 2024-02-21 18:07 - 000000000 ____D C:\Users\user\AppData\Roaming\Wondershare 2024-02-21 18:02 - 2024-02-21 20:20 - 000000000 ____D C:\ProgramData\Wondershare 2024-02-21 18:02 - 2024-02-21 18:07 - 000000000 ____D C:\Program Files\Wondershare 2024-02-21 18:02 - 2024-02-21 18:03 - 000000000 ____D C:\Users\user\AppData\Local\Wondershare 2024-02-26 20:00 - 2023-10-29 22:32 - 000000000 ____D C:\ProgramData\postal-programmer AV: Kaspersky Free (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [3442] AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [3442] AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [3442] AlternateDataStreams: C:\ProgramData\fontcacheev1.dat:D758CE5CE2 [3442] AlternateDataStreams: C:\ProgramData\hwskcrgw.bra:B7B1C85C3A [3442] AlternateDataStreams: C:\ProgramData\juutbubq.wrj:C3E58011A3 [3442] AlternateDataStreams: C:\ProgramData\lzmiudcz.flf:B96BCC688C [3442] AlternateDataStreams: C:\ProgramData\mijprvzl.ern:9658CDE1C9 [3442] AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat{a70bd9b3-3d20-11eb-a6ad-7085c2ba07fa}.TM.blf:EF6846887A [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat{a70bd9b3-3d20-11eb-a6ad-7085c2ba07fa}.TMContainer00000000000000000001.regtrans-ms:06645BD33F [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat{a70bd9b3-3d20-11eb-a6ad-7085c2ba07fa}.TMContainer00000000000000000002.regtrans-ms:6065FAF46E [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat{e6a2aea4-8308-11eb-a6db-7085c2ba07fa}.TM.blf:43C8729BB6 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk:CCF539F03F [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk:075A04AA92 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard.lnk:732D57D4DD [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk:93337121EE [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk:1FA7E99ECA [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk:C705C23FF2 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk:6E6E4AA64E [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahk2Exe.lnk:0676F50C01 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk:B4B3884CBE [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk:88F1223DAF [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakened PoE Trade.lnk:C0EA1D0214 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk:6569B2479D [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DR LIVESEY ROM AND DEATH EDITION.lnk:D3CD4CFABC [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442] AlternateDataStreams: C:\Users\user\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\user\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] FirewallRules: [{2231F193-6CDC-41AD-A8FD-F7B5B7001D98}] => (Allow) 㩃啜敳獲畜敳屲灁䑰瑡屡潒浡湩屧潴屣瑤瀵⹗硥e => Нет файла FirewallRules: [{5C9986D3-CD19-4E4F-836C-788646D4817E}] => (Allow) 㩃啜敳獲畜敳屲灁䑰瑡屡潒浡湩屧潴屣档潲敭牤癩牥攮數 => Нет файла FirewallRules: [{B2398EB1-A587-4064-83DA-2F2016A3F659}] => (Allow) 㩃啜敳獲畜敳屲灁䑰瑡屡潒浡湩屧潴屣桃潲敭䅜灰楬慣楴湯䍜牨浯硥e => Нет файла FirewallRules: [{AB98A52E-78B4-4CA5-9F92-DB16225CB02C}] => (Allow) 㩃啜敳獲畜敳屲灁䑰瑡屡潒浡湩屧潴屣睋䰶攮數 => Нет файла ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions EmptyTemp: Reboot: End::
- Скопируйте выделенный текст (правой кнопкой - Копировать).
- Запустите FRST (FRST64) от имени администратора.
- Нажмите Исправить (Fix) один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Подробнее читайте в этом руководстве.