[QUOTE]Наталья Куренкова написал:
Здравствуйте! Помогите пожалуйста. По эл.почте поймала   CRYPTED000007.

Вaши фaйлы были зашифрoвaны.
Чтобы рacшифpoваmь иx, Вам нeoбходuмo omпpaвuть koд:
2239579119F30D0EA54F|0
нa элeкmpонный адрeс  [URL=mailto:[email protected]][email protected][/URL] .[/QUOTE]
Наталья,
добавьте образ автозапуска из зашифрованной системы,
возможно файлы шифратора еще остались в системе

детальный отчет по Statinko

[IMG WIDTH=692 HEIGHT=925]https://chklst.ru/uploads/editor/zj/xiabniabv047.jpg[/IMG]
https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf

что с проблемами сейчас?

да, это расширение осталось еще после скрипта

[QUOTE]Полное имя C:\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KCKNBENJNKKJKNPHMNIDANJIFBGPHJKE\4.18_0\THE SAFE SURFING
Имя файла                   THE SAFE SURFING
Тек. статус                 ?ВИРУС? ПОДОЗРИТЕЛЬНЫЙ Chrome/Yandex
                           
Удовлетворяет критериям    
EXT.LIST                    (EXTENSION_NAME ~ THE SAFE SURFING)(1) [auto (0)]
                           
Сохраненная информация      на момент создания образа
Статус                      Chrome/Yandex
                           
Extension_ID                kcknbenjnkkjknphmnidanjifbgphjke
Extension_name              The Safe Surfing
Extension_state             2
Extension_version           4.18
Extension_installDate       2015-07-21 16:27
Extension_description       Данное расширение предупреждает Вас о небезопасных сайтах
Extension_homepageURL       https://clients2.google.com/service/update2/crx
                           
[/QUOTE]

выполняем скрипт в uVS:
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"
[code]

;uVS v4.0.6 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
deldirex %SystemDrive%\USERS\VLADISLAV\APPDATA\ROAMING\BROWSERS
;------------------------autoscript---------------------------

sreg

deldirex %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCALLOW\UNITY\WEBPLAY­ER\LOADER

deldirex %SystemDrive%\PROGRAM FILES (X86)\ZAXAR

delref %SystemDrive%\USERS\VLADISLAV\APPDATA\ROAMING\8LXOODZ27SJW.EXE
del %SystemDrive%\USERS\VLADISLAV\APPDATA\ROAMING\8LXOODZ27SJW.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\NOTEICON.EXE
del %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\NOTEICON.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UPDATE_TASK.EXE
delref {95D44554-CEAE-414B-80D5-464285C38738}\[CLSID]
delref {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\[CLSID]
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAEEMBEEJEKGHKOPIABADONPMFPIGOJOK%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAHNPHCMHMHCJJCJHMNNJJLBMAELJECGA%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGBGNHMFBCIFPKJOFOOJFPLMFKMAIADN%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBHJCGOMKANPKPBLOKEBECKNHAHGKCMOO%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBPGANGMFFJCOFIKNIBCMFJIONICOHFGJ%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCEGDOMHOCAEOEDBDPFOLMGJKJAIJFOMO%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEHFJIHAHBPHDPLJPIADBKMGMHNFEHHGI%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFLLIILNDJEOHCHALPBBCDEKJKLBDGFKK%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGDKNICMNHBAAJDGLBINPAHHAPGHPAKCH%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DICANJJKADCEEBMHANPEKKOFDHCLNOIJL%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIFLPPBJNPNEIIGCBDFJPNKEBIDMKJMOI%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLBJJFIIHGFEGNIOLCKPHPNFAOKDKBMDM%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNECFMKPLPMINFJAGBLFABGGOMDPAAKAN%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOFDGAFMDEGFKHFDFKMLLFEFMCMCJLLEC%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPGANLGLBHGFJFGOPIJBHEMCPBEHJNPIA%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPLDBIENODKPGKCCOCELIDINMCIEDJDOK%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPNOOFFJHCLKOCPLOPFFDBCDGHMIFFHJI%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPPOILMFKBPCKODOIFDLKMKEPCAJFJMHL%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTP://VKPLAYERPRO.RU/INDEX.XML?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DKNEGGODALBCMGDKKFHBHBICBBAHNACJB%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLDHNDAHENCEFPAGKKBAOAEIGBJOMKEKJ%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref %Sys32%\DRIVERS\BDMWRENCH_X64.SYS
del %Sys32%\DRIVERS\BDMWRENCH_X64.SYS
delref %Sys32%\DRIVERS\BDSAFEBROWSER.SYS
del %Sys32%\DRIVERS\BDSAFEBROWSER.SYS
delref %SystemRoot%\SYSWOW64\IHCTRL32.DLL
del %SystemRoot%\SYSWOW64\IHCTRL32.DLL
delref STOREGIDFILTER.SYS
delref %SystemRoot%\SYSWOW64\WSAUDIO.DLL
del %SystemRoot%\SYSWOW64\WSAUDIO.DLL
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\US­ER DATA\DEFAULT\EXTENSIONS\AHNPHCMHMHCJJCJHMNNJJLBMAELJECGA\12.0.8_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\US­ER DATA\DEFAULT\EXTENSIONS\BGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB\7.0.2_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\US­ER DATA\DEFAULT\EXTENSIONS\CPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK\2.0.4.11_1\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\US­ER DATA\DEFAULT\EXTENSIONS\EIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO\7.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\US­ER DATA\DEFAULT\EXTENSIONS\ILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK\4.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\US­ER DATA\DEFAULT\EXTENSIONS\NBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN\4.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\GOOGLE\CHROME\US­ER DATA\DEFAULT\EXTENSIONS\OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD\12.0.11_0\ПОИСК MAIL.RU
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE
apply

deltmp
delref %SystemRoot%\TEMP\CLEARCACHE.DLL
delref %SystemDrive%\USERS\VLADIS~1\APPDATA\LOCAL\TEMP\{3B65428D-2C8D-4F65-A0C6-D2A07E0162E1}-59.0.3071.115_CHROME_INSTALLER.EXE
delref %SystemDrive%\USERS\VLADIS~1\APPDATA\LOCAL\TEMP\CHROME_BITS_­768_30470\20.114.2_WIN64_SOFTWAREREPORTER.CRX2
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASC.EXE
delref %SystemDrive%\PROGRAMDATA\UPSERVICE\UPSERVICE.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
delref %SystemDrive%\USERS\VLADISLAV\DOWNLOADS\WINDOWS-AKTIVATOR RU WINDOWS-LOADER-2 2 2-BY-DAZ.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {91397D20-1446-11D4-8AF4-0040CA1127B6}\[CLSID]
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\[CLSID]
delref {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref {5645E0E7-FC12-43BF-A6E4-F9751942B298}\[CLSID]
delref {5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\[CLSID]
delref {C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\56.0.2924.87\INSTALLER\CHRMSTP.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {2803063F-4B8D-4DC6-8874-D1802487FE2D}\[CLSID]
delref %Sys32%\IGFXPPH.DLL
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %Sys32%\BLANK.HTM
delref {45AC2688-0253-4ED8-97DE-B5370FA7D48A}\[CLSID]
delref HELPSVC\[SERVICE]
delref MBAMSERVICE\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\ADGNETWORKTDI.SYS
delref %Sys32%\DRIVERS\BD0001.SYS
delref %Sys32%\DRIVERS\BD0002.SYS
delref %Sys32%\DRIVERS\BD0004.SYS
delref %Sys32%\DRIVERS\BDANTIEXP.SYS
delref %SystemDrive%\PROGRAMDATA\BITRAIDER\SUPPORT\1.3.3\E02B25FC\BRDRIVER64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\BLUESTACKS\HD-HYPERVISOR-AMD64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\BLUESTACKS\BSTKDRV.SYS
delref %SystemDrive%\PROGRAM FILES\UBAR\UBARSERVICE.EXE
delref %Sys32%\PSXSS.EXE
delref %Sys32%\IGFXSRVC.EXE
delref %Sys32%\IGFXDO.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %Sys32%\IGFXTMM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE
delref %Sys32%\IGFXDEV.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %Sys32%\IGFXSRVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\OPENOFFICE.ORG
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref D:\AUTORUN.EXE
delref E:\INSTALL MEGAFON INTERNET.EXE
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref {76D50904-6780-4C8B-8986-1A7EE0B1716D}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\ZAXAR\ZAXARGAMEBROWSER.EXE
delref %SystemDrive%\USERS\VLADISLAV\APPDATA\LOCAL\AMIGO\APPLICATIO­N\AMIGO.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
delref %SystemDrive%\GAMES\ARTMONEY\AM745.EXE
delref %SystemDrive%\GAMES\ARTMONEY\ARTMONEY_RUS745.URL
delref %SystemDrive%\GAMES\ARTMONEY\REGISTER_RUS.URL
delref %SystemDrive%\MOP030B\STAR WARS - THE FORCE UNLEASHED 2\SWTFU2.EXE
delref %SystemDrive%\MOP030B\STAR WARS - THE FORCE UNLEASHED 2\UNINS000.EXE
delref %SystemDrive%\GAMES\RG_ALKAD\STARBOUND\UNINSTALL.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WOG.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WUPD.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WCMPED.EXE
delref %SystemDrive%\GAMES\HOMM 3.5 WOG\H3WMAPED.EXE
areg

;-------------------------------------------------------------

[/code]
перезагрузка, пишем о старых и новых проблемах.
------------
далее,
сделайте дополнительно быструю проверку системы в малваребайт
http://forum.esetnod32.ru/forum9/topic10688/

@Zeroin,
добавьте образ автозапуска системы,
http://forum.esetnod32.ru/forum9/topic2687/

возможно в системе остались файлы шифратора

если доступ к сети у вас через роутер, сбросьте настройки роутера,  и заново установите настройки для выхода в сеть, + установите сложный пароль на доступ к настройкам.
проверьте результат.

редирект во всех браузерах происходит или в каком то одном?

6. Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!

[CODE]Task: {5FFA829E-5366-4893-B9F3-7E645075ABF0} - \VKSaverUpdate -> No File <==== ATTENTION
Task: {AF345582-820B-440D-A443-6256FD467DAB} - \Plugin Follow -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\kassa:id [66]
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [126]
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [144]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:41ADDB8A [126]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:A064CECC [144]
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
AppInit_DLLs:  c:\programdata\vksaver\vksaver3.dll => No File
CHR HKLM\...\Chrome\Extension: [fjdfihnpkimnmlahhchnbgbcjmdoimla] - C:\Users\kassa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdfihnpkimnmlahhchnbgbcjmdoimla.crx [2015-11-24]
EmptyTemp:
Reboot:
[/CODE]

выполняем скрипт в uVS:
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"
[code]

;uVS v4.0.6 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

zoo %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER.EXE
addsgn 9252771A1C6AC1CC0B44584E33231995AF8CBA7E8EBD1EA3F0C44EA2D338­8D5DF8652EEF3F559D492A5BF198CD08CA1481CE336395DB6B5F26028CA4­D985CC8F 8 Win32/Filecoder.NBJ [ESET-NOD32] 7

chklst
delvir

deldirex %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP

deldirex %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\BAIDU\BDWEBADAPTER­\3.0.348.0

delref %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER3.DLL
del %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER3.DLL
delref %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\PDQHJTSWLXSBEB9U.EXE
del %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\PDQHJTSWLXSBEB9U.EXE
delref 0HTTP://ACCESSUNSTOP.INFO/WPAD.DAT?CDEE100B0C9BD9F1F08B8BA4282C123F33707437
delref {D5FEC983-01DB-414A-9456-AF95AC9ED7B5}\[CLSID]
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIIFCHHFNNMPDBIBIFMLJNFJHPIFIFFOG%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref %Sys32%\IHCTRL32.DLL
del %Sys32%\IHCTRL32.DLL
delref %Sys32%\WSAUDIO.DLL
del %Sys32%\WSAUDIO.DLL
delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NEHAPOFAKGHLJOPFEGJOGPGPELJKHJJN\8.22.5_0\ПОИСК И СТАРТОВАЯ — ЯНДЕКС
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3D­ONDEMAND%26UC
delref HTTP://ACCESSUNSTOP.INFO/WPAD.DAT?CDEE100B0C9BD9F1F08B8BA4282C123F33707437
apply

deltmp
delref %SystemRoot%\TEMP\CLEARCACHE.DLL
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-1-6.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-1-7.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-10.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-11.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-3.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-5.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-6.EXE
delref %SystemDrive%\PROGRAM FILES\SHOP AND SAVE UP\2EAD6CE0-A57D-4788-BD5D-9936FF166A34-7.EXE
delref D:\TORCHLIGHT 1\TORCHLIGHT.EXE
delref %SystemDrive%\РЕСТАФУД\SETUP-FRONT7.7 4.1.10.39\SETUP-FRONT.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\YANDEX\YANDEXBROWSER­\USER DATA\DEFAULT\EXTENSIONS\[email protected]
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {E8570839-93FC-4E51-8BF5-AB6C9FE6E550}\[CLSID]
delref %Sys32%\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {0563DB41-F538-4B37-A92D-4659049B7766}\[CLSID]
delref {5F327514-6C5E-4D60-8F16-D07FA08A78ED}\[CLSID]
delref APPMGMT\[SERVICE]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\DFLT.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.21.115\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\ACROBAT READER DC\ACRORD32INFO.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref E:\AUTORUN.EXE
delref F:\SOURCES\SETUPERROR.EXE
delref {444785F1-DE89-4295-863A-D46C3A781394}\[CLSID]
delref %SystemDrive%\USERS\KASSA\APPDATA\ROAMING\KING CASINO\BIN\LAUNCHER.EXE
delref %SystemDrive%\USERS\KASSA\APPDATA\LOCAL\YANDEX\BROWSERMANAGE­R\BROWSERMANAGER.EXE
delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\SYSTEM\INTERNET\ABOUT\SYNTHMAKER WEBSITE.URL
delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\R4E\FL STUDIO 12.1.3 ICON RESET.EXE
delref %SystemDrive%\PROGRAM FILES\IMAGE-LINE\FL STUDIO 12.1\FL64.EXE
;-------------------------------------------------------------

restart
[/code]
перезагрузка, пишем о старых и новых проблемах.
------------
далее,
сделайте дополнительно быструю проверку системы в малваребайт
http://forum.esetnod32.ru/forum9/topic10688/