[Павел Ерохин]

О и совсем забыл, интерфейс сайтов переполнен рекламными банерами всякой ерунды, и при наведении указателя мыши на картинку, она переворачивается вокруг собственной оси (нарисовали же анимацию переворота даже гады) и показывает мне очередной рекламный банер из разряда Елена Малышева рекомендует. Так же периодически всплывают отдельные рекламные окна поверх сайта ( ну и соответственно при попытке это самое окно закрыть, запускается новая вкладка с очередной панацеей от головы и жопы в одном флаконе).

[Павел Ерохин]

Здравствуйте, Валерий!
Все сделал так, как вы рекомендуете. Проблемы остались. Проявляются след. образом:
1) аваст регулярно ругается на процесс хром.ехе, который хочет загрузить вредоносный, по его мнению УРЛ изермен…
2) регулярно открывается казино вулкан при попытке открыть новую вкладку или попытке перехода в текущей вкладке на, допустим другое видео в ютубе и т.д..
3) поисковые запросы перенаправляются в маил.ру след. образом: после ввода запроса и нажатия на ввод или кнопку поиск сначала появляется поисковая выдача по гуглу (допустим) но через 1-2 секунды в этой же вкладке появляется выдача серчмайл.ру
Указанные симптомы так же присутствуют и в мозиле и в, прости господи, И-эксплорере.

Вложения:

You must be logged in to view attached files.

[Павел Ерохин]

ComboFix 16-08-21.02 — Павел 21.08.2016 14:49:16.1.2 — x64
Microsoft Windows 7 Домашняя базовая 6.1.7601.1.1251.7.1049.18.3564.2479 [GMT 4:00]
Running from: c:\users\¦ртхы\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2016-07-21 to 2016-08-21 )))))))))))))))))))))))))))))))
.
.
2016-08-21 10:56 . 2016-08-21 10:56 ——— d——w- c:\users\Default\AppData\Local\temp
2016-08-04 14:03 . 2016-08-15 11:42 ——— d——w- C:\FRST
2016-08-04 13:37 . 2016-08-04 13:41 192216 —-a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-08-04 13:36 . 2016-08-04 13:36 ——— d——w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-08-04 13:36 . 2016-08-04 13:36 ——— d——w- c:\programdata\Malwarebytes
2016-08-04 13:36 . 2016-03-10 10:09 64896 —-a-w- c:\windows\system32\drivers\mwac.sys
2016-08-04 13:36 . 2016-03-10 10:08 140672 —-a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-08-04 13:36 . 2016-03-10 10:08 27008 —-a-w- c:\windows\system32\drivers\mbam.sys
2016-08-02 07:57 . 2016-08-02 07:57 ——— d——w- c:\users\Павел\AppData\Local\CEF
2016-08-02 07:56 . 2016-08-02 07:56 37144 —-a-w- c:\windows\system32\drivers\aswKbd.sys
2016-08-02 07:47 . 2016-08-02 07:47 ——— d——w- c:\users\Павел\AppData\Roaming\AVAST Software
2016-08-02 07:47 . 2016-08-02 07:47 ——— d——w- c:\program files\Common Files\AV
2016-08-02 07:47 . 2016-08-02 07:47 ——— d——w- c:\program files (x86)\Common Files\AV
2016-08-02 07:46 . 2016-08-05 07:21 292704 —-a-w- c:\windows\system32\drivers\aswvmm.sys
2016-08-02 07:46 . 2016-08-02 07:46 74544 —-a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-02 07:46 . 2016-08-02 07:46 513496 —-a-w- c:\windows\system32\drivers\aswSP.sys
2016-08-02 07:46 . 2016-08-02 07:46 37656 —-a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-02 07:46 . 2016-08-02 07:46 163416 —-a-w- c:\windows\system32\drivers\aswStm.sys
2016-08-02 07:46 . 2016-08-02 07:46 108816 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-02 07:46 . 2016-08-02 07:46 103064 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-08-02 07:46 . 2016-08-02 07:46 968536 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2016-08-02 07:46 . 2016-08-02 07:46 391496 —-a-w- c:\windows\system32\aswBoot.exe
2016-08-02 07:46 . 2016-08-02 07:46 992960 —-a-w- c:\windows\system32\ucrtbase.dll
2016-08-02 07:46 . 2016-08-02 07:46 921280 —-a-w- c:\windows\SysWow64\ucrtbase.dll
2016-08-02 07:46 . 2016-08-02 07:46 53208 —-a-w- c:\windows\avastSS.scr
2016-08-02 07:41 . 2016-08-02 07:56 ——— d——w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-07 06:49 . 2011-03-28 09:36 24800 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
«OscarEditor»=»c:\program files (x86)\G10 Multi-Mode\G10-Editor.exe» [2011-08-31 3344384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
«BCSSync»=»c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe» [2010-03-13 91520]
«AvastUI.exe»=»c:\program files\AVAST Software\Avast\AvastUI.exe» [2016-08-02 9071752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
«ConsentPromptBehaviorAdmin»= 5 (0x5)
«ConsentPromptBehaviorUser»= 3 (0x3)
«EnableUIADesktopToggle»= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-09 09:35 1262408 —-a-w- c:\program files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe
.
Contents of the ‘Scheduled Tasks’ folder
.
2016-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
— c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23 13:24]
.
2016-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
— c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23 13:24]
.
.
——— X64 Entries ————
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=»{472083B0-C522-11CF-8763-00608CC02F24}»
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-02 07:46 1031520 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
«RtHDVCpl»=»c:\program files\Realtek\Audio\HDA\RAVCpl64.exe» [2011-06-25 11895400]
«AtherosBtStack»=»c:\program files (x86)\Bluetooth Suite\BtvStack.exe» [2011-06-15 790688]
«AthBtTray»=»c:\program files (x86)\Bluetooth Suite\AthBtTray.exe» [2011-06-15 657568]
.
——- Supplementary Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Отправить в OneNote — c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel — c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.148.128.1 62.148.159.188
.
— — — — ORPHANS REMOVED — — — —
.
Toolbar-Locked — (no file)
Toolbar-Locked — (no file)
HKLM-Run-SynTPEnh — c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-UnityWebPlayer — c:\users\Павел\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
——————— LOCKED REGISTRY KEYS ———————
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
«Enabled»=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=»c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker6″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
«Enabled»=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=»Shockwave Flash Object»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx»
«ThreadingModel»=»Apartment»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=»0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=»ShockwaveFlash.ShockwaveFlash.21″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=»1.0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=»ShockwaveFlash.ShockwaveFlash»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=»Macromedia Flash Factory Object»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx»
«ThreadingModel»=»Apartment»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=»FlashFactory.FlashFactory.1″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=»1.0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=»FlashFactory.FlashFactory»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker6″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
«Solution»=»{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
«Key»=»ActionsPane3»
«Location»=»c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd»
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-08-21 14:58:52
ComboFix-quarantined-files.txt 2016-08-21 10:58
.
Pre-Run: 291 959 033 856 байт свободно
Post-Run: 291 672 834 048 байт свободно
.
— — End Of File — — D69F2CFFA3AA1BCB0ECC9C8709A4266F
2E5DEBB2116B3417023E0D6562D7ED07

Вложения:

You must be logged in to view attached files.

[Павел Ерохин]

здравствуйте!
Да редиректы остались и isermen никуда не делся. каждый раз при открытии новой вкладки аваст блокирует isermen что то сделать в процессе chrome.exe

[Павел Ерохин]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2016
Ran by Павел (15-08-2016 15:33:42) Run:2
Running from C:\Users\Павел\Downloads
Loaded Profiles: Павел (Available Profiles: Павел)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\Run: [dvybjwmltv] => explorer «hxxp:///?utm_source=uoua03n&utm_content=fb6126710f9bba594f41bdb6ec9cb56c&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506» < ===== ATTENTION
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\MountPoints2: {f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} — G:\start.exe
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:///?utm_content=6e4b41f14ac7c0f063d4eb16c0684d3d&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
CHR HomePage: Default -> hxxp://chatozov.ru/?utm_content=706daf58c4c295e14015a61bf477685c&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
CHR HKLM-x32\…\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] — hxxps://clients2.google.com/service/update2/crx
U3 a6mqeo3e; C:\Windows\System32\Drivers\a6mqeo3e.sys [0 ] (Microsoft Corporation) < ==== ATTENTION (zero byte File/Folder)
Task: {29EBDF23-6957-406E-A937-485C1A8D9634} — System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe [2010-12-24] (Samsung Electronics Co., Ltd.) < ==== ATTENTION
C:\Users\Павел\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
Folder: C:\Users\Павел\AppData\Local\svshost
C:\Users\Павел\AppData\Local\svshost
EmptyTemp:
Reboot:

*****************

Restore point was successfully created.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dvybjwmltv => value not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} => key not found.
HKCR\CLSID\{f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} => key not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C} => key not found.
HKCR\CLSID\{A06ED961-D98F-4CF9-A89B-80AB11DB149C} => key not found.
Chrome HomePage => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\daanglpcpkjjlkhcbladppjphglbigam => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found.
a6mqeo3e => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29EBDF23-6957-406E-A937-485C1A8D9634} => key not found.
C:\windows\System32\Tasks\SvcDelay => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SvcDelay => key not found.
«C:\Users\Павел\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk» => not found.

========================= Folder: C:\Users\Павел\AppData\Local\svshost ========================

not found.

====== End of Folder: ======

«C:\Users\Павел\AppData\Local\svshost» => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8391936 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2682 B
Edge => 0 B
Chrome => 41733978 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 692 B
LocalService => 0 B
NetworkService => 0 B
Павел => 19867 B

RecycleBin => 0 B
EmptyTemp: => 55.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:34:18 ====

Вложения:

You must be logged in to view attached files.

[Павел Ерохин]

isermen никуда не пропал

[Автор]

Сообщения