Поисковые запросы перекидывает на майлру и рамблер. и еще много чего

[Павел Ерохин]

Здравствуйте, проблема такого характера:
1) Перенаправление поисковых запросов из гугл и яндекс на майлру и рамблер.
2) Обилие рекламных банеров там, где их быть не должно, изображения при наведении на них указателя мыши как бы переворачиваются вокруг вертикальной оси и превращаются в рекламу всякой фигни типа как разбогатеть дома, увеличить член и исцелиться от всех болезней сразу.
3) Открываются ссылки со всякого рода «ВУЛКАНАМИ» и прочей чепухой.
4) Антивирус ругается на vk isermen но не находит его при сканировании (конечно же))).
Что делал:
1) Скнировал Malwarebytes Anti-Malware. Результат — одна угроза обнаружена, обезврежена. Запросы все еще перенаправляются, картинки переворачиваются, банеров все так же много. Вроде перестали открываться всякого рода «ВУЛКАНЫ» вкладками и антивирус перестал ругаться на vk isermen.
2) Просканировал с помощью FRST.
первый отчет (заголовок FRST):
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Павел (administrator) on ПАВЕЛ-ПК (04-08-2016 18:03:12)
Running from C:\Users\Павел\Downloads
Loaded Profiles: Павел (Available Profiles: Павел)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files (x86)\G10 Multi-Mode\G10-Editor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\…\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-04-01] (Synaptics Incorporated)
HKLM\…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\…\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-06-15] (Atheros Communications)
HKLM\…\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-06-15] (Atheros Commnucations)
HKLM-x32\…\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-08-02] (AVAST Software)
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\Run: [OscarEditor] => C:\Program Files (x86)\G10 Multi-Mode\G10-Editor.exe [3344384 2011-08-31] ()
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\Run: [dvybjwmltv] => explorer «hxxp:///?utm_source=uoua03n&utm_content=fb6126710f9bba594f41bdb6ec9cb56c&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506» <===== ATTENTION
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\MountPoints2: {f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} — G:\start.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-02] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.148.128.1 62.148.159.188
Tcpip\..\Interfaces\{51B936F1-647B-43C3-8B34-F8A9C5274A05}: [DhcpNameServer] 62.148.128.1 62.148.159.188
Tcpip\..\Interfaces\{64183C62-9273-414B-90DD-5F7EF5582C74}: [DhcpNameServer] 127.0.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:///?utm_content=6e4b41f14ac7c0f063d4eb16c0684d3d&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {FD57A771-FD80-44E0-854F-BECFE2734911} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-02] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-02] (AVAST Software)
BHO-x32: Помощник по входу с помощью идентификатора Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler-x32: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)
Filter: video/mp4 — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-05-06] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-06] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1380383141-2180828607-1249965073-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Павел\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF HKLM\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice — C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-02]
FF HKLM\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security — C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-02]
FF HKLM-x32\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://chatozov.ru/?utm_content=706daf58c4c295e14015a61bf477685c&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Документы Google) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Диск Google) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Avast Online Security (BETA)) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-03]
CHR Extension: (Google Таблицы) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Google Документы офлайн) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-02]
CHR Extension: (Autodesk Homestyler) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-05-06]
CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (Chrome Media Router) — C:\Users\Павел\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]
CHR HKLM-x32\…\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] — hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-06-15] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-08-02] (AVAST Software)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-08-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-03] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2016-04-26] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
U3 a6mqeo3e; C:\Windows\System32\Drivers\a6mqeo3e.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 18:03 — 2016-08-04 18:04 — 00019458 _____ C:\Users\Павел\Downloads\FRST.txt
2016-08-04 18:03 — 2016-08-04 18:03 — 00000000 ____D C:\FRST
2016-08-04 18:02 — 2016-08-04 18:02 — 02393600 _____ (Farbar) C:\Users\Павел\Downloads\FRST64.exe
2016-08-04 17:55 — 2016-08-04 17:55 — 00000000 ___RD C:\Users\Павел\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-08-04 17:37 — 2016-08-04 17:41 — 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-04 17:36 — 2016-08-04 17:36 — 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-04 17:36 — 2016-08-04 17:36 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-08-04 17:36 — 2016-08-04 17:36 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-04 17:36 — 2016-08-04 17:36 — 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-04 17:36 — 2016-08-04 17:36 — 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-04 17:36 — 2016-03-10 14:09 — 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-08-04 17:36 — 2016-03-10 14:08 — 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-08-04 17:36 — 2016-03-10 14:08 — 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-08-04 17:34 — 2016-08-04 17:35 — 22851472 _____ (Malwarebytes ) C:\Users\Павел\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-04 17:11 — 2016-08-04 17:12 — 05126149 _____ C:\Users\Павел\Downloads\voskhod_novyy_oktyabr_2015.rar
2016-08-04 17:01 — 2016-08-04 17:01 — 00536064 _____ C:\Users\Павел\Downloads\ost._sklada_13.00-4.08.16.xls
2016-08-04 17:01 — 2016-08-04 17:01 — 00536064 _____ C:\Users\Павел\Downloads\ost._sklada_13.00-4.08.16 (1).xls
2016-08-02 11:57 — 2016-08-02 11:57 — 00003906 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1470124631
2016-08-02 11:57 — 2016-08-02 11:57 — 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-02 11:57 — 2016-08-02 11:57 — 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-02 11:57 — 2016-08-02 11:57 — 00000000 ____D C:\Users\Павел\AppData\Local\CEF
2016-08-02 11:56 — 2016-08-02 11:56 — 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-08-02 11:47 — 2016-08-02 11:47 — 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-08-02 11:47 — 2016-08-02 11:47 — 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-02 11:47 — 2016-08-02 11:47 — 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-08-02 11:47 — 2016-08-02 11:47 — 00000000 ____D C:\Users\Павел\AppData\Roaming\AVAST Software
2016-08-02 11:47 — 2016-08-02 11:47 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-02 11:47 — 2016-08-02 11:47 — 00000000 ____D C:\Program Files\Common Files\AV
2016-08-02 11:46 — 2016-08-03 12:31 — 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-08-02 11:46 — 2016-08-02 11:46 — 00992960 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-08-02 11:46 — 2016-08-02 11:46 — 00968536 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-08-02 11:46 — 2016-08-02 11:46 — 00921280 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-08-02 11:46 — 2016-08-02 11:46 — 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-08-02 11:46 — 2016-08-02 11:46 — 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-08-02 11:46 — 2016-08-02 11:46 — 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-08-02 11:46 — 2016-08-02 11:46 — 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-08-02 11:46 — 2016-08-02 11:46 — 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-08-02 11:46 — 2016-08-02 11:46 — 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-08-02 11:46 — 2016-08-02 11:46 — 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-08-02 11:46 — 2016-08-02 11:46 — 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-08-02 11:41 — 2016-08-02 11:56 — 00000000 ____D C:\Program Files\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 17:54 — 2016-05-23 17:24 — 00000966 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-04 17:54 — 2016-03-16 12:49 — 00000200 _____ C:\windows\Tasks\AutoKMS.job
2016-08-04 17:54 — 2016-03-14 14:18 — 00000000 ____D C:\Users\Павел
2016-08-04 17:54 — 2009-07-14 09:37 — 00000000 ____D C:\windows\DigitalLocker
2016-08-04 17:54 — 2009-07-14 09:08 — 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-04 17:33 — 2016-05-23 17:24 — 00000970 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-04 12:54 — 2016-03-15 13:15 — 00000000 ___RD C:\Users\Павел\Desktop\Работа
2016-08-04 11:51 — 2009-07-14 08:45 — 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-04 11:51 — 2009-07-14 08:45 — 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-02 12:06 — 2016-05-06 13:21 — 00000000 ____D C:\Users\Павел\AppData\Local\svshost
2016-08-02 11:56 — 2016-05-07 11:56 — 00000000 ____D C:\Users\Все пользователи\AVAST Software
2016-08-02 11:56 — 2016-05-07 11:56 — 00000000 ____D C:\ProgramData\AVAST Software
2016-08-02 10:28 — 2016-05-23 17:24 — 00003966 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-02 10:28 — 2016-05-23 17:24 — 00003714 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-15 15:47 — 2016-03-17 18:31 — 00000000 ____D C:\Users\Павел\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2016-03-18 12:55 — 2016-03-18 12:55 — 0007605 _____ () C:\Users\Павел\AppData\Local\Resmon.ResmonCfg
2011-12-24 13:51 — 2011-12-24 13:52 — 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-12-24 13:44 — 2011-12-24 13:44 — 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-12-24 13:48 — 2011-12-24 13:49 — 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-12-24 13:45 — 2011-12-24 13:48 — 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-12-24 13:49 — 2011-12-24 13:51 — 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\Павел\AppData\Local\Temp\Blhsb8N8cCxz.exe
C:\Users\Павел\AppData\Local\Temp\coi2.exe
C:\Users\Павел\AppData\Local\Temp\libeay32.dll
C:\Users\Павел\AppData\Local\Temp\msvcr120.dll
C:\Users\Павел\AppData\Local\Temp\PRN3UDv8IyRC.exe
C:\Users\Павел\AppData\Local\Temp\sqlite3.dll
C:\Users\Павел\AppData\Local\Temp\WyuYSkWNeYZv.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-08 16:48

==================== End of FRST.txt ============================
Второй отчет (заголовок Addition):
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Павел (2016-08-04 18:05:03)
Running from C:\Users\Павел\Downloads
Windows 7 Home Basic Service Pack 1 (X64) (2016-03-14 10:18:51)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Администратор (S-1-5-21-1380383141-2180828607-1249965073-500 — Administrator — Disabled)
Гость (S-1-5-21-1380383141-2180828607-1249965073-501 — Limited — Disabled)
Павел (S-1-5-21-1380383141-2180828607-1249965073-1000 — Administrator — Enabled) => C:\Users\Павел

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled — Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled — Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled — Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 — „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 — „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Adobe Flash Player 21 ActiveX (HKLM-x32\…\Adobe Flash Player ActiveX) (Version: 21.0.0.213 — Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\…\Adobe Flash Player NPAPI) (Version: 21.0.0.213 — Adobe Systems Incorporated)
Adobe Reader 9.1 — Russian (HKLM-x32\…\{AC76BA86-7AD7-1049-7B44-A91000000001}) (Version: 9.1.0 — Adobe Systems Incorporated)
Agatha Christie — Death on the Nile (x32 Version: 2.2.0.82 — WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\…\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 — Advanced Micro Devices, Inc.)
Atheros Client Installation Program (HKLM-x32\…\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 — Atheros)
Avast Free Antivirus (HKLM-x32\…\Avast) (Version: 12.2.2276 — AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 — WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\…\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.110 — Atheros Communications)
Broadcom 802.11 Network Adapter (HKLM\…\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 — Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.82 — WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 — WildTangent) Hidden
Common Desktop Agent (Version: 1.62.0 — OEM) Hidden
CyberLink Media Suite (HKLM-x32\…\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 — CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\…\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 — CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\…\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a — CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\…\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 — CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\…\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 — CyberLink Corp.)
CyberLink YouCam (HKLM-x32\…\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 — CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 — Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 — WildTangent) Hidden
Easy Content Share (HKLM-x32\…\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 — Samsung Electronics Co., LTD)
EasyFileShare (HKLM-x32\…\{1181AA5B-8EFD-4AC5-8CDE-A1F7307B3427}) (Version: 1.0.13 — Samsung)
Eco Mode (HKLM-x32\…\{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}) (Version: 1.0.0.11 — Samsung Electronics Co., Ltd.)
E-POP (HKLM-x32\…\{75282161-8CAC-4071-A225-EBC95E43C7F3}) (Version: 1.00.0000 — Samsung)
Farm Frenzy (x32 Version: 2.2.0.82 — WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
G10 Multi-Mode (HKLM-x32\…\InstallShield_{2D6E89AB-813C-4812-BC10-987F97B7AABF}) (Version: 11.08.0006 — A4TECH)
G10_Multi-Mode (x32 Version: 11.08.0006 — A4TECH) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 51.0.2704.103 — Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 — Google Inc.) Hidden
HMM4-Alexander (HKLM-x32\…\HMM4-Alexander) (Version: — )
Insaniquarium Deluxe (x32 Version: 2.2.0.82 — WildTangent) Hidden
Intel PROSet Wireless (x32 Version: — ) Hidden
John Deere Drive Green (x32 Version: 2.2.0.82 — WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\…\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 — Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 — Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\…\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 — Microsoft Corporation)
Microsoft Office профессиональный плюс 2010 (HKLM-x32\…\Office14.PROPLUS) (Version: 14.0.4763.1000 — Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\…\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 — Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\…\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x64 9.0.30729.4148 (HKLM\…\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729 (HKLM-x32\…\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17 (HKLM-x32\…\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148 (HKLM-x32\…\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM-x32\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable — 10.0.30319 (HKLM\…\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 — Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable — 10.0.30319 (HKLM-x32\…\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 — Microsoft Corporation)
MPC-HC 1.7.9 (HKLM-x32\…\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.9 — MPC-HC Team)
Peggle (x32 Version: 2.2.0.82 — WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 — WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 — WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 — WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\…\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 — Realtek)
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 — Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. [v1.0006] (HKLM-x32\…\S.T.A.L.K.E.R._is1) (Version: 1.0006 — GSC World Publishing)
SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 — Avast Software) Hidden
Samsung AnyWeb Print (HKLM-x32\…\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 — Samsung Electronics Co., Ltd.)
Samsung Control Center (HKLM-x32\…\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 — Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\…\Samsung Easy Printer Manager) (Version: 1.05.81.00(25.05.2015) — Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\…\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 — Samsung)
Samsung Scan Assistant (HKLM-x32\…\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) — Samsung Electronics Co., Ltd.)
Samsung SCX-3400 Series (HKLM-x32\…\Samsung SCX-3400 Series) (Version: 1.29 (09.09.2015) — Samsung Electronics Co., Ltd.)
Samsung Support Center (HKLM-x32\…\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.26 — Samsung)
Samsung Universal Scan Driver (HKLM-x32\…\Samsung Universal Scan Driver) (Version: 1.2.5.0 — Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\…\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 — Samsung Electronics Co., Ltd.)
Skype™ 4.2 (HKLM-x32\…\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 — Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\…\SynTPDeinstKey) (Version: 15.2.20.0 — Synaptics Incorporated)
TESV Skyrim 1.1 (HKLM-x32\…\TESV Skyrim_is1) (Version: 1.1 — Bethesda Softworks)
Uninstall Samsung Printer Software (HKLM-x32\…\TotalUninstaller) (Version: 4.0.0.13 — Samsung Electronics CO., LTD.)
Unity Web Player (HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\UnityWebPlayer) (Version: 5.0.3f2 — Unity Technologies ApS)
User Guide (HKLM-x32\…\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 — )
WildTangent Games (HKLM-x32\…\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 — WildTangent)
WildTangent ORB Game Console (x32 Version: — WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\…\WinLiveSuite) (Version: 15.4.3538.0513 — Microsoft Corporation)
WinRAR 5.31 (32-bit) (HKLM-x32\…\WinRAR archiver) (Version: 5.31.0 — win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 — WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Налогоплательщик ЮЛ (HKLM-x32\…\{B38421DC-9AFE-4F63-A8D7-8B834069CA48}) (Version: 4.47 — ФГУП ГНИВЦ ФНС России)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Печать НД с PDF417 3.2.4 (пакет) (HKLM-x32\…\{D9D0E5CE-F386-4A74-B974-BF29485856C1}) (Version: 3.2.4 — ФГУП ГНИВЦ ФНС РФ в ПФО)
ПО Intel(R) PROSet/Wireless WiFi (HKLM\…\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 — Корпорация Intel)
Почта Windows Live (x32 Version: 15.4.3502.0922 — Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 — Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D9C0966-0049-41AA-88D6-70F2990B3A83} — System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
Task: {16E96056-D573-43D1-8920-A19046E132B0} — System32\Tasks\EcoMode => C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe [2011-06-06] (Samsung Electronics)
Task: {17C99FAF-114A-4D6D-A5EE-71E623C61351} — System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {21404E8F-8E8F-4DC6-A9E5-FE8E9D706238} — System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-02] (AVAST Software)
Task: {29EBDF23-6957-406E-A937-485C1A8D9634} — System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe [2010-12-24] (Samsung Electronics Co., Ltd.) <==== ATTENTION
Task: {3542C7A8-3830-4EAF-A3D4-A44655CC48FF} — System32\Tasks\SafeZone scheduled Autoupdate 1470124631 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software)
Task: {56E22717-9B55-41C6-BAF6-BD395D0A5426} — System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {5EA857ED-067B-4F55-8ECE-5E3D149B6D36} — System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-02] (AVAST Software)
Task: {792A1921-1E93-40A0-9C05-D4DE32E42C9E} — System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {8C6C413C-30DE-4B44-9FE4-AAA61339D133} — System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-04-17] (SAMSUNG Electronics)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} — System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {B18AF18B-B491-4075-9F17-D1AF1A0621FE} — System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {B1E1A026-27ED-4464-B07B-D29DAEE01C03} — System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-29] (SEC)
Task: {CB978F72-8EDF-4BEF-90C7-3B65FAD7F0F0} — System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {CBEB70CC-8B8C-46DC-AF1D-5D31383F9262} — System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-12] (Samsung Electronics)
Task: {DA9C757C-0981-4E3B-B938-A19F90E633EB} — System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {E93B1BB0-7E49-41AE-9934-F3218FA84A6B} — System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
Task: {F9B5FA11-4147-44C8-873C-FE86BEDBAB11} — System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
Task: {FE45B6B1-4B72-437A-B412-C4918BDB45ED} — System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-18] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Павел\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> «hxxp://nonsoko.ru/?utm_source=startlink03&utm_content=1e1010af4732f52b6dcb0d7b76603272&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506»

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 02:40 — 2010-01-30 02:40 — 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-25 05:08 — 2008-06-05 03:53 — 00027648 _____ () C:\windows\System32\spd__l.dll
2016-03-18 15:35 — 2015-03-12 06:43 — 00022528 _____ () C:\windows\System32\us003lm.dll
2011-08-31 11:10 — 2011-08-31 11:10 — 03344384 _____ () C:\Program Files (x86)\G10 Multi-Mode\G10-Editor.exe
2011-12-25 05:08 — 2010-10-21 22:22 — 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2014-07-25 08:36 — 2015-08-20 13:54 — 00087552 ____N () C:\windows\system32\SSDEVM64.DLL
2016-03-18 15:57 — 2011-03-18 09:49 — 00323072 _____ () C:\windows\system32\SaMinDrv.dll
2011-03-14 09:21 — 2011-03-14 09:21 — 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-13 12:01 — 2011-10-13 12:01 — 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-08-02 11:46 — 2016-08-02 11:46 — 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-03 12:26 — 2016-08-03 12:26 — 03004416 _____ () C:\Program Files\AVAST Software\Avast\defs\16080301\algo.dll
2016-08-02 11:46 — 2016-08-02 11:46 — 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-12-24 13:53 — 2011-02-16 20:03 — 00203776 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
2011-12-24 13:53 — 2006-08-12 07:48 — 00049152 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
2010-12-02 17:56 — 2010-12-02 17:56 — 00815104 _____ () C:\Program Files (x86)\G10 Multi-Mode\Data\G10_Multi-Mode\Forms\OSD_Text\OSD_Text.dll
2011-01-09 20:45 — 2011-01-09 20:45 — 00088064 _____ () C:\Program Files (x86)\G10 Multi-Mode\DLL\DLL_MouseDeviceManager.dll
2011-04-06 16:06 — 2011-04-06 16:06 — 00067072 _____ () C:\Program Files (x86)\G10 Multi-Mode\DLL\DLL_PenSuit.dll
2011-08-17 17:47 — 2011-08-17 17:47 — 02413568 _____ () C:\Program Files (x86)\G10 Multi-Mode\Data\G10_Multi-Mode\Forms\ScreenCapture\ScreenCapture.dll
2011-03-21 19:33 — 2011-03-21 19:33 — 00999424 _____ () C:\Program Files (x86)\G10 Multi-Mode\Data\G10_Multi-Mode\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2011-05-20 16:52 — 2011-05-20 16:52 — 00901632 _____ () C:\Program Files (x86)\G10 Multi-Mode\Data\G10_Multi-Mode\Forms\ProfileHint\ProfileHint.dll
2010-12-03 14:43 — 2010-12-03 14:43 — 00943104 _____ () C:\Program Files (x86)\G10 Multi-Mode\Data\G10_Multi-Mode\Forms\KeySettingRemind\KeySettingRemind.dll
2010-09-20 14:18 — 2010-09-20 14:18 — 00085504 _____ () C:\Program Files (x86)\G10 Multi-Mode\DLL\DLL_ZoomControl.dll
2010-09-20 14:18 — 2010-09-20 14:18 — 00054272 _____ () C:\Program Files (x86)\G10 Multi-Mode\DLL\DLL_ScrollbarControl.dll
2011-04-12 15:14 — 2011-04-12 15:14 — 00063488 _____ () C:\Program Files (x86)\G10 Multi-Mode\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 20:16 — 2010-11-01 20:16 — 00062976 _____ () C:\Program Files (x86)\G10 Multi-Mode\DLL\DLL_AnalyzeGesturesInOne.dll
2011-08-10 13:43 — 2011-08-10 13:43 — 00118272 _____ () C:\Program Files (x86)\G10 Multi-Mode\DLL\DLL_Wheel4D.dll
2011-06-24 17:31 — 2011-06-24 17:31 — 00891392 _____ () C:\Program Files (x86)\G10 Multi-Mode\Data\G10_Multi-Mode\Forms\KeyboardLEDForm\KeyboardLEDForm.dll
2010-03-31 18:44 — 2010-03-31 18:44 — 00516096 _____ () C:\Program Files (x86)\G10 Multi-Mode\Data\G10_Multi-Mode\Forms\MouseTextForm\MouseTextForm.dll
2016-08-02 11:46 — 2016-08-02 11:46 — 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-01-30 02:41 — 2010-01-30 02:41 — 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-06-19 12:38 — 2016-06-15 13:15 — 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 12:38 — 2016-06-15 13:15 — 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2011-12-24 13:57 — 2010-05-07 18:22 — 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2016-07-13 11:11 — 2016-07-06 18:01 — 17602240 _____ () C:\Users\Павел\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
2009-11-02 09:20 — 2009-11-02 09:20 — 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 09:23 — 2009-11-02 09:23 — 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:34 — 2009-06-11 01:00 — 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Павел\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.148.128.1 — 62.148.159.188
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RichVideo => 2
MSCONFIG\startupreg: cbbgiyhqxw => explorer «http://nonsoko.ru/?utm_source=uoua03&utm_content=465aba27fe8927982b12a3cd7a5ee629&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506&#187;
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MSCONFIG\startupreg: svvwzahwoy => explorer «http://chatozov.ru/?utm_source=uoua03n&utm_content=1f1a7d4e6784534601121b44b7be8052&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506&#187;
MSCONFIG\startupreg: vdzpjmdugt => explorer «http://basady.ru/?utm_source=uoua03n&utm_content=01b616a2a8f7a0dde12bdc3b098a37f9&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506&#187;

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{65033309-C1B3-4F3D-ACBF-F730BB824B8A}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{9334B1D7-EA25-451D-9042-405F29A6EC47}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{1726A80A-6D7B-4DE2-96FA-3F0F49DAA02C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{F996BDA5-04ED-44E0-9314-B56078C1D532}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{F4A09939-013E-4D1E-9B3D-8AA27C5531A1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{AEFE70C8-4850-4A85-A9EF-84644349EA1A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{CFD74D82-F37F-47D2-96AA-5D0BE6F8970E}] => (Allow) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe
FirewallRules: [{D5576B3A-394A-4A60-9B4F-5D68B4EB44E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{6A9C4F8C-A222-4B66-93AA-63F43162821F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{26159110-5175-49DE-8461-DFFC18428085}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DBB61720-AB57-4FF4-8FFB-AC259959E5C3}] => (Allow) LPort=2869
FirewallRules: [{8162BC7B-2809-45A8-99B0-2C40870B6CDA}] => (Allow) LPort=1900
FirewallRules: [{F1C67240-A462-45ED-A201-B9FD3B611DF3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{776E6185-E02E-4222-9E67-25D674D7818F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{2A76131A-58D0-40DE-8213-5B13B870B091}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{18BB8B9B-476A-405F-A00B-358B8C4C05CE}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{603B8131-C19C-40AA-B9D7-70C79F5FB825}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{FA2C118D-A2AB-485C-B794-7D703AE876BB}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5769D609-8D2C-430A-97C9-A7FEFEF0CED7}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{81EBD25B-135B-462F-82F1-0DDD1608C679}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{07B25283-6C0C-46AF-B9D9-7AD1655E85CB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{A2629FF7-BE46-46FE-B09E-16581B4363F8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{FC8E2E4A-F0FC-4781-B784-B058549DF714}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{89A6FE9F-874B-411A-92BA-EE6180080EEB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{D2ADF79F-F35D-4262-BB1F-2AB8B453F278}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{4CC24400-A100-4394-9648-AFB99F88B08B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{B95B34B9-E026-400A-A223-7A60BED0C511}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{5FF19C5E-0790-4977-9A39-638943ABCE08}] => (Block) %ProgramFiles% (x86)\SamsungPrinterLiveUpdate\LUpdate.exe
FirewallRules: [{C4D8DFCF-BD4A-4EF7-A988-72A87198EB9A}] => (Block) %ProgramFiles% (x86)\SamsungPrinterLiveUpdate\SP_Update.exe
FirewallRules: [{D4B85B2F-29C6-4E5C-A157-8AE083777AD2}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{32BE9D8E-6A77-414A-822E-26597B04CCEB}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{5FF1E030-3D2E-4627-9328-3EC69F7413F7}] => (Allow) C:\Program Files\UBar\ubar.exe
FirewallRules: [{C8E55DB0-E3D4-4F51-B0DD-21EFF6010C7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-05-2016 12:01:55 Installed Налогоплательщик ЮЛ.
04-05-2016 12:02:52 Установлено: Печать НД с PDF417 3.2.4 (пакет)
10-05-2016 12:27:17 Removed Multimedia POP
18-05-2016 12:38:31 Запланированная контрольная точка
03-06-2016 11:03:26 Запланированная контрольная точка
24-06-2016 10:53:57 Запланированная контрольная точка
09-07-2016 13:48:10 Запланированная контрольная точка

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2016 06:04:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:04:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:04:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:04:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:03:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:03:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:03:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:03:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:03:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

Error: (08/04/2016 06:03:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; с ошибкой Недопустимые данные.
.

System errors:
=============
Error: (08/04/2016 05:52:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F05589DB-898A-4735-80D6-3646EF68478D}

Error: (08/04/2016 05:52:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/03/2016 06:40:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/03/2016 01:32:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/03/2016 01:30:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/02/2016 05:57:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/15/2016 05:47:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}

Error: (07/15/2016 05:46:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/14/2016 06:31:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}

Error: (07/14/2016 06:31:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

==================== Memory info ===========================

Processor: AMD A4-3330MX APU with Radeon(tm) HD Graphics
Percentage of memory in use: 65%
Total physical RAM: 3563.81 MB
Available physical RAM: 1241.45 MB
Total Virtual: 7125.81 MB
Available Virtual: 4005.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:365 GB) (Free:304.07 GB) NTFS
Drive d: () (Fixed) (Total:546.31 GB) (Free:530.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1473877D)
Partition 1: (Active) — (Size=100 MB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=365 GB) — (Type=07 NTFS)
Partition 3: (Not Active) — (Size=546.3 GB) — (Type=OF Extended)
Partition 4: (Not Active) — (Size=20.1 GB) — (Type=27)

==================== End of Addition.txt ============================

На всякий случай прикреплю оба файла вложением.

Вложения:

You must be logged in to view attached files.

[Павел Ерохин]

isermen никуда не пропал

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Запустите программу Блокнот и вставьте в открытое окно следующий текст

CreateRestorePoint:
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\...\Run: [dvybjwmltv] => explorer "hxxp:///?utm_source=uoua03n&utm_content=fb6126710f9bba594f41bdb6ec9cb56c&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506" <===== ATTENTION
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\...\MountPoints2: {f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} - G:\start.exe
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:///?utm_content=6e4b41f14ac7c0f063d4eb16c0684d3d&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
CHR HomePage: Default -> hxxp://chatozov.ru/?utm_content=706daf58c4c295e14015a61bf477685c&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U3 a6mqeo3e; C:\Windows\System32\Drivers\a6mqeo3e.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
Task: {29EBDF23-6957-406E-A937-485C1A8D9634} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe [2010-12-24] (Samsung Electronics Co., Ltd.) <==== ATTENTION
C:\Users\Павел\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
Folder: C:\Users\Павел\AppData\Local\svshost
C:\Users\Павел\AppData\Local\svshost
EmptyTemp:
Reboot:

Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist

Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение "Fix completed". Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.

После этого выполните новую проверку программой FRST (перед нажатием клавиши Scan поставьте галочку в пункте Addition.txt) и оба её лога прикрепите к вашему ответу.

[Павел Ерохин]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2016
Ran by Павел (15-08-2016 15:33:42) Run:2
Running from C:\Users\Павел\Downloads
Loaded Profiles: Павел (Available Profiles: Павел)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\Run: [dvybjwmltv] => explorer «hxxp:///?utm_source=uoua03n&utm_content=fb6126710f9bba594f41bdb6ec9cb56c&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506» < ===== ATTENTION
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\…\MountPoints2: {f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} — G:\start.exe
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:///?utm_content=6e4b41f14ac7c0f063d4eb16c0684d3d&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1380383141-2180828607-1249965073-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
CHR HomePage: Default -> hxxp://chatozov.ru/?utm_content=706daf58c4c295e14015a61bf477685c&utm_source=startpm&utm_term=CC8649800D7A10D0BD2EE7289826E7FB&utm_d=20160506
CHR HKLM-x32\…\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] — hxxps://clients2.google.com/service/update2/crx
U3 a6mqeo3e; C:\Windows\System32\Drivers\a6mqeo3e.sys [0 ] (Microsoft Corporation) < ==== ATTENTION (zero byte File/Folder)
Task: {29EBDF23-6957-406E-A937-485C1A8D9634} — System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe [2010-12-24] (Samsung Electronics Co., Ltd.) < ==== ATTENTION
C:\Users\Павел\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
Folder: C:\Users\Павел\AppData\Local\svshost
C:\Users\Павел\AppData\Local\svshost
EmptyTemp:
Reboot:

*****************

Restore point was successfully created.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dvybjwmltv => value not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} => key not found.
HKCR\CLSID\{f3dd2e01-0ba9-11e6-b2e6-e8039a87032b} => key not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1380383141-2180828607-1249965073-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C} => key not found.
HKCR\CLSID\{A06ED961-D98F-4CF9-A89B-80AB11DB149C} => key not found.
Chrome HomePage => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\daanglpcpkjjlkhcbladppjphglbigam => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found.
a6mqeo3e => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29EBDF23-6957-406E-A937-485C1A8D9634} => key not found.
C:\windows\System32\Tasks\SvcDelay => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SvcDelay => key not found.
«C:\Users\Павел\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk» => not found.

========================= Folder: C:\Users\Павел\AppData\Local\svshost ========================

not found.

====== End of Folder: ======

«C:\Users\Павел\AppData\Local\svshost» => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8391936 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2682 B
Edge => 0 B
Chrome => 41733978 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 692 B
LocalService => 0 B
NetworkService => 0 B
Павел => 19867 B

RecycleBin => 0 B
EmptyTemp: => 55.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:34:18 ====

Вложения:

You must be logged in to view attached files.

[Admin]

Как сейчас работает компьютер ? Есть ли редиректы на на майлру и рамблер ?

[Павел Ерохин]

здравствуйте!
Да редиректы остались и isermen никуда не делся. каждый раз при открытии новой вкладки аваст блокирует isermen что то сделать в процессе chrome.exe

[Admin]

Тогда продолжим.

Скачайте программу Combofix. Если вы уже скачивали эту программу, то удалите её и скачайте свежую копию.
Закройте все открытые окна и запустите эту программу.

После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: если программа не запускается, переименуйте её например в myfile1.exe (или используйте любое другое имя) и попробуйте снова.

[Павел Ерохин]

ComboFix 16-08-21.02 — Павел 21.08.2016 14:49:16.1.2 — x64
Microsoft Windows 7 Домашняя базовая 6.1.7601.1.1251.7.1049.18.3564.2479 [GMT 4:00]
Running from: c:\users\¦ртхы\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2016-07-21 to 2016-08-21 )))))))))))))))))))))))))))))))
.
.
2016-08-21 10:56 . 2016-08-21 10:56 ——— d——w- c:\users\Default\AppData\Local\temp
2016-08-04 14:03 . 2016-08-15 11:42 ——— d——w- C:\FRST
2016-08-04 13:37 . 2016-08-04 13:41 192216 —-a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-08-04 13:36 . 2016-08-04 13:36 ——— d——w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-08-04 13:36 . 2016-08-04 13:36 ——— d——w- c:\programdata\Malwarebytes
2016-08-04 13:36 . 2016-03-10 10:09 64896 —-a-w- c:\windows\system32\drivers\mwac.sys
2016-08-04 13:36 . 2016-03-10 10:08 140672 —-a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-08-04 13:36 . 2016-03-10 10:08 27008 —-a-w- c:\windows\system32\drivers\mbam.sys
2016-08-02 07:57 . 2016-08-02 07:57 ——— d——w- c:\users\Павел\AppData\Local\CEF
2016-08-02 07:56 . 2016-08-02 07:56 37144 —-a-w- c:\windows\system32\drivers\aswKbd.sys
2016-08-02 07:47 . 2016-08-02 07:47 ——— d——w- c:\users\Павел\AppData\Roaming\AVAST Software
2016-08-02 07:47 . 2016-08-02 07:47 ——— d——w- c:\program files\Common Files\AV
2016-08-02 07:47 . 2016-08-02 07:47 ——— d——w- c:\program files (x86)\Common Files\AV
2016-08-02 07:46 . 2016-08-05 07:21 292704 —-a-w- c:\windows\system32\drivers\aswvmm.sys
2016-08-02 07:46 . 2016-08-02 07:46 74544 —-a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-02 07:46 . 2016-08-02 07:46 513496 —-a-w- c:\windows\system32\drivers\aswSP.sys
2016-08-02 07:46 . 2016-08-02 07:46 37656 —-a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-02 07:46 . 2016-08-02 07:46 163416 —-a-w- c:\windows\system32\drivers\aswStm.sys
2016-08-02 07:46 . 2016-08-02 07:46 108816 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-02 07:46 . 2016-08-02 07:46 103064 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-08-02 07:46 . 2016-08-02 07:46 968536 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2016-08-02 07:46 . 2016-08-02 07:46 391496 —-a-w- c:\windows\system32\aswBoot.exe
2016-08-02 07:46 . 2016-08-02 07:46 992960 —-a-w- c:\windows\system32\ucrtbase.dll
2016-08-02 07:46 . 2016-08-02 07:46 921280 —-a-w- c:\windows\SysWow64\ucrtbase.dll
2016-08-02 07:46 . 2016-08-02 07:46 53208 —-a-w- c:\windows\avastSS.scr
2016-08-02 07:41 . 2016-08-02 07:56 ——— d——w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-07 06:49 . 2011-03-28 09:36 24800 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
«OscarEditor»=»c:\program files (x86)\G10 Multi-Mode\G10-Editor.exe» [2011-08-31 3344384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
«BCSSync»=»c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe» [2010-03-13 91520]
«AvastUI.exe»=»c:\program files\AVAST Software\Avast\AvastUI.exe» [2016-08-02 9071752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
«ConsentPromptBehaviorAdmin»= 5 (0x5)
«ConsentPromptBehaviorUser»= 3 (0x3)
«EnableUIADesktopToggle»= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-09 09:35 1262408 —-a-w- c:\program files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe
.
Contents of the ‘Scheduled Tasks’ folder
.
2016-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
— c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23 13:24]
.
2016-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
— c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23 13:24]
.
.
——— X64 Entries ————
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=»{472083B0-C522-11CF-8763-00608CC02F24}»
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-02 07:46 1031520 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
«RtHDVCpl»=»c:\program files\Realtek\Audio\HDA\RAVCpl64.exe» [2011-06-25 11895400]
«AtherosBtStack»=»c:\program files (x86)\Bluetooth Suite\BtvStack.exe» [2011-06-15 790688]
«AthBtTray»=»c:\program files (x86)\Bluetooth Suite\AthBtTray.exe» [2011-06-15 657568]
.
——- Supplementary Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Отправить в OneNote — c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel — c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.148.128.1 62.148.159.188
.
— — — — ORPHANS REMOVED — — — —
.
Toolbar-Locked — (no file)
Toolbar-Locked — (no file)
HKLM-Run-SynTPEnh — c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-UnityWebPlayer — c:\users\Павел\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
——————— LOCKED REGISTRY KEYS ———————
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
«Enabled»=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=»c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker6″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
«Enabled»=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=»Shockwave Flash Object»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx»
«ThreadingModel»=»Apartment»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=»0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=»ShockwaveFlash.ShockwaveFlash.21″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=»1.0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=»ShockwaveFlash.ShockwaveFlash»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=»Macromedia Flash Factory Object»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx»
«ThreadingModel»=»Apartment»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=»FlashFactory.FlashFactory.1″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=»c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=»1.0″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=»FlashFactory.FlashFactory»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker6″
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
«Solution»=»{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}»
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
«Key»=»ActionsPane3»
«Location»=»c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd»
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-08-21 14:58:52
ComboFix-quarantined-files.txt 2016-08-21 10:58
.
Pre-Run: 291 959 033 856 байт свободно
Post-Run: 291 672 834 048 байт свободно
.
— — End Of File — — D69F2CFFA3AA1BCB0ECC9C8709A4266F
2E5DEBB2116B3417023E0D6562D7ED07

Вложения:

You must be logged in to view attached files.

[Admin]

Павел, а вы Combofix запускали с правами администратора ? Попробуйте снова запустить, только кликните правой клавишей по программе и выберите Запустить от имени Администратора.

И ещё, если проблема так и присутствует, то опишите как она проявляется сейчас. В каком браузере выскакивает реклама, в каких случаях. Проверьте во всех ли браузерах она появляется.

Кроме Combofix лога, сделайте ещё свежие FRST логи.

[Павел Ерохин]

Здравствуйте, Валерий!
Все сделал так, как вы рекомендуете. Проблемы остались. Проявляются след. образом:
1) аваст регулярно ругается на процесс хром.ехе, который хочет загрузить вредоносный, по его мнению УРЛ изермен…
2) регулярно открывается казино вулкан при попытке открыть новую вкладку или попытке перехода в текущей вкладке на, допустим другое видео в ютубе и т.д..
3) поисковые запросы перенаправляются в маил.ру след. образом: после ввода запроса и нажатия на ввод или кнопку поиск сначала появляется поисковая выдача по гуглу (допустим) но через 1-2 секунды в этой же вкладке появляется выдача серчмайл.ру
Указанные симптомы так же присутствуют и в мозиле и в, прости господи, И-эксплорере.

Вложения:

You must be logged in to view attached files.

[Павел Ерохин]

О и совсем забыл, интерфейс сайтов переполнен рекламными банерами всякой ерунды, и при наведении указателя мыши на картинку, она переворачивается вокруг собственной оси (нарисовали же анимацию переворота даже гады) и показывает мне очередной рекламный банер из разряда Елена Малышева рекомендует. Так же периодически всплывают отдельные рекламные окна поверх сайта ( ну и соответственно при попытке это самое окно закрыть, запускается новая вкладка с очередной панацеей от головы и жопы в одном флаконе).

[Автор]

Сообщения