Здравствуйте! Просто никак не удаляется стартовая страница time-to-read.ru

[Rizat]

После установки какой-то гадости на комп появилась стартовая страница тайм ту рид. Пробовал adwcleaner, hijacktool, malwarebytes. Программа- вредитель удалена и вышеуказанные антивирусы поудаляли всякий шлак. НО!!! со стартовой страницы никак не уходит хренов таймтурид! Сперва грузится переходный сайт trumatra.ru после грузится сам таймтурид. Прилагаю txt файлы

Вложения:

You must be logged in to view attached files.

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Запустите программу Блокнот и вставьте в открытое окно следующий текст

CreateRestorePoint:
FF Homepage: hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
CHR HomePage: Default -> hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
CHR StartupUrls: Default -> "hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816"
Task: {4CA8C667-3285-4BD6-B689-8062A32F18CD} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {4DFF9D25-826B-4A7E-AB9A-2A16427D042C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
C:\Users\Rizat\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\HECIx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rxfcv.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Desktop\14327189673ojc0.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Desktop\20667-6-i_vyshe_neba_vzvilsya__ru.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Desktop\карта.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\,Алгыс хат.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\,диплом.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\01_08_2016_ALMATY_OBLYSYNY_1186_ZhASTAR_SAYaSATY_M_1240_SELELERI_BAS_1178_ARMASY_MM_B_KORPUSYNY_1186_BOS_MEMLEKETTIK__1240_KIMShILIK_LAUAZYM_1170_A_ORNA.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\01_08_2016_ALMATY_OBLYSYNY_1186_ZhASTAR_SAYaSATY_M_1240_SELELERI_BAS_1178_ARMASY_MM_B_KORPUSYNY_1186_BOS_MEMLEKETTIK__1240_KIMShILIK_LAUAZYM_1170_A_ORNA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\1415797743_96eba6468392bc36d6c9f59ca4a001a0.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\149306-jovesmodpack_0_9_15_1_1_v26_82_extended.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\149306-jovesmodpack_0_9_15_1_1_v26_82_extended.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\149306-jovesmodpack_0_9_15_1_1_v26_82_extended.exe.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\1_Bas_1179_arma__1179__1201_rylymy.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\1_Struktura_upravlenia(1).pptx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\1_Struktura_upravlenia(1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\1_Struktura_upravlenia.pptx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\1_Struktura_upravlenia.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\25-07-2016_19-07-21.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\2_Baylanys_telefony.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\2_Baylanys_telefony.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\2_Telefonny_spravochnik.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\2_Telefonny_spravochnik.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\3_Azamattardy__1179_abyldau_kestesi.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\3_Azamattardy__1179_abyldau_kestesi.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\4_Grafik_prema_grazhdan.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\4_Grafik_prema_grazhdan.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\56c11a70bfe183c0fc3ef497a2368b6c.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\5_Informatsia_o_postupivshikh_i_rassmotrennykh_obrascheniakh_ot_fizicheskikh_i_yuridicheskikh_lits.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\5_Informatsia_o_postupivshikh_i_rassmotrennykh_obrascheniakh_ot_fizicheskikh_i_yuridicheskikh_lits.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\5_Za_1187_dy_zh_1241_ne_zheke_t_1201_l_1171_alardy_1187__1257_tinishterini_1187_t_1199_skeni_zh_1241_ne__1179_arastyryl_1171_any_turaly_a_1179_parat.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\5_Za_1187_dy_zh_1241_ne_zheke_t_1201_l_1171_alardy_1187__1257_tinishterini_1187_t_1199_skeni_zh_1241_ne__1179_arastyryl_1171_any_turaly_a_1179_parat.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\adwcleaner_6.000.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\adwcleaner_6.000.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Amir - J'ai cherché.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\avz4.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Ben Sumner, Glenn Herweijer, Nicholas Michael Hill - Born To Run.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Ben Sumner, Glenn Herweijer, Nicholas Michael Hill - Refuse To Lose.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Ben Sumner, Glenn Herweijer, Simon James - Jeopardy.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Bryon Michael Gillan - Sunrise and Sunshine.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\BUMBUM-2016_presss_rus_kaz.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\BUMBUM-2016_presss_rus_kaz.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\colorwheel_harmony_2_4_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\colorwheel_harmony_2_4_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\dancing_boy_2-wallpaper-1280x768.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\dancing_boy_2-wallpaper-1280x768.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\DJI_Assistant_2_Installer_20160602.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\DJI_Assistant_2_Installer_20160602.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Dumbo Poreotics - Electro Mix.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Firefox Setup Stub 48.0.1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\Firefox Setup Stub 48.0.1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\FirefoxSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\FirefoxSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\flashplayer22au_ha_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\gdbsimsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\gdbsimsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\HijackThis.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\HijackThis.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\hitmanpro_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\hitmanpro_x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\HPUSBDisk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\HPUSBDisk.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Illusive Festival 2015 (Official Promo Video).mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\Illusive Festival 2015 (Official Promo Video).mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\jxpiinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\jxpiinstall.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\mbam-clean-2.3.0.1001.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\mbam-clean-2.3.0.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\mbam-setup-2.2.1.1043(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\mbam-setup-2.2.1.1043(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\MultiPackFull.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\MultiPackFull.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\preview (1).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\preview.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\PWN9zaHiLvY.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\R.saver_2.5.1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\RecoveRx_v3.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\RecoveRx_v3.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Resume1a.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\Resume1a.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\revosetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\revosetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Runtime GetDataBack for NTFS - FAT v4.33 Final Ml_Rus.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\Runtime GetDataBack for NTFS - FAT v4.33 Final Ml_Rus.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Skrillex - Right In.mp3:$CmdZnID [54]
AlternateDataStreams: C:\Users\Rizat\Downloads\SkypeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\SkypeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\TEAM FURY GAMING COMMUNITY.mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\TEAM FURY GAMING COMMUNITY.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\testdisk-7.0.win.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\testdisk-7.0.win.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\TranscendElite.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\TranscendElite.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Tritonal feat. Phoebe Ryan - Now Or Never (Original Mix).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\UltraISO_XCV_Edition_9362750.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\UltraISO_XCV_Edition_9362750.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\videoplayback (1).mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\videoplayback.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\WhatsApp Image 2016-08-09 at 16.36.40.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Windows 7 Ultimate Ru x86-x64 Orig wBootMenu by OVGorskiy 04.2015.iso:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\[torrentino]-adobe-after-effects-cc-v.13.5-pc.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\ВремяиСтекло - Навернопотомучто.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Итоговый ролик BOOM - BOOM-2015 (NewNomad productions)(1).mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\Итоговый ролик BOOM - BOOM-2015 (NewNomad productions)(1).mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Итоговый ролик BOOM - BOOM-2015 (NewNomad productions).mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rizat\Downloads\Итоговый ролик BOOM - BOOM-2015 (NewNomad productions).mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rizat\Downloads\Карим Масимов встретился с общественностью Талдыкоргана.mp4:$CmdZnID [26]
EmptyTemp:
Reboot:

Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist

Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение "Fix completed". Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.

После этого выполните новую проверку программой FRST (перед нажатием клавиши Scan поставьте галочку в пункте Addition.txt) и оба её лога прикрепите к вашему ответу.

[Rizat]

C:\Users\Rizat\Downloads\jxpiinstall.exe => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\mbam-clean-2.3.0.1001.exe» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\mbam-clean-2.3.0.1001.exe => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\mbam-setup-2.2.1.1043(1).exe» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\mbam-setup-2.2.1.1043(1).exe => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\MultiPackFull.exe» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\MultiPackFull.exe => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\preview (1).mp3 => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\preview.mp3 => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\PWN9zaHiLvY.jpg => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\R.saver_2.5.1.zip => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\RecoveRx_v3.2.exe» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\RecoveRx_v3.2.exe => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\Resume1a.docx» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\Resume1a.docx => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\revosetup.exe» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\revosetup.exe => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\Runtime GetDataBack for NTFS — FAT v4.33 Final Ml_Rus.rar» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\Runtime GetDataBack for NTFS — FAT v4.33 Final Ml_Rus.rar => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\Skrillex — Right In.mp3 => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\SkypeSetup.exe» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\SkypeSetup.exe => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.exe» => «:$CmdTcID» ADS not found.
«C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.zip» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.zip => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\TEAM FURY GAMING COMMUNITY.mp4» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\TEAM FURY GAMING COMMUNITY.mp4 => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\testdisk-7.0.win.zip» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\testdisk-7.0.win.zip => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\TranscendElite.exe» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\TranscendElite.exe => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\Tritonal feat. Phoebe Ryan — Now Or Never (Original Mix).mp3 => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\UltraISO_XCV_Edition_9362750.exe» => «:$CmdTcID» ADS not found.
«C:\Users\Rizat\Downloads\UltraISO_XCV_Edition_9362750.exe» => «:$CmdZnID» ADS not found.
C:\Users\Rizat\Downloads\videoplayback (1).mp4 => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\videoplayback.mp4 => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\WhatsApp Image 2016-08-09 at 16.36.40.jpeg => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\Windows 7 Ultimate Ru x86-x64 Orig wBootMenu by OVGorskiy 04.2015.iso» => «:$CmdZnID» ADS not found.
C:\Users\Rizat\Downloads\[torrentino]-adobe-after-effects-cc-v.13.5-pc.torrent => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\ВремяиСтекло — Навернопотомучто.mp3 => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions)(1).mp4» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions)(1).mp4 => «:$CmdZnID» ADS removed successfully.
«C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions).mp4» => «:$CmdTcID» ADS not found.
C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions).mp4 => «:$CmdZnID» ADS removed successfully.
C:\Users\Rizat\Downloads\Карим Масимов встретился с общественностью Талдыкоргана.mp4 => «:$CmdZnID» ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25968337 B
Java, Flash, Steam htmlcache => 710 B
Windows/system/drivers => 32923936 B
Edge => 0 B
Chrome => 20478229 B
Firefox => 373783034 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 77546 B
LocalService => 0 B
NetworkService => 1242 B
Rizat => 246912938 B
Администратор => 95657 B

RecycleBin => 12612161129 B
EmptyTemp: => 12.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:46:49 ====

• Этот ответ был изменен 8 years, 3 months назад от Rizat.

Вложения:

You must be logged in to view attached files.

[Rizat]

Кстати, проблема осталась(((

[Admin]

Попробуем ещё раз.

Запустите программу Блокнот и вставьте в открытое окно следующий текст

CreateRestorePoint:
GroupPolicyScripts: Restriction <======= ATTENTION
FF Homepage: hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
CHR HomePage: Default -> hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
CHR StartupUrls: Default -> "hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=2016081
Task: {21B2627D-F789-43B9-9FD9-B6CD0C206AA3} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {9D29E280-E661-48B8-805A-A706ED4EA617} - System32\Tasks\PrimoCacheTrialReset-System => D:\12\PrimoCache 2.2.0\medicine\FancyCtR.nolock.exe [2016-08-20] ()
EmptyTemp:
Reboot:

Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist

Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.

Кроме этого выполните новую проверку программой FRST, но перед тем как нажать кнопку Scan, поставьте галочку в пункте Addition.txt. Оба получившихся лога прикрепите к вашему ответу.

[Rizat]

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Rizat (26-08-2016 16:29:29) Run:3
Running from C:\Users\Rizat\Downloads
Loaded Profiles: Rizat (Available Profiles: Rizat & Администратор)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicyScripts: Restriction < ======= ATTENTION
FF Homepage: hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
CHR HomePage: Default -> hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
CHR StartupUrls: Default -> «hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=2016081
Task: {21B2627D-F789-43B9-9FD9-B6CD0C206AA3} — System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo «C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs»
Task: {9D29E280-E661-48B8-805A-A706ED4EA617} — System32\Tasks\PrimoCacheTrialReset-System => D:\12\PrimoCache 2.2.0\medicine\FancyCtR.nolock.exe [2016-08-20] ()
EmptyTemp:
Reboot:
*****************

Restore point was successfully created.
«C:\Windows\system32\GroupPolicy\Machine» => not found.
Firefox «homepage» removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B2627D-F789-43B9-9FD9-B6CD0C206AA3} => key not found.
C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_WILLAMETTE => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D29E280-E661-48B8-805A-A706ED4EA617} => key not found.
C:\Windows\System32\Tasks\PrimoCacheTrialReset-System => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrimoCacheTrialReset-System => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13657416 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 8635600 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Rizat => 1189307 B
Администратор => 0 B

RecycleBin => 181036 B
EmptyTemp: => 22.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:29:37 ====

Вложения:

You must be logged in to view attached files.

[Admin]

Farbar Recovery Scan Tool удаляет редирект, но в логах он появляется снова. Попробуем другую программу.
Скачайте программу Combofix. Если вы уже скачивали эту программу, то удалите её и скачайте свежую копию.
Закройте все открытые окна и запустите эту программу.

После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: если программа не запускается, переименуйте её например в myfile1.exe (или используйте любое другое имя) и попробуйте снова.

Перед использованием Сombofix отключите ваш антивирус и антиспайваре, если есть.

[Rizat]

ComboFix 16-08-31.01 — Rizat 31.08.2016 14:09:16.1.8 — x64
Microsoft Windows 7 Максимальная 6.1.7601.1.1251.7.1049.18.16345.13533 [GMT 6:00]
Running from: c:\users\Rizat\Downloads\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {0371CA44-3F80-A1D3-BECE-910620B58D50}
FW: COMODO Firewall *Enabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
SP: 360 Total Security *Disabled/Updated* {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\BD8F.tmp
c:\programdata\ntuser.pol
c:\users\Rizat\AppData\Local\Downloader.exe
c:\users\Rizat\AppData\Roaming\DRPSu
c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\hardware.json
c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json
c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\soft
c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\soft.json
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Acer-WinAll-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-7×64-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Etron-FORCED-Allx64-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Genesys-FORCED-7×64-4.1.1.0-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-Chipset-NTx64-10.1.1.14-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-HECI-NTx64-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-Intel_1.0.10.255-FORCED-7×64-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-Intel_Chipset_9.3.0-FORCED-5×64-USB-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-Intel_Chipset_9.3.0-FORCED-8×64-USB-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.0.1011_HDA-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.2.1020_NEW-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Logitech-FORCED-Allx64-SetPoint-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Nuvoton-FORCED-7×64-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\nVidia-FORCED-6Xx64-364.72-Display.Driver-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\nVidia-WinAll-nVidia_1.3.34.4-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-51xx_10.0.10586.31222-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\VIA-FORCED-7×64-6.0.11.1100-drp.zip
c:\users\Rizat\AppData\Roaming\DRPSu\Logs\log___2016-05-08-18-06-23.html
c:\users\Rizat\AppData\Roaming\DRPSu\Logs\log___2016-05-08-18-06-32.html
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_11914.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_16404.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_19804.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_27145.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_28109.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_32905.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_41346.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_42066.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_4784.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_48010.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_71425.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_786.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_85910.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_88239.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_90301.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_90947.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_95196.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_95402.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_35405.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_53569.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_65119.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_70385.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_77869.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_11914.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_16404.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_19804.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_27145.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_28109.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_32905.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_41346.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_42066.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_4784.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_48010.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_71425.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_786.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_85910.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_88239.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_90301.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_90947.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_95196.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_95402.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_11914.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_16404.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_19804.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_27145.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_28109.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_32905.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_41346.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_42066.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_4784.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_48010.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_71425.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_786.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_85910.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_88239.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_90301.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_90947.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_95196.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_95402.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_11914.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_16404.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_1937.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_19804.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_27145.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_28109.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_32905.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_33962.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_3510.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_35405.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_3544.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_41346.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_42066.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_4784.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_48010.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_53569.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_56797.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_65119.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_65124.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_70385.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_71425.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_76175.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_77869.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_786.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_83092.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_85910.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_88239.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_90301.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_90947.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_95196.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_95402.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_96143.txt
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_11914.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_16404.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_1937.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_19804.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_27145.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_28109.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_28293.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_32905.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_33962.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_3510.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_35405.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_3544.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_41346.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_42066.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_4784.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_48010.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_53569.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_56797.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_65119.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_65124.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_70385.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_71425.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_76175.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_77869.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_786.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_83092.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_85910.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_88239.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_90301.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_90947.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_95196.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_95402.log
c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_96143.log
.
.
((((((((((((((((((((((((( Files Created from 2016-07-28 to 2016-08-31 )))))))))))))))))))))))))))))))
.
.
2016-08-31 08:14 . 2016-08-31 08:14 ——— d——w- c:\users\Администратор\AppData\Local\temp
2016-08-31 08:14 . 2016-08-31 08:14 ——— d——w- c:\users\Default\AppData\Local\temp
2016-08-31 07:54 . 2016-08-31 07:56 ——— d——w- c:\users\Rizat\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-08-31 07:54 . 2016-08-31 08:04 ——— d——w- c:\program files\Plumbytes Software
2016-08-30 20:00 . 2016-08-30 20:00 ——— d——w- c:\programdata\Mail.Ru
2016-08-30 13:05 . 2016-08-30 13:05 ——— d——w- c:\users\Rizat\AppData\Local\Вoйти в Интeрнет
2016-08-30 13:04 . 2016-08-30 19:58 ——— d——w- c:\program files (x86)\Mail.Ru
2016-08-30 13:01 . 2016-08-30 13:01 ——— d——w- c:\users\Rizat\AppData\Local\Поиcк в Интeрнете
2016-08-30 13:00 . 2016-08-30 19:59 ——— d——w- c:\users\Rizat\AppData\Roaming\GameLauncher
2016-08-28 15:16 . 2016-08-28 15:16 ——— d——w- c:\program files (x86)\Skillbrains
2016-08-23 15:08 . 2016-08-23 15:08 ——— d——w- c:\windows\Trend Micro
2016-08-23 15:08 . 2016-08-23 15:08 ——— d——w- c:\programdata\Trend Micro
2016-08-23 15:06 . 2016-08-23 15:07 316168 —-a-w- c:\windows\system32\drivers\tmcomm.sys
2016-08-23 14:36 . 2016-08-26 10:34 ——— d——w- C:\FRST
2016-08-23 13:58 . 2016-08-23 13:58 ——— d——w- c:\program files\HitmanPro
2016-08-23 13:58 . 2016-08-23 14:02 ——— d——w- c:\programdata\HitmanPro
2016-08-21 08:39 . 2016-08-21 08:41 ——— d——w- c:\users\Rizat\AppData\Roaming\DJIAssistant2
2016-08-21 08:39 . 2016-08-21 08:39 ——— d——w- c:\users\Rizat\AppData\Roaming\Electron
2016-08-21 08:39 . 2016-08-21 08:39 ——— d——w- c:\users\Rizat\AppData\Roaming\DJI Assistant 2
2016-08-19 20:07 . 2016-08-19 20:07 165472 —-a-w- c:\windows\system32\drivers\rxfcv.sys
2016-08-19 20:07 . 2016-08-19 20:11 ——— d——w- c:\program files\PrimoCache
2016-08-19 20:00 . 2016-08-19 20:00 ——— d——w- c:\program files\VS Revo Group
2016-08-19 12:28 . 2016-08-30 19:56 192216 —-a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-08-19 12:28 . 2016-08-19 12:28 ——— d——w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-08-19 12:28 . 2016-08-19 12:28 64896 —-a-w- c:\windows\system32\drivers\mwac.sys
2016-08-19 12:28 . 2016-08-19 12:28 27008 —-a-w- c:\windows\system32\drivers\mbam.sys
2016-08-19 12:28 . 2016-08-19 12:28 140672 —-a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-08-19 12:28 . 2016-08-19 12:28 ——— d——w- c:\programdata\Malwarebytes
2016-08-19 11:55 . 2016-08-30 19:58 ——— d——w- C:\AdwCleaner
2016-08-16 18:35 . 2016-08-30 13:04 ——— d——w- c:\users\Rizat\AppData\Local\Unity
2016-08-09 06:53 . 2016-08-09 06:53 ——— d——w- c:\program files (x86)\UltraISO
2016-08-09 06:53 . 2016-08-09 06:53 ——— d——w- c:\program files (x86)\Common Files\EZB Systems
2016-08-05 13:31 . 2016-08-05 13:31 ——— d——w- c:\users\Rizat\AppData\Roaming\Artiom N
2016-08-03 10:27 . 2016-08-03 10:27 ——— d——w- c:\program files (x86)\Common Files\Java
2016-08-02 07:07 . 2016-08-02 07:07 ——— d——w- c:\users\Rizat\Tracing
2016-08-02 07:07 . 2016-08-20 20:10 ——— d——w- c:\users\Rizat\AppData\Roaming\Skype
2016-08-02 07:07 . 2016-08-02 07:07 ——— d——w- c:\program files (x86)\Common Files\Skype
2016-08-02 07:07 . 2016-08-02 07:07 ——— d——r- c:\program files (x86)\Skype
2016-08-02 07:07 . 2016-08-02 07:07 ——— d——w- c:\programdata\Skype
2016-08-01 10:51 . 2016-08-01 10:51 ——— d——w- c:\users\Rizat\AppData\Roaming\Corel
2016-08-01 10:49 . 2016-08-01 10:49 ——— d——w- c:\program files\Corel
2016-08-01 10:41 . 2016-08-01 10:41 ——— d——w- c:\users\Rizat\AppData\Local\Disc_Soft_Ltd
2016-08-01 09:25 . 2016-08-25 13:20 ——— d——w- c:\users\Rizat\ColorWheel Harmony
2016-08-01 09:25 . 2016-08-01 09:25 ——— d——w- c:\users\Rizat\AppData\Roaming\CWH___
2016-08-01 09:25 . 2016-08-01 09:25 ——— d——w- c:\program files (x86)\ColorWheel Harmony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-21 08:41 . 2016-01-17 06:33 33280 —-a-w- c:\windows\system32\drivers\usbser.sys
2016-08-08 06:04 . 2016-05-08 13:03 391392 —-a-w- c:\windows\system32\drivers\360fsflt.sys
2016-08-08 06:04 . 2016-05-08 13:03 330472 —-a-w- c:\windows\system32\drivers\360Box64.sys
2016-08-08 06:04 . 2016-05-08 13:03 190696 —-a-w- c:\windows\system32\drivers\BAPIDRV64.SYS
2016-08-08 06:04 . 2016-05-08 13:03 86248 —-a-w- c:\windows\system32\drivers\360AvFlt.sys
2016-08-05 12:12 . 2016-05-08 11:27 796352 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-08-05 12:12 . 2016-05-08 11:27 142528 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-08-03 10:27 . 2016-05-08 11:27 97856 —-a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-07-17 13:07 . 2012-07-17 12:12 62784 —-a-w- c:\windows\system32\drivers\HECIx64.sys
2016-07-10 06:32 . 2016-06-15 01:12 116248 —-a-w- c:\windows\system32\drivers\inspect.sys
2016-07-10 06:32 . 2016-06-15 01:12 56472 —-a-w- c:\windows\system32\drivers\cmdhlp.sys
2016-07-10 06:32 . 2016-06-15 01:12 829600 —-a-w- c:\windows\system32\drivers\cmdguard.sys
2016-07-10 06:32 . 2016-06-15 01:12 31648 —-a-w- c:\windows\system32\drivers\cmderd.sys
2016-07-10 06:30 . 2016-06-15 01:08 51800 —-a-w- c:\windows\system32\cmdcsr.dll
2016-07-10 06:30 . 2016-06-15 01:08 642976 —-a-w- c:\windows\SysWow64\guard32.dll
2016-07-10 06:30 . 2016-06-15 01:08 813824 —-a-w- c:\windows\system32\guard64.dll
2016-07-10 06:28 . 2016-06-15 01:04 365752 —-a-w- c:\windows\system32\cmdvrt64.dll
2016-07-10 06:27 . 2016-06-15 01:02 51896 —-a-w- c:\windows\system32\cmdkbd64.dll
2016-07-10 06:25 . 2016-06-15 00:58 296120 —-a-w- c:\windows\SysWow64\cmdvrt32.dll
2016-07-10 06:24 . 2016-06-15 00:57 46776 —-a-w- c:\windows\SysWow64\cmdkbd32.dll
2016-06-29 03:21 . 2016-05-08 13:03 77904 —-a-w- c:\windows\SysWow64\drivers\360AvFlt.sys
2016-06-29 03:21 . 2016-05-08 13:03 151784 —-a-w- c:\windows\system32\drivers\360AntiHacker64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@=»{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@=»{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@=»{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@=»{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@=»{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@=»{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@=»{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@=»{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
«ecftmvavzj»=»explorer http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816&#187; [?]
«CCleaner Monitoring»=»c:\program files\CCleaner\CCleaner64.exe» [2016-08-01 8698584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
«QHSafeTray»=»c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe» [2016-08-10 1840552]
«Lightshot»=»c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe» [2016-08-28 225944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
«ConsentPromptBehaviorAdmin»= 0 (0x0)
«ConsentPromptBehaviorUser»= 3 (0x3)
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)
«PromptOnSecureDesktop»= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
«LoadAppInit_DLLs»=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=»»
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=»»
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
.
.
Contents of the ‘Scheduled Tasks’ folder
.
2016-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
— c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-08 12:12]
.
2016-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
— c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19 12:14]
.
2016-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
— c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19 12:14]
.
2016-08-31 c:\windows\Tasks\update-S-1-5-21-3268784079-3559336630-2915385002-1000.job
— c:\program files (x86)\Skillbrains\Updater\Updater.exe [2016-08-28 08:53]
.
2016-08-31 c:\windows\Tasks\update-sys.job
— c:\program files (x86)\Skillbrains\Updater\Updater.exe [2016-08-28 08:53]
.
.
——— X64 Entries ————
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@=»{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@=»{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@=»{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@=»{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@=»{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@=»{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@=»{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@=»{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}»
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
«COMODO Internet Security»=»c:\program files\COMODO\COMODO Internet Security\cistray.exe» [2016-07-12 1610936]
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://ovgorskiy.ru
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Экспорт в Microsoft Excel — c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.1
FF — ProfilePath — c:\users\Rizat\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF — prefs.js: browser.startup.homepage — hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
.
.
——————— LOCKED REGISTRY KEYS ———————
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101»
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
«Enabled»=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=»c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe»
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker6″
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
«Enabled»=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=»Shockwave Flash Object»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx»
«ThreadingModel»=»Apartment»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=»0″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=»ShockwaveFlash.ShockwaveFlash.22″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=»1.0″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=»ShockwaveFlash.ShockwaveFlash»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=»Macromedia Flash Factory Object»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx»
«ThreadingModel»=»Apartment»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=»FlashFactory.FlashFactory.1″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=»1.0″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=»FlashFactory.FlashFactory»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker6″
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
«SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Configurations]
«SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Data]
«SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Options]
«SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog\System\RxDeliveryStamp\{57C7DD3D-2E9C-4F3B-A270-391E8AEDF0C4}\Parameter****0D411D579080]
@Allowed: (B 1 4 5 6) (Administrators)
«DataA»=hex:01,17,43,66,c0,ad,a4,01,0f,c5,35,b9,9e,38,ac,08,a9,51,cb,e7,82,ff,
d1,01,bf,51,84,01,80,f8,ff,ff
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Cam]
«SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro]
«SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2016-08-31 14:16:43
ComboFix-quarantined-files.txt 2016-08-31 08:16
.
Pre-Run: 90 654 339 072 байт свободно
Post-Run: 90 528 894 976 байт свободно
.
— — End Of File — — 792D407039EC8B1504BAECEED62B1175
A36C5E4F47E84449FF07ED3517B43A31

[Admin]

Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
«ecftmvavzj»=-

Firefox::
FF — prefs.js: browser.startup.homepage — hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.

После этого выполните новую проверку программой FRST (перед нажатием клавиши Scan поставьте галочку в пункте Addition.txt) и оба её лога прикрепите к вашему ответу.

[Автор]

Сообщения