Вылезает сама реклама в новой вкладке в браузере.

В последнее время вылезает реклама в браузере, раньше не обращал внимание, но уже надоело, прошу помочь.
[ATTACH=CONFIG]666106[/ATTACH]

Уважаемый(ая) [B]Борщец[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].

Здравствуйте!

1. Скачайте [url=http://virusinfo.info/soft/tool.php?tool=ClearLNK]ClearLNK[/url] и сохраните архив с утилитой на Рабочем столе.
* Распакуйте архив с утилитой в отдельную папку.
* Перенесите файл [b]Check_Browsers_LNK.log[/b] из логов на ClearLNK как показано на рисунке
[url=http://dragokas.com/tools/move.gif][img]http://dragokas.com/tools/move.gif[/img][/url]
* Отчет о работе [b]ClearLNK-<Дата>.log[/b] будет сохранен в папке LOG.
* Прикрепите этот отчет к своему следующему сообщению.

2. Пофиксите в [url=https://virusinfo.info/showthread.php?t=4491]HiJackThis[/url].
Сама программа HiJackThis находится в папке AutoLogger, в подпапке HiJackThis
[code]
O20 - AppInit_DLLs: C:\ProgramData\Airtostrong\Sanruncof.dll
[/code]


3. [b]Временно отключите [url=https://virusinfo.info/showthread.php?t=130828]защитное ПО[/url][/b].

Выполните скрипт [url=https://virusinfo.info/showthread.php?t=7239]AVZ[/url].
[code]
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
TerminateProcessByName('c:\users\Админ\appdata\roaming\youtube mp3 converter\youtubeconverter.exe');
TerminateProcessByName('C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe');
QuarantineFile('C:\Program Files\GameXPService\gamexpsvc.exe','');
QuarantineFile('C:\Users\Админ\AppData\Local\SystemMonitor2016\4129672696.exe','');
QuarantineFile('C:\temp\yeaplayer51495.exe','');
QuarantineFile('C:\Users\Админ\AppData\Local\Hostinstaller\4129672696_installcube.exe','');
QuarantineFile('C:\Users\Админ\AppData\Local\SearchGo\searchgo.exe','');
QuarantineFile('C:\Users\Админ\AppData\LocalLow\SearchGo\searchgo.dll','');
QuarantineFile('C:\Users\Админ\AppData\Local\Mozilla\Realtek HD\rthdcpl.exe','');
QuarantineFile('C:\ProgramData\Ronzap\Dongantone.reg','');
QuarantineFile('C:\ProgramData\Ronzap\Mathis.reg','');
QuarantineFile('C:\ProgramData\Airtostrong\Dripstock.reg','');
QuarantineFile('C:\ProgramData\Ronzap\Tresbam.reg','');
QuarantineFile('C:\ProgramData\Ronzap\Saostateco.reg','');
QuarantineFile('C:\ProgramData\Airtostrong\InchOzedax.reg','');
QuarantineFile('C:\ProgramData\Airtostrong\Suning.reg','');
QuarantineFile('C:\ProgramData\Airtostrong\Overlight.reg','');
QuarantineFile('C:\ProgramData\Ronzap\Solsolfan.reg','');
QuarantineFile('C:\ProgramData\xifs\Tanla.reg','');
QuarantineFile('C:\ProgramData\Ronzap\BlackLam.reg','');
QuarantineFile('C:\ProgramData\Airtostrong\Contouch.reg','');
QuarantineFile('C:\ProgramData\Airtostrong\Dalt-Fresh.reg','');
QuarantineFile('C:\ProgramData\Ronzap\DripFan.reg','');
QuarantineFile('C:\ProgramData\Airtostrong\Trustla.reg','');
QuarantineFile('C:\Users\Админ\AppData\Roaming\FreeVPN\FreeVPN.exe','');
QuarantineFile('C:\ProgramData\InstallChecker\InstallChecker.exe','');
QuarantineFile('C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe','');
QuarantineFile('C:\Program Files\QGNA\qGNA.exe','');
QuarantineFile('C:\Users\Админ\AppData\Local\fupdate\fupdate.exe','');
QuarantineFile('C:\Windows\system32\config\systemprofile\AppData\Local\Stimtandax','');
QuarantineFile('C:\Users\Админ\AppData\Local\ComDev\ComDev.exe','');
QuarantineFile('C:\Users\7272~1\AppData\Roaming\{251A1~1\HELPER~1.EXE','');
DelCLSID('{89820200-ECBD-11cf-8B85-00AA005B4340}');
DelCLSID('{2C7339CF-2B09-4501-B3F3-F3508C9228ED}');
DelCLSID('{8A56567E-A333-4843-B6E1-C3A262E41D8C}');
DelCLSID('{B1883831-F0D8-4453-8245-EEAAD866DD6E}');
DelCLSID('{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}');
DelBHO('{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}');
DelBHO('{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}');
QuarantineFile('C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll','');
DelBHO('{10921475-03CE-4E04-90CE-E2E7EF20C814}');
QuarantineFile('Hamachi\LMIGuardianEvt.dll','');
QuarantineFile('C:\Program Files\LogMeIn','');
QuarantineFile('Update\svrupg.exe','');
QuarantineFile('C:\ProgramData\Windows','');
QuarantineFile('C:\ProgramData\service.exe','');
QuarantineFile('C:\ProgramData\Airtostrong\Sanruncof.dll','');
QuarantineFile('C:\Temp\gkernel.sys','');
DeleteService('gkernel');
StopService('gkernel');
QuarantineFile('C:\Program Files\Garena Plus\Room\safedrv.sys','');
DeleteService('GGSAFERDriver');
StopService('GGSAFERDriver');
QuarantineFile('c:\users\Админ\appdata\roaming\youtube mp3 converter\youtubeconverter.exe','');
DeleteFile('c:\users\Админ\appdata\roaming\youtube mp3 converter\youtubeconverter.exe','32');
DeleteFileMask('c:\users\Админ\appdata\roaming\youtube mp3 converter','*',true);
DeleteDirectory('c:\users\Админ\appdata\roaming\youtube mp3 converter');
DeleteFile('C:\Program Files\Garena Plus\Room\safedrv.sys','32');
DeleteFileMask('C:\Program Files\Garena Plus','*',true);
DeleteDirectory('C:\Program Files\Garena Plus');
DeleteFile('C:\Temp\gkernel.sys','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wuynjjjgbv');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','YouTube MP3 Converter IE Helper');
DeleteFile('C:\ProgramData\Airtostrong\Sanruncof.dll','32');
DeleteFileMask('C:\ProgramData\Airtostrong','*',true);
DeleteDirectory('C:\ProgramData\Airtostrong');
DeleteFile('C:\ProgramData\service.exe','32');
DeleteFile('C:\ProgramData\Windows Update\svrupg.exe','32');
DeleteFileMask('C:\ProgramData\Windows Update','*',true);
DeleteDirectory('C:\ProgramData\Windows Update');
DeleteFile('C:\Program Files\LogMeIn Hamachi\LMIGuardianEvt.dll','32');
DeleteFileMask('C:\Program Files\LogMeIn Hamachi','*',true);
DeleteDirectory('C:\Program Files\LogMeIn Hamachi');
DeleteFile('C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll','32');
DeleteFileMask('C:\Program Files\IObit','*',true);
DeleteDirectory('C:\Program Files\IObit');
DeleteFile('C:\Users\Админ\AppData\LocalLow\SearchGo\searchgo.dll','32');
DeleteFileMask('C:\Users\Админ\AppData\LocalLow\SearchGo','*',true);
DeleteDirectory('C:\Users\Админ\AppData\LocalLow\SearchGo');
DeleteFile('C:\WINDOWS\Tasks\{66B7E4FC-C723-4724-0723-79EEC9FA534E}.job','32');
DeleteFile('C:\Users\7272~1\AppData\Roaming\{251A1~1\HELPER~1.EXE','32');
DeleteFile('C:\WINDOWS\system32\Tasks\ComDev','32');
DeleteFile('C:\Users\Админ\AppData\Local\ComDev\ComDev.exe','32');
DeleteFileMask('C:\Users\Админ\AppData\Local\ComDev','*',true);
DeleteDirectory('C:\Users\Админ\AppData\Local\ComDev');
DeleteFile('C:\WINDOWS\system32\Tasks\dowbeoadua','32');
DeleteDirectory('C:\Windows\system32\config\systemprofile\AppData\Local\Stimtandax');
DeleteFile('C:\WINDOWS\system32\Tasks\fupdate','32');
DeleteFile('C:\Users\Админ\AppData\Local\fupdate\fupdate.exe','32');
DeleteFileMask('C:\Users\Админ\AppData\Local\fupdate','*',true);
DeleteDirectory('C:\Users\Админ\AppData\Local\fupdate');
DeleteFile('C:\WINDOWS\system32\Tasks\GameNet','32');
DeleteFile('C:\Program Files\QGNA\qGNA.exe','32');
DeleteFileMask('C:\Program Files\QGNA','*',true);
DeleteDirectory('C:\Program Files\QGNA');
DeleteFile('C:\WINDOWS\system32\Tasks\GuntonyBrowserUpdateCore','32');
DeleteFile('C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe','32');
DeleteFileMask('C:\Program Files\Guntony','*',true);
DeleteDirectory('C:\Program Files\Guntony');
DeleteFile('C:\WINDOWS\system32\Tasks\GuntonyBrowserUpdateUA','32');
DeleteFile('C:\WINDOWS\system32\Tasks\GuntonyCheckTask','32');
DeleteFile('C:\WINDOWS\system32\Tasks\Microsoft\Windows\Apps\UpService','32');
DeleteFile('C:\ProgramData\InstallChecker\InstallChecker.exe','32');
DeleteFileMask('C:\ProgramData\InstallChecker','*',true);
DeleteDirectory('C:\ProgramData\InstallChecker');
DeleteFile('C:\WINDOWS\system32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN','32');
DeleteFile('C:\Users\Админ\AppData\Roaming\FreeVPN\FreeVPN.exe','32');
DeleteFileMask('C:\Users\Админ\AppData\Roaming\FreeVPN','*',true);
DeleteDirectory('C:\Users\Админ\AppData\Roaming\FreeVPN');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Bluefix','32');
DeleteFile('C:\ProgramData\Airtostrong\Trustla.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Coffix','32');
DeleteFile('C:\ProgramData\Ronzap\DripFan.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Doncom','32');
DeleteFile('C:\ProgramData\Airtostrong\Dalt-Fresh.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Istam','32');
DeleteFile('C:\ProgramData\Airtostrong\Contouch.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Jobfresh','32');
DeleteFile('C:\ProgramData\Ronzap\BlackLam.reg','32');
DeleteFileMask('C:\ProgramData\Ronzap','*',true);
DeleteDirectory('C:\ProgramData\Ronzap');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Med-Com','32');
DeleteFile('C:\ProgramData\xifs\Tanla.reg','32');
DeleteFileMask('C:\ProgramData\xifs','*',true);
DeleteDirectory('C:\ProgramData\xifs');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Ozeris','32');
DeleteFile('C:\ProgramData\Ronzap\Solsolfan.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Pluscore','32');
DeleteFile('C:\ProgramData\Airtostrong\Overlight.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_S-Quostrong','32');
DeleteFile('C:\ProgramData\Airtostrong\Suning.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_StrongTondom','32');
DeleteFile('C:\ProgramData\Airtostrong\InchOzedax.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_ToughHotex','32');
DeleteFile('C:\ProgramData\Ronzap\Saostateco.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Transnix','32');
DeleteFile('C:\ProgramData\Ronzap\Tresbam.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_TrustSailsing','32');
DeleteFile('C:\ProgramData\Airtostrong\Dripstock.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Zen-Strong','32');
DeleteFile('C:\ProgramData\Ronzap\Mathis.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\psv_Zumlam','32');
DeleteFile('C:\ProgramData\Ronzap\Dongantone.reg','32');
DeleteFile('C:\WINDOWS\system32\Tasks\Realtek HD Audio','32');
DeleteFile('C:\Users\Админ\AppData\Local\Mozilla\Realtek HD\rthdcpl.exe','32');
DeleteFileMask('C:\Users\Админ\AppData\Local\Mozilla\Realtek HD','*',true);
DeleteDirectory('C:\Users\Админ\AppData\Local\Mozilla\Realtek HD');
DeleteFile('C:\WINDOWS\system32\Tasks\SearchGo Task','32');
DeleteFile('C:\Users\Админ\AppData\Local\SearchGo\searchgo.exe','32');
DeleteFileMask('C:\Users\Админ\AppData\Local\SearchGo','*',true);
DeleteDirectory('C:\Users\Админ\AppData\Local\SearchGo');
DeleteFile('C:\WINDOWS\system32\Tasks\Soft installer','32');
DeleteFile('C:\Users\Админ\AppData\Local\Hostinstaller\4129672696_installcube.exe','32');
DeleteFileMask('C:\Users\Админ\AppData\Local\Hostinstaller','*',true);
DeleteDirectory('C:\Users\Админ\AppData\Local\Hostinstaller');
DeleteFile('C:\WINDOWS\system32\Tasks\svchost','32');
DeleteFile('C:\temp\yeaplayer51495.exe','32');
DeleteFileMask('C:\temp','*',true);
DeleteDirectory('C:\temp');
DeleteFile('C:\WINDOWS\system32\Tasks\SystemMonitor2016','32');
DeleteFile('C:\Users\Админ\AppData\Local\SystemMonitor2016\4129672696.exe','32');
DeleteFileMask('C:\Users\Админ\AppData\Local\SystemMonitor2016','*',true);
DeleteDirectory('C:\Users\Админ\AppData\Local\SystemMonitor2016');
DeleteFile('C:\WINDOWS\system32\Tasks\{66B7E4FC-C723-4724-0723-79EEC9FA534E}','32');
DeleteFile('C:\WINDOWS\system32\Tasks\GameXPService Autoupdate','32');
DeleteFile('C:\Program Files\GameXPService\gamexpsvc.exe','32');
DeleteFileMask('C:\Program Files\GameXPService','*',true);
DeleteDirectory('C:\Program Files\GameXPService');
DeleteFile('C:\WINDOWS\system32\Tasks\{8EB91642-CA70-46DD-AF8E-F013A6BC7F05}','32');
DeleteFile('C:\WINDOWS\system32\Tasks\internet-lifeorggoletssm','32');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('TSW',2,3,true);
ExecuteWizard('SCU',2,2,true);
BC_Activate;
RebootWindows(true);
end.
[/code]
Компьютер перезагрузится.

4. Сделайте лог утилитой [url=https://virusinfo.info/showthread.php?t=146192]AdwCleaner[/url] и пришлите его.

5. Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.

[b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
[list][*]Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.[*]Нажмите кнопку [b]Scan[/b].[*]После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.[*]Если программа была запущена в первый раз, будет создан отчет ([b]Addition.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении.[/list]
[img]http://i.imgur.com/3munStB.png[/img]

uped

Help pls

Рецепт в сообщении №3

[ATTACH]667133[/ATTACH] [ATTACH]667134[/ATTACH] [ATTACH]667135[/ATTACH]

1. Удалите в [url=https://virusinfo.info/showthread.php?t=146192&p=1041864&viewfull=1#post1041864]AdwCleaner[/url] всё, кроме папок с названиями программ которыми вы пользуетесь (если ничем из перечисленного в логе не пользуетесь, то удалите всё). Отчет после удаления прикрепите.

2. Если не нужна эта программа, - удалите.
[code]
() C:\Users\Админ\AppData\Roaming\YouTube MP3 Converter\youtubeconverter.exe
[/code]

3. Удалите вручную все расширения из браузера [b]Google Chrome[/b]. В дальнейшем устанавливайте только необходимые, по одному, постепенно наблюдая, не появились ли проблемы.

4.[list][*]Скопируйте приведенный ниже текст в Блокнот и сохраните файл как [b]fixlist.txt[/b] в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
[code]
CreateRestorePoint:
CloseProcesses:
(Python Software Foundation) C:\Users\Админ\AppData\Roaming\RedditSearch\python\pythonw.exe
(Python Software Foundation) C:\Users\Админ\AppData\Roaming\RedditSearch\python\pythonw.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-342473991-3717163355-3590753587-1000\...\Run: [wuynjjjgbv] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=023702E202F1DE43DDA950E6B8C0D8F6&utm_d=20160521" <==== ATTENTION
HKU\S-1-5-21-342473991-3717163355-3590753587-1000\...\Run: [RedditSearch] => C:\Users\Админ\AppData\Roaming\RedditSearch\python\pythonw.exe [96408 2017-07-08] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-342473991-3717163355-3590753587-1000\...\MountPoints2: {f5e83b13-4b7e-11e6-936b-204747298996} - "H:\setup.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-342473991-3717163355-3590753587-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B220d2-X1GHc82FaVnn1TNbdD1clrUEsjutC4WNlG5zTwgrRH29agGKdAHkdwazmwjyGGrXVvWaDdNBdQR-1YWqE2y_mGgtGRO5fQLcdD2XB7zd8MkJx-aogs74MqX250x-IVC-C9FSYbjRW-iz7JNyrFs9ctHXQbC_M7GMtGoL4,&q={searchTerms}
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B220d2-X1GHc82FaVnn1TNbdD1clrUEsjutC4WNlG5zTwgrRH29agGKdAHkdwazmwjyGGrXVvWaDdNBdQR-1YWqE2y_mGgtGRO5fQLcdD2XB7zd8MkJx-aogs74MqX250x-IVC-C9FSYbjRW-iz7JNyrFs9ctHXQbC_M7GMtGoL4,&q={searchTerms}
SearchScopes: HKLM -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_04_ssg01&cd=2XzuyEtN2Y1L1QzuyCtDyC0D0CyBzzzztDtD0AtC0C0D0FzztN0D0Tzu0StCzzyDtCtN1L2XzutAtFtByEtFtCtAtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0D0FyBtCtDtCtAtGtDyDyEyEtGyEtB0D0BtGyB0DyC0BtGyCtB0DyBtB0C0DyEzytDtA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzzyCyDyB0Ezz0CtGtC0DtA0BtGyEtAtCyBtGzzyByEyCtGtAyEyE0CyByD0C0BzytC0F0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByDtD&cr=1440388823&ir=&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll => No File
BHO: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\Админ\AppData\LocalLow\SearchGo\searchgo.dll [2016-05-21] (Searchgo)
BHO: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Админ\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-05-04] (Mail.Ru)
Toolbar: HKLM - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\Админ\AppData\LocalLow\SearchGo\searchgo.dll [2016-05-21] (Searchgo)
FF Homepage: Mozilla\Firefox\Profiles\swfg2ivt.default -> hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=023702E202F1DE43DDA950E6B8C0D8F6&utm_d=20160521
FF Extension: (No Name) - C:\Users\Админ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\data [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\Админ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\defaults [2017-05-24] [not signed]
FF Extension: (supermegabest) - C:\Users\Админ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2016-03-23] [Lagacy]
FF Extension: (No Name) - C:\Users\Админ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\lib [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\Админ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\resources [2017-02-08] [not signed]
FF Extension: (Bing Search) - C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\Extensions\[email protected] [2016-05-11] [Lagacy]
FF Extension: (Советник Яндекс.Маркета) - C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\Extensions\[email protected] [2017-07-09] [Lagacy]
FF Extension: (Visual Bookmarks) - C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\Extensions\[email protected] [2017-07-09] [Lagacy]
FF Extension: (The Safe Surfing) - C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\Extensions\{3B4DE07A-DE43-4DBC-873F-05835FF67DCE} [2017-07-09] [Lagacy] [not signed]
FF Extension: (No Name) - C:\Users\РђРґРјРёРЅ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Users\РђРґРјРёРЅ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\extensions\[email protected] [not found]
FF SearchPlugin: C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\searchplugins\bing-.xml [2016-05-11]
FF SearchPlugin: C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\searchplugins\GoSearch.xml [2016-10-23]
FF SearchPlugin: C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\searchplugins\mailru.xml [2016-05-10]
FF SearchPlugin: C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\swfg2ivt.default\searchplugins\palikan.xml [2017-02-13]
FF ProfilePath: C:\Users\Админ\AppData\Roaming\Profiles\qul7krza.default [2017-11-19] <==== ATTENTION
FF Homepage: Profiles\qul7krza.default -> hxxps://www.google.com.ua/webhp?hl=ru&sa=X&ved=0ahUKEwiL4caBpqLOAhVCVSwKHb8qDBgQPAgD
FF NewTab: Profiles\qul7krza.default -> about:newtab
FF Keyword.URL: Profiles\qul7krza.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B5EA51301-2911-4357-A21F-5DDF44FFDBAB%7D&gp=822328
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Админ\AppData\Roaming\Profiles\qul7krza.default\Extensions\ed56-4db9-90ff-83e6 [2017-05-10] [Lagacy]
FF Extension: (Ukrainian (UA) Language Pack) - C:\Users\Админ\AppData\Roaming\Profiles\qul7krza.default\Extensions\[email protected] [2017-03-18] [Lagacy]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Админ\AppData\Roaming\Profiles\qul7krza.default\Extensions\[email protected] [2017-10-11] [Lagacy]
FF Extension: (Ukrainian dictionary) - C:\Users\Админ\AppData\Roaming\Profiles\qul7krza.default\Extensions\[email protected] [2017-06-01] [Lagacy]
FF Extension: (The Safe Surfing) - C:\Users\Админ\AppData\Roaming\Profiles\qul7krza.default\Extensions\{3B4DE07A-DE43-4DBC-873F-05835FF67DCE} [2017-07-09] [Lagacy] [not signed]
FF SearchPlugin: C:\Users\Админ\AppData\Roaming\Profiles\qul7krza.default\searchplugins\mailru.xml [2017-05-22]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird => not found
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-342473991-3717163355-3590753587-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR StartupUrls: ChromeDefaultData -> "hxxp://mail.ru/cnt/10445?gp=822358","hxxp://chatozov.ru/?utm_content=706daf58c4c295e14015a61bf477685c&utm_source=startpm&utm_term=023702E202F1DE43DDA950E6B8C0D8F6&utm_d=20160521"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BC21FAF8A-2134-4427-99CD-367E0EED3D97%7D&gp=822368
CHR DefaultSearchKeyword: ChromeDefaultData -> mail.ru
CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\Админ\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-10-27] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [aonedlchkbicmhepimiahfalheedjgbh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bhjcgomkanpkpblokebecknhahgkcmoo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ehfanjejklfmnldbbclpocdbceaeemkn] - C:\Program Files\Download Master\dm_chrome.crx [2016-05-03]
CHR HKLM\...\Chrome\Extension: [ehfjihahbphdpljpiadbkmgmhnfehhgi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gbjeiekahklbgbfccohipinhgaadijad] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ilhapdfjlmhfdgdbefpinebijmhjijpn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [necfmkplpminfjagblfabggomdpaakan] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-342473991-3717163355-3590753587-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-342473991-3717163355-3590753587-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gojnmemgacliifihcagijaadgpeioooa] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-342473991-3717163355-3590753587-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phkdcinmmljblpnkohlipaiodlonpinf] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (SearchWay) - C:\Users\Админ\AppData\Roaming\Opera Software\Opera Stable\Extensions\achhckalphdlhbnohjonneffefbmaddi [2017-03-26]
OPR Extension: (Quick Searcher) - C:\Users\Админ\AppData\Roaming\Opera Software\Opera Stable\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-10]
OPR Extension: (0) - C:\Users\Админ\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-02-16]
OPR Extension: (SuperMegaBest - find best prices) - C:\Users\Админ\AppData\Roaming\Opera Software\Opera Stable\Extensions\cbbpicnbcjaeeenbmilcnaojfgnmlhhb [2017-06-12]
OPR Extension: (Tampermonkey) - C:\Users\Админ\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-03-26]
OPR Extension: (The Safe Surfing) - C:\Users\Админ\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcknbenjnkkjknphmnidanjifbgphjke [2017-07-09]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S1 MpKslbc091b44; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41D8BBE7-3E36-4B05-934D-D463F9367F1C}\MpKslbc091b44.sys [49504 2017-11-19] () [File not signed]
S3 TSSK; C:\WINDOWS\System32\tssk.sys [83576 2016-05-18] (电脑管家)
S3 utizntg3; C:\WINDOWS\system32\Drivers\utizntg3.sys [0 2017-11-19] () <==== ATTENTION (zero byte File/Folder)
U3 aspnet_state; no ImagePath
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Temp\gkernel.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
2016-05-18 01:45 - 2016-05-18 01:45 - 000293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
2016-05-18 01:45 - 2016-05-18 01:45 - 000293320 _____ (深圳市迅雷网络技术有限公司) C:\Users\Все пользователи\xldl.dll
C:\Users\Админ\AppData\Roaming\RedditSearch\python\pythonw.exe
C:\Windows\Tasks\{66B7E4FC-C723-4724-0723-79EEC9FA534E}.job
C:\WINDOWS\system32\drivers\utizntg3.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
Note-UP (HKLM\...\NUIns) (Version: - QUAHOG LIMITED) <==== ATTENTION
qksee (HKLM\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-342473991-3717163355-3590753587-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {000AC963-76BF-43CE-942B-AA4755229562} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0A3588E2-D191-443F-9EBF-88A0658C0018} - System32\Tasks\svchost => C:\temp\yeaplayer51495.exe <==== ATTENTION
Task: {1A577A07-A164-48FD-B18A-650B7A7BD8B3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1AA8C420-9A1F-4984-AC79-5F6CB0FB256E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1C5F124C-9818-4CEB-B1D8-62EB1AA5D330} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {203D93DE-1030-41D2-9ACF-FA6E5711B2FE} - System32\Tasks\psv_Istam => cmd.exe /c regedit.exe /s "C:\ProgramData\Airtostrong\Contouch.reg" & del "C:\ProgramData\Airtostrong\Contouch.reg" & SCHTASKS /Delete /TN "psv_Istam" /F <==== ATTENTION
Task: {27463BA6-A9D5-4836-AD83-77D22E440594} - System32\Tasks\psv_StrongTondom => cmd.exe /c regedit.exe /s "C:\ProgramData\Airtostrong\InchOzedax.reg" & del "C:\ProgramData\Airtostrong\InchOzedax.reg" & SCHTASKS /Delete /TN "psv_StrongTondom" /F <==== ATTENTION
Task: {2F3EC7E2-2B21-4335-A23E-1E63CEA14CC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {377D68E0-FB93-41C4-B1CA-1E53340A71A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {393102FE-0DAD-449D-9C61-834310AEF7D2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3CC4577E-BA6F-48AE-A687-967FDBFB6A57} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe
Task: {3F6EB384-0A23-4760-A21B-251FB2F2B653} - System32\Tasks\psv_S-Quostrong => cmd.exe /c regedit.exe /s "C:\ProgramData\Airtostrong\Suning.reg" & del "C:\ProgramData\Airtostrong\Suning.reg" & SCHTASKS /Delete /TN "psv_S-Quostrong" /F <==== ATTENTION
Task: {4AB5604F-E4E6-43E3-BF3E-6C15DCDD15C9} - System32\Tasks\psv_Med-Com => cmd.exe /c regedit.exe /s "C:\ProgramData\xifs\Tanla.reg" & del "C:\ProgramData\xifs\Tanla.reg" & SCHTASKS /Delete /TN "psv_Med-Com" /F <==== ATTENTION
Task: {4AC48674-CAEE-4B61-ABA6-7227C460ABB3} - System32\Tasks\psv_Bluefix => cmd.exe /c regedit.exe /s "C:\ProgramData\Airtostrong\Trustla.reg" & del "C:\ProgramData\Airtostrong\Trustla.reg" & SCHTASKS /Delete /TN "psv_Bluefix" /F <==== ATTENTION
Task: {5DD897A1-D6D4-4B72-B71B-E273A6EFB59D} - System32\Tasks\psv_Jobfresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\BlackLam.reg" & del "C:\ProgramData\Ronzap\BlackLam.reg" & SCHTASKS /Delete /TN "psv_Jobfresh" /F <==== ATTENTION
Task: {641E8EFF-79D6-4EE0-87A6-5B4234361C74} - System32\Tasks\RedditSearch => C:\Users\Админ\AppData\Roaming\RedditSearch\python\pythonw.exe [2017-07-08] (Python Software Foundation) <==== ATTENTION
Task: {6D26C0E6-2C14-4B7B-AB78-4D646D0C4307} - System32\Tasks\psv_Zen-Strong => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Mathis.reg" & del "C:\ProgramData\Ronzap\Mathis.reg" & SCHTASKS /Delete /TN "psv_Zen-Strong" /F <==== ATTENTION
Task: {6E6CAC6D-61BF-4E76-835B-17DA87D214CA} - System32\Tasks\psv_Ozeris => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Solsolfan.reg" & del "C:\ProgramData\Ronzap\Solsolfan.reg" & SCHTASKS /Delete /TN "psv_Ozeris" /F <==== ATTENTION
Task: {74424AA6-F421-4B30-9F02-E25372D6E7AF} - System32\Tasks\ComDev => C:\Users\Админ\AppData\Local\ComDev\ComDev.exe <==== ATTENTION
Task: {75DD818C-EBC5-4C65-9999-D7A38EC93E4C} - System32\Tasks\{66B7E4FC-C723-4724-0723-79EEC9FA534E} => C:\Users\7272~1\AppData\Roaming\{251A1~1\HELPER~1.EXE <==== ATTENTION
Task: {7DC9A1E1-0888-4852-A0FE-2FC41788BCB9} - System32\Tasks\RedditSearch2 => C:\Users\Админ\AppData\Roaming\RedditSearch\python\pythonw.exe [2017-07-08] (Python Software Foundation) <==== ATTENTION
Task: {8058B0D1-1B8B-43C9-A708-23F865A30E2D} - System32\Tasks\SearchGo Task => C:\Users\Админ\AppData\Local\SearchGo\searchgo.exe <==== ATTENTION
Task: {856DA717-E4B7-4C7B-8B70-1FF84B5C212F} - System32\Tasks\Microsoft\Windows\Apps\UpService => C:\ProgramData\InstallChecker\InstallChecker.exe <==== ATTENTION
Task: {8B902286-4E10-493D-AB33-BF29062A9464} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93C821FA-B619-4DDE-BD09-3238CAB45BF0} - System32\Tasks\psv_Transnix => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Tresbam.reg" & del "C:\ProgramData\Ronzap\Tresbam.reg" & SCHTASKS /Delete /TN "psv_Transnix" /F <==== ATTENTION
Task: {96A241C4-B00E-4C9D-9704-E8708D54EC49} - System32\Tasks\psv_ToughHotex => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Saostateco.reg" & del "C:\ProgramData\Ronzap\Saostateco.reg" & SCHTASKS /Delete /TN "psv_ToughHotex" /F <==== ATTENTION
Task: {9C0B21F9-478A-4B1C-A81F-AFB6AD09EE17} - System32\Tasks\psv_Doncom => cmd.exe /c regedit.exe /s "C:\ProgramData\Airtostrong\Dalt-Fresh.reg" & del "C:\ProgramData\Airtostrong\Dalt-Fresh.reg" & SCHTASKS /Delete /TN "psv_Doncom" /F <==== ATTENTION
Task: {9E872C07-548D-481D-A998-1F2F703FA898} - System32\Tasks\dowbeoadua => C:\Windows\system32\config\systemprofile\AppData\Local\Stimtandax [Argument = /t 2965 3040] <==== ATTENTION
Task: {A1AC0BD3-9A6A-45F1-BB3F-19EF02E20CC3} - System32\Tasks\internet-lifeorggoletssm => "C:\Program Files\Mozilla Firefox\firefox.exe" internet-life.org/goletssm
Task: {A8CF7C3D-A2D6-4883-959F-0BA58278620A} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe
Task: {AA56C458-AF7C-40B8-8799-CA4DDA4E6E9C} - System32\Tasks\Realtek HD Audio => C:\Users\Админ\AppData\Local\Mozilla\Realtek HD\rthdcpl.exe [2016-06-22] (Realtek) <==== ATTENTION
Task: {AAC85599-2407-484F-9EB3-B1A4E9A91376} - System32\Tasks\GuntonyCheckTask => C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe
Task: {ACC1869E-AE90-447C-9DE7-E8416B1960FF} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Админ\AppData\Roaming\FreeVPN\FreeVPN.exe <==== ATTENTION
Task: {B288744E-DE80-4260-B744-B84F5BAEF9C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B55E1A09-4188-452F-BF4F-93E26D52F061} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B628B3AC-6AF6-4D8A-943E-A59A7078BB85} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C38B4533-B840-417A-BD31-C4EE80FB3E0C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CC5CF86D-B30F-4421-BB6E-A6F06F1241BA} - System32\Tasks\psv_Zumlam => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Dongantone.reg" & del "C:\ProgramData\Ronzap\Dongantone.reg" & SCHTASKS /Delete /TN "psv_Zumlam" /F <==== ATTENTION
Task: {CFE89979-094F-49C0-A120-6A7519DA7FCD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D1671CE3-53BE-431C-9487-BA1524330826} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E2EC5B8E-DC6A-4C02-A42C-9D09D558161A} - System32\Tasks\psv_Pluscore => cmd.exe /c regedit.exe /s "C:\ProgramData\Airtostrong\Overlight.reg" & del "C:\ProgramData\Airtostrong\Overlight.reg" & SCHTASKS /Delete /TN "psv_Pluscore" /F <==== ATTENTION
Task: {E448CB32-2710-4214-8ABA-04109B0BAA36} - System32\Tasks\fupdate => C:\Users\Админ\AppData\Local\fupdate\fupdate.exe <==== ATTENTION
Task: {E7514911-2925-479A-A4AC-0DCFCFB82170} - System32\Tasks\psv_Coffix => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\DripFan.reg" & del "C:\ProgramData\Ronzap\DripFan.reg" & SCHTASKS /Delete /TN "psv_Coffix" /F <==== ATTENTION
Task: {EBEC51E9-2687-4EA8-8A53-EF985B97FC64} - \svshost -> No File <==== ATTENTION
Task: {EDE30143-0265-4AD2-A029-2C2EB5BC8FC9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F37E4D0B-AF76-40EE-A591-6D483DF3DCFC} - \Shakoph Nodifier -> No File <==== ATTENTION
Task: {F4BB0B62-64CB-48C6-8C37-81212D081980} - \Browser Updater Task(Core) -> No File <==== ATTENTION
Task: {F666B30B-1F42-4263-A173-2E22B6C40DA8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{66B7E4FC-C723-4724-0723-79EEC9FA534E}.job => C:\Users\7272~1\AppData\Roaming\{251A1~1\HELPER~1.EXE <==== ATTENTION
EmptyTemp:
[/code][*]Запустите FRST и нажмите один раз на кнопку [b]Fix[/b] и подождите. Программа создаст лог-файл ([b]Fixlog.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении![*]Обратите внимание, что компьютер будет [b]перезагружен[/b].[/list]

[ATTACH=CONFIG]667280[/ATTACH] [ATTACH=CONFIG]667281[/ATTACH]
Ещё у меня пропали закладки в Fire Fox'е, можно их как-то вернуть?

Уточните, проблема осталась?
Вкладки с рекламой по прежнему открываются?