Размещено 28.11.2018 23:34:08
1) Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
...
Запустите FRST и нажмите один раз на кнопку Fix и подождите.
[code]
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {0308F563-D775-4C9A-A878-05653EEB70C9} - \LumProcess -> No File <==== ATTENTION
Task: {0D520A8B-A09E-4A01-9BD5-2232B2B3F5BC} - \yKyUMvXjQExFHsQQnbg2 -> No File <==== ATTENTION
Task: {0DEC5D63-A416-45F6-AD10-4AE368AFA860} - \ScreenDialer -> No File <==== ATTENTION
Task: {3951F10E-0884-4829-A5C2-9F8755486850} - \OmktUjuhqDemKMtib2 -> No File <==== ATTENTION
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {444B5C25-C883-447B-873E-DF12B0E574BA} - \Uninstaller_SkipUac_User -> No File <==== ATTENTION
Task: {6A54D186-B819-4E2A-AC3F-667F7389F5D1} - \bmrDBQHKKCsZlLP2 -> No File <==== ATTENTION
Task: {6B09AE88-BEE7-4FA3-AB81-F958D99ADA64} - \AnkGfRXTUSRxIakaj2 -> No File <==== ATTENTION
Task: {BB47FB50-4138-4FC1-A496-8E37C54EF95B} - \znRYefSZqiLtxV -> No File <==== ATTENTION
Task: {C0D3DF9C-6F68-49C5-9C19-B62E8473040D} - \PHhzFCxQsWRcpjaUPpg2 -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Shortcut: C:\Users\User\Pictures\בטמכמד\Screenshot_2018-05-04-19-20-46 - ‗נכך.lnk -> [LF PO :i+00j.D 1lR0@8H:0\\?\usb#vid_04e8&pid_6860#32048f31e51171db#{6ac27878-a6fa-4155-ba85-f98f491d4f33}G{?!&C&F+sm/ 0@8H:0-?OHkF6CM+\CtY^Hg3(<mx5uIv 1 `)TabletSID-{10001,SECZ9519043CHOHB,12416868352}5@0@E8G5A:0O AB@C:BC@0{EF2107D5-A52A-4243-A26B-62D4176D7603}{4AD2C85E-5E2D-45E5-8864-4F229E3C6CF0}{1A33F7E4-AF13-48F5-994E-77369DFE04A3}{AA18737E-5009-48FA-AE21-85F24383B4E6}{9261B03C-3D78-4519-85E3-02C5E1F50BB9}{28D8D31E-249C-454E-AABC-34883168E634}{27E2E392-A111-48E0-AB0C-E17705A05F85}G{?!ztNL!,ztNL!, 05@0@E8G5A:0O AB@C:BC@0ztNL!,ztNL!,`ztNL!,PtztNL!,ztNL!, TabletIk\zC?`J< RSID-{10001,SECZ9519043CHOHB,12416868352}Ik\zC?`J< TabletztNL!, "SECZ9519043CHOHBIk\zC?`J<H0lH{F_Ik\zC?`J<Ik\zC?`J<H`DLzo!-?OH[#*L[\Ik\zC?`J< s10001 ?'?''Hw_,'PicturesPictures{01790137-0176-0186-2E01-2B013E013E01}G{?!Ik\zC?`J< o1E8486Ik\zC?`J<9@Ik\zC?`J<9@Ik\zC?`J<Ik\zC?`J<H0lH{F_Ik\zC?`J<H'Hw_Ik\zC?`J< PicturesIk\zC?`J< s10001Ik\zC?`J< N{01790137-0176-0186-2E01-2B013E013E01}XPTMOxE?IIk\zC?`J<Ik\zC?`J< PicturesIk\zC?`J< {{'Hw_.'ScreenshotsScreenshots{01DE019C-01E4-01F9-C501-ED0115022302}G{?!Ik\zC?`J< oEIk\zC?`J<6h@Ik\zC?`J<6h@Ik\zC?`J<Ik\zC?`J<H0lH{F_Ik\zC?`J<H'Hw_Ik\zC?`J< ScreenshotsIk\zC?`J< s10001Ik\zC?`J< N{01DE019C-01E4-01F9-C501-ED0115022302}XPTMOxE?IIk\zC?`J<Ik\zC?`J< ScreenshotsIk\zC?`J< "y+rn2rn2!*CBkbmv##'Screenshot_2018-05-04-19-20-46.pngScreenshot_2018-05-04-19-20-46.png{036B0309-0389-0327-B902-EA0217032D03}G{?!Ik\zC?`J< o1E84A7Ik\zC?`J<@.Bל9j Unknown.Bל9jIk\zC?`J<@.Bל9j@Ik\zC?`J<Ik\zC?`J<H8lH{F_Ik\zC?`J<H!*CBkbmvIk\zC?`J< FScreenshot_2018-05-04-19-20-46.pngIk\zC?`J< s10001Ik\zC?`J< N{036B0309-0389-0327-B902-EA0217032D03}Ik\zC?`J<x@XPTMOxE?IXPTMOxE?IIk\zC?`J<y+Ik\zC?`J<Ik\zC?`J< FScreenshot_2018-05-04-19-20-46.pngIk\zC?`J<DdLp6 2560 X 1600.Bל9j >Screenshot_2018-05-04-19-20-46] <==== Cyrillic
Shortcut: C:\Users\User\Music\מלןעונ - ‗נכך.lnk -> [LF PO :i+00r1SPS0%G`% ><?LNB5@1 !8AB5<=0O ?0?:01SPSjc(=Oe )::{20D04FE0-3AEA-1069-A2D8-08002B30309D}] <==== Cyrillic
MSCONFIG\startupreg: bwstzxzjxt => explorer "http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994
MSCONFIG\startupreg: go => C:\Users\User\AppData\Local\Go!\Application\go.exe --no-startup-window
MSCONFIG\startupreg: lite => C:\Users\User\AppData\Local\Lite\Application\lite.exe --no-startup-window
MSCONFIG\startupreg: RedditSearch => "C:\Users\User\AppData\Roaming\RedditSearch\python\pythonw.exe" "C:\Users\User\AppData\Roaming\RedditSearch\ml.py" --APPNAME="RedditSearch"
MSCONFIG\startupreg: SGDTray => C:\Program Files (x86)\UTILILAB\SearchGUARDIAN\sgdtray.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: yaoffer50160 => C:\Users\User\AppData\Local\yaoffer50160\yaoffer50160.exe --start --client:50160
FirewallRules: [{C3D22DBB-3275-4BEC-84BE-8F6C8F957708}] => (Allow) ????????????????????e
FirewallRules: [{85E7474D-5F9B-431E-A670-534833C6E5E8}] => (Allow) ??????????????????????
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-193623188-888336840-424749740-1000\...\Run: [Gaijin.Net Agent] => C:\Users\User\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-10-28] (Gaijin Entertainment)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\data [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\defaults [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\lib [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\resources [2017-09-24] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
OPR StartupUrls: "hxxp:\/\/granena.ru\/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=star
R2 QMEmulatorService; F:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [342776 2018-06-21] (Tencent)
R2 aow_drv; F:\Program Files\TxGameAssistant\UI\aow_drv_x64.sys [854064 2018-09-20] (Tencent)
2018-11-28 22:40 - 2018-11-28 22:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Tencent
2018-11-28 22:39 - 2018-11-28 22:39 - 000000000 ____D C:\Users\Все пользователи\Tencent
2018-11-28 22:39 - 2018-11-28 22:39 - 000000000 ____D C:\ProgramData\Tencent
EmptyTemp:
Reboot:
[/code]
Программа FRST создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
2) Обновите древний Adobe Flash Player ( если не используете его - то удалите )
Скачайте [URL=http://www.comss.ru/page.php?id=586]Здесь[/URL]
Иначе зверьё так и будет лезть.
3) Выполните проверку системы - ESET онлайн сканером.
https://www.esetnod32.ru/download/utilities/online_scanner/
4) Удалите хвосты NOD32 по инструкции:
http://www.esetnod32.ru/support/knowledge_base/solution/?ELEMENT_ID=852896&sphrase_id=25964
Проверяем, как работает система...
и
Пишем по _общему результату лечения.
5) Пробуйте установить антивирус
Если, что: https://www.esetnod32.ru/support/knowledge_base/solution/?ELEMENT_ID=852908
...
Запустите FRST и нажмите один раз на кнопку Fix и подождите.
[code]
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {0308F563-D775-4C9A-A878-05653EEB70C9} - \LumProcess -> No File <==== ATTENTION
Task: {0D520A8B-A09E-4A01-9BD5-2232B2B3F5BC} - \yKyUMvXjQExFHsQQnbg2 -> No File <==== ATTENTION
Task: {0DEC5D63-A416-45F6-AD10-4AE368AFA860} - \ScreenDialer -> No File <==== ATTENTION
Task: {3951F10E-0884-4829-A5C2-9F8755486850} - \OmktUjuhqDemKMtib2 -> No File <==== ATTENTION
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {444B5C25-C883-447B-873E-DF12B0E574BA} - \Uninstaller_SkipUac_User -> No File <==== ATTENTION
Task: {6A54D186-B819-4E2A-AC3F-667F7389F5D1} - \bmrDBQHKKCsZlLP2 -> No File <==== ATTENTION
Task: {6B09AE88-BEE7-4FA3-AB81-F958D99ADA64} - \AnkGfRXTUSRxIakaj2 -> No File <==== ATTENTION
Task: {BB47FB50-4138-4FC1-A496-8E37C54EF95B} - \znRYefSZqiLtxV -> No File <==== ATTENTION
Task: {C0D3DF9C-6F68-49C5-9C19-B62E8473040D} - \PHhzFCxQsWRcpjaUPpg2 -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Shortcut: C:\Users\User\Pictures\בטמכמד\Screenshot_2018-05-04-19-20-46 - ‗נכך.lnk -> [LF PO :i+00j.D 1lR0@8H:0\\?\usb#vid_04e8&pid_6860#32048f31e51171db#{6ac27878-a6fa-4155-ba85-f98f491d4f33}G{?!&C&F+sm/ 0@8H:0-?OHkF6CM+\CtY^Hg3(<mx5uIv 1 `)TabletSID-{10001,SECZ9519043CHOHB,12416868352}5@0@E8G5A:0O AB@C:BC@0{EF2107D5-A52A-4243-A26B-62D4176D7603}{4AD2C85E-5E2D-45E5-8864-4F229E3C6CF0}{1A33F7E4-AF13-48F5-994E-77369DFE04A3}{AA18737E-5009-48FA-AE21-85F24383B4E6}{9261B03C-3D78-4519-85E3-02C5E1F50BB9}{28D8D31E-249C-454E-AABC-34883168E634}{27E2E392-A111-48E0-AB0C-E17705A05F85}G{?!ztNL!,ztNL!, 05@0@E8G5A:0O AB@C:BC@0ztNL!,ztNL!,`ztNL!,PtztNL!,ztNL!, TabletIk\zC?`J< RSID-{10001,SECZ9519043CHOHB,12416868352}Ik\zC?`J< TabletztNL!, "SECZ9519043CHOHBIk\zC?`J<H0lH{F_Ik\zC?`J<Ik\zC?`J<H`DLzo!-?OH[#*L[\Ik\zC?`J< s10001 ?'?''Hw_,'PicturesPictures{01790137-0176-0186-2E01-2B013E013E01}G{?!Ik\zC?`J< o1E8486Ik\zC?`J<9@Ik\zC?`J<9@Ik\zC?`J<Ik\zC?`J<H0lH{F_Ik\zC?`J<H'Hw_Ik\zC?`J< PicturesIk\zC?`J< s10001Ik\zC?`J< N{01790137-0176-0186-2E01-2B013E013E01}XPTMOxE?IIk\zC?`J<Ik\zC?`J< PicturesIk\zC?`J< {{'Hw_.'ScreenshotsScreenshots{01DE019C-01E4-01F9-C501-ED0115022302}G{?!Ik\zC?`J< oEIk\zC?`J<6h@Ik\zC?`J<6h@Ik\zC?`J<Ik\zC?`J<H0lH{F_Ik\zC?`J<H'Hw_Ik\zC?`J< ScreenshotsIk\zC?`J< s10001Ik\zC?`J< N{01DE019C-01E4-01F9-C501-ED0115022302}XPTMOxE?IIk\zC?`J<Ik\zC?`J< ScreenshotsIk\zC?`J< "y+rn2rn2!*CBkbmv##'Screenshot_2018-05-04-19-20-46.pngScreenshot_2018-05-04-19-20-46.png{036B0309-0389-0327-B902-EA0217032D03}G{?!Ik\zC?`J< o1E84A7Ik\zC?`J<@.Bל9j Unknown.Bל9jIk\zC?`J<@.Bל9j@Ik\zC?`J<Ik\zC?`J<H8lH{F_Ik\zC?`J<H!*CBkbmvIk\zC?`J< FScreenshot_2018-05-04-19-20-46.pngIk\zC?`J< s10001Ik\zC?`J< N{036B0309-0389-0327-B902-EA0217032D03}Ik\zC?`J<x@XPTMOxE?IXPTMOxE?IIk\zC?`J<y+Ik\zC?`J<Ik\zC?`J< FScreenshot_2018-05-04-19-20-46.pngIk\zC?`J<DdLp6 2560 X 1600.Bל9j >Screenshot_2018-05-04-19-20-46] <==== Cyrillic
Shortcut: C:\Users\User\Music\מלןעונ - ‗נכך.lnk -> [LF PO :i+00r1SPS0%G`% ><?LNB5@1 !8AB5<=0O ?0?:01SPSjc(=Oe )::{20D04FE0-3AEA-1069-A2D8-08002B30309D}] <==== Cyrillic
MSCONFIG\startupreg: bwstzxzjxt => explorer "http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994
MSCONFIG\startupreg: go => C:\Users\User\AppData\Local\Go!\Application\go.exe --no-startup-window
MSCONFIG\startupreg: lite => C:\Users\User\AppData\Local\Lite\Application\lite.exe --no-startup-window
MSCONFIG\startupreg: RedditSearch => "C:\Users\User\AppData\Roaming\RedditSearch\python\pythonw.exe" "C:\Users\User\AppData\Roaming\RedditSearch\ml.py" --APPNAME="RedditSearch"
MSCONFIG\startupreg: SGDTray => C:\Program Files (x86)\UTILILAB\SearchGUARDIAN\sgdtray.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: yaoffer50160 => C:\Users\User\AppData\Local\yaoffer50160\yaoffer50160.exe --start --client:50160
FirewallRules: [{C3D22DBB-3275-4BEC-84BE-8F6C8F957708}] => (Allow) ????????????????????e
FirewallRules: [{85E7474D-5F9B-431E-A670-534833C6E5E8}] => (Allow) ??????????????????????
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-193623188-888336840-424749740-1000\...\Run: [Gaijin.Net Agent] => C:\Users\User\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-10-28] (Gaijin Entertainment)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\data [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\defaults [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\lib [2017-09-24] [not signed]
FF Extension: (No Name) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\resources [2017-09-24] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
OPR StartupUrls: "hxxp:\/\/granena.ru\/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=star
R2 QMEmulatorService; F:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [342776 2018-06-21] (Tencent)
R2 aow_drv; F:\Program Files\TxGameAssistant\UI\aow_drv_x64.sys [854064 2018-09-20] (Tencent)
2018-11-28 22:40 - 2018-11-28 22:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Tencent
2018-11-28 22:39 - 2018-11-28 22:39 - 000000000 ____D C:\Users\Все пользователи\Tencent
2018-11-28 22:39 - 2018-11-28 22:39 - 000000000 ____D C:\ProgramData\Tencent
EmptyTemp:
Reboot:
[/code]
Программа FRST создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
2) Обновите древний Adobe Flash Player ( если не используете его - то удалите )
Скачайте [URL=http://www.comss.ru/page.php?id=586]Здесь[/URL]
Иначе зверьё так и будет лезть.
3) Выполните проверку системы - ESET онлайн сканером.
https://www.esetnod32.ru/download/utilities/online_scanner/
4) Удалите хвосты NOD32 по инструкции:
http://www.esetnod32.ru/support/knowledge_base/solution/?ELEMENT_ID=852896&sphrase_id=25964
Проверяем, как работает система...
и
Пишем по _общему результату лечения.
5) Пробуйте установить антивирус
Если, что: https://www.esetnod32.ru/support/knowledge_base/solution/?ELEMENT_ID=852908
Изменено: RP55 RP55 - 28.11.2018 23:45:31