Деинсталлируйте следующее ПО:
AkelPadApp4 (HKU\S-1-5-21-414749390-1440782396-1838001701-500\...\AkelPadApp4) (Version: - )
bloknot (HKU\S-1-5-21-414749390-1440782396-1838001701-500\...\bloknot) (Version: 660 - )
Html5 geolocation provider (HKLM-x32\...\{0DADC228-827E-40E2-AE6D-B9D62DA7CC32}) (Version: 3.6.3.901 - AlterGeo)
SnapDo (HKLM-x32\...\{A8F0F925-2C32-458A-942B-6D9FA632D300}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Update for Html5 geolocation provider (HKLM-x32\...\{65C64E3D-539F-4B81-993B-364C6169F8F5}) (Version: 3.5.8.884 - AlterGeo)
Update for Html5 geolocation provider (HKLM-x32\...\{71D05F96-6AF4-4961-9E9C-AE4B8C9793E9}) (Version: 3.7.2.909 - AlterGeo)
Создайте текстовый файл
fixlist.txt в папке с Farbar Recovery Scan Tool.
Cкопируйте в него текст из окна "winbatch" ниже и сохраните.
| Windows Batch file |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
| start
CreateRestorePoint:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-414749390-1440782396-1838001701-500\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-414749390-1440782396-1838001701-500 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-414749390-1440782396-1838001701-500 -> {66CA6D5D-7A0A-460D-B1EC-88BB35704618} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=D1445089F13D221FF2D1A1213CF7CE2A&utm_d=20160523
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2017-04-03]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2017-04-02]
FF Plugin HKU\.DEFAULT: @altergeo.ru/Html5loc -> C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\npHtml5loc.dll [No File]
FF Plugin HKU\S-1-5-21-414749390-1440782396-1838001701-500: @mail.ru/GameCenter -> C:\Users\Администратор\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [No File]
CHR HomePage: Profile 1 -> go.mail.ru
CHR StartupUrls: Profile 1 -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=D1445089F13D221FF2D1A1213CF7CE2A&utm_d=20160523"
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icanjjkadceebmhanpekkofdhclnoijl] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (0) - C:\Users\Администратор\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-06-08]
OPR Extension: (0) - C:\Users\Администратор\AppData\Roaming\Opera Software\Opera Stable\Extensions\gmajgdopdpbkhimjdoofehjejbpgofmf [2016-08-11]
2017-09-29 22:41 - 2016-05-24 13:48 - 000000258 __RSH C:\Users\Администратор\ntuser.pol
2017-09-29 22:12 - 2017-06-24 14:56 - 000000258 __RSH C:\Users\Все пользователи\ntuser.pol
2017-09-29 22:12 - 2017-06-24 14:56 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-09-10 14:59 - 2016-02-21 15:33 - 000000448 __RSH C:\Users\Igor\ntuser.pol
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\360
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\bittorrent
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\ByteFence
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\comoboss
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\contentprotector
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\dlsecuretb
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\DriverPack Notifier
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\filter
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\Hostify
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\IObit
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\Max Driver Updater
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\Muftion
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\PCfix
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\Preghpluaph
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\qksee
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\spart
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\sunnyday
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\SunnyDay21
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\WinZipper
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\Program Files (x86)\zaxar
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\ProgramData\Cloudprinter
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\ProgramData\emailnotifier
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\ProgramData\IObit
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\ProgramData\Ronzap
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\ProgramData\Statdex
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\ProgramData\xifs
2016-05-23 16:19 - 2016-05-23 16:19 - 000000000 __RSH () C:\ProgramData\xwinpx
2017-05-30 20:43 - 2017-05-30 20:43 - 000611601 _____ ( ) C:\Users\Igor\AppData\Local\Temp\6d672538-2c9f-4732-94bf-d6dcc937511e.exe
2017-05-13 17:29 - 2017-05-13 17:29 - 000592045 _____ ( ) C:\Users\Igor\AppData\Local\Temp\b534b257-43ee-4559-bbc5-da88700fb58e.exe
2017-06-16 21:57 - 2017-06-16 21:42 - 000880720 _____ () C:\Users\Администратор\AppData\Local\Temp\433A.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\73D3.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\73E2.tmp.exe
2017-06-14 07:31 - 2017-06-14 07:30 - 000783336 _____ (MPEG STD Created) C:\Users\Администратор\AppData\Local\Temp\7D59.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\7DAE.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\7FC3.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\7FD1.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\7FF0.tmp.exe
2017-06-25 11:37 - 2017-06-25 10:15 - 000889856 _____ () C:\Users\Администратор\AppData\Local\Temp\83AF.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\860A.tmp.exe
2017-06-25 21:07 - 2017-06-25 14:17 - 000893952 _____ () C:\Users\Администратор\AppData\Local\Temp\A50C.tmp.exe
2017-06-09 00:21 - 2017-06-09 00:22 - 000022167 _____ () C:\Users\Администратор\AppData\Local\Temp\c0.exe
2017-06-09 00:22 - 2017-06-09 00:23 - 000024969 _____ () C:\Users\Администратор\AppData\Local\Temp\c1.exe
2017-08-17 13:49 - 2017-08-17 13:09 - 000775144 _____ () C:\Users\Администратор\AppData\Local\Temp\C4D8.tmp.exe
2017-06-14 07:30 - 2017-06-14 07:30 - 000783336 _____ (MPEG STD Created) C:\Users\Администратор\AppData\Local\Temp\C87C.tmp.exe
2017-06-08 23:16 - 2017-06-08 23:16 - 005539629 _____ () C:\Users\Администратор\AppData\Local\Temp\DpjP5iM42q8C.exe
2017-08-17 13:36 - 2017-08-17 13:09 - 000775144 _____ () C:\Users\Администратор\AppData\Local\Temp\E67B.tmp.exe
2017-06-08 23:14 - 2017-06-08 23:14 - 000415232 _____ (Searchgo) C:\Users\Администратор\AppData\Local\Temp\g5GwSKvaJIFX.exe
2017-05-14 16:56 - 2017-05-14 16:56 - 000024064 _____ () C:\Users\Администратор\AppData\Local\Temp\installer_x64.exe
2017-05-14 16:56 - 2017-05-14 16:56 - 000019968 _____ () C:\Users\Администратор\AppData\Local\Temp\installer_x86.exe
2017-06-20 17:27 - 2017-06-20 17:27 - 035366216 _____ (Performix LLC) C:\Users\Администратор\AppData\Local\Temp\setup.exe
2017-05-29 16:24 - 2009-11-09 22:00 - 000607800 ____R (HP) C:\Users\Администратор\AppData\Local\Temp\siinst.exe
Task: {004E022C-D79D-4DE2-8264-F64B1B1A7564} - \callculator -> No File <==== ATTENTION
Task: {06D7C5E9-FC35-46FE-983B-4F2961179F41} - \Microsoft\F4F774FC379015F0A2B9EDC387CF2F5A -> No File <==== ATTENTION
Task: {0C12308E-60AA-454E-94DC-2A203F8D0404} - \Microsoft\Windows\F4F774FC379015F0A2B9EDC387CF2F5ASB -> No File <==== ATTENTION
Task: {0CE8586F-8154-49F6-A29A-17FE83246760} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {13552A41-4FBE-4CE4-808D-B077955B64A3} - \One Drive Update -> No File <==== ATTENTION
Task: {1550BF37-C6B3-439C-A1C9-6ABF5766E061} - \Microsoft\Windows\F4F774FC379015F0A2B9EDC387CF2F5A -> No File <==== ATTENTION
Task: {1A5F9307-B7BB-49D0-82BF-D1FE69658CC4} - \{699988C6-9B52-42B2-B990-20514AC92FD9} -> No File <==== ATTENTION
Task: {1CE39FFC-9BDA-4652-B952-AEC0905B74E9} - \bloknot -> No File <==== ATTENTION
Task: {1EAC82D5-CB33-449A-A58A-81D4E1D8F6A9} - \{CD6EA404-AD22-40B2-AB38-271B56CACB31} -> No File <==== ATTENTION
Task: {1EC983B5-5901-43FC-A873-EB12AAD3534B} - \setupsk -> No File <==== ATTENTION
Task: {22B1F911-754F-40D7-A32B-B7A2F322FAE7} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {2B8E3F53-CA45-4F04-B80B-62D76C1B462E} - \{F1257BC8-8276-42F1-B78E-820BAE6C700A} -> No File <==== ATTENTION
Task: {351A15DC-2F93-465C-BA3F-0C976B062E47} - \{F501446A-8BCF-4EDD-8644-4AB342322A31} -> No File <==== ATTENTION
Task: {386ECD10-D3E9-4CB3-8A2B-B267EEE75BB6} - \{686A905D-34C5-4ED0-B83B-56ED530901B8} -> No File <==== ATTENTION
Task: {42710B65-FC17-46F9-AC8A-44C854374ECB} - \{769E818B-1FAE-4AD4-8D67-B0D62C777B90} -> No File <==== ATTENTION
Task: {46C6E7F0-33C6-4701-9732-1FBAC3440D40} - \{3B15DAD6-E0B3-4C6A-93ED-07AF15C2D73B} -> No File <==== ATTENTION
Task: {4D58FE85-E34F-40B2-BAB0-74B1B58C14EC} - \Microsoft\Windows\extsetupSB -> No File <==== ATTENTION
Task: {4D5F467E-8BD8-49E2-9E1D-065F2DA3E0FC} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {5471A771-B114-40C0-8083-645F3FBE686F} - \{81D79EA3-582A-46C5-B75E-7A4F06C7C945} -> No File <==== ATTENTION
Task: {58808C77-692F-4E5D-8622-CE06623121E5} - \{AA0C1F6E-DDA6-4ED3-8075-3E9D63EF6308} -> No File <==== ATTENTION
Task: {6A9AC2D0-AEB9-4251-AF1C-8D3F220CFFA1} - \{B0A2542C-0978-4D23-9FE5-946DDB868738} -> No File <==== ATTENTION
Task: {6A9AC2D0-AEB9-4251-AF1C-8D3F220CFFA1} - \{B0A2542C-0978-4D23-9FE5-946DDB868738} -> No File <==== ATTENTION
Task: {75B9D22A-DED3-4456-8EA3-D03BCE725A4C} - \{1E69870D-0A09-41EC-A767-409CC81384DE} -> No File <==== ATTENTION
Task: {77417936-FBB4-4D3D-9336-06B319D38303} - \GMon Updater -> No File <==== ATTENTION
Task: {7D8E2EEB-E966-44D6-A98F-3A7C0F4C0ED0} - \Microsoft\Windows\A3F5B894C-549A-4E1E-BC64-E04181445338 -> No File <==== ATTENTION
Task: {80293965-1EE3-4458-811C-CF8B947047F7} - System32\Tasks\AlterGeoUpdater-S-1-5-18 => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
Task: {8BFDF2AB-16B8-4DC2-BD80-58467A5A9DE0} - \Launch HTC Sync Loader -> No File <==== ATTENTION
Task: {8C9F8EC5-A53F-4940-8EE3-ADCB404988C2} - \{E2115DCA-D8FC-4358-9A2E-446FCA0E70D1} -> No File <==== ATTENTION
Task: {982E2A72-1D8E-4838-AD04-A0606CF4A949} - \GameXPService Autoupdate -> No File <==== ATTENTION
Task: {98A1B825-2FFF-4EBA-876E-4933656917D2} - \{39CE2C24-5654-499F-AC06-90CA8AC04670} -> No File <==== ATTENTION
Task: {A04E131F-9F62-4901-AE57-29959A123D93} - \{8414A763-071E-4135-8F5C-FDDE067D46F3} -> No File <==== ATTENTION
Task: {A31D11FE-B576-448E-929E-FCA2D01C6511} - \{856CD578-8555-4428-AA44-B852BF7561B6} -> No File <==== ATTENTION
Task: {B056FC7F-0328-4C1A-B9FD-15058EE344C5} - \{4B8B1AC7-6F02-446F-B041-CA054CC5D28B} -> No File <==== ATTENTION
Task: {B2BB27EC-4DF2-4F03-B5D4-F202A74EA9FA} - \Microsoft\Windows\AADE66439-881A-43BD-B568-6D670C38D357 -> No File <==== ATTENTION
Task: {BCF41F0B-2CAB-4B3D-BFDE-856095FA4D22} - \{9BE8E50A-28AA-47FD-BA03-888AD8A240AC} -> No File <==== ATTENTION
Task: {BF137A8A-B473-4DB9-BEB5-93D0D9B7B5A1} - \PowerMonitor -> No File <==== ATTENTION
Task: {C5A3868C-ADD7-4AE5-B706-7DF68CA4A5A6} - \MSI -> No File <==== ATTENTION
Task: {CE247AF3-6D65-48A1-873C-D06B509EAF4A} - System32\Tasks\AlterGeoUpdaterS-1-5-18 => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
Task: {D4CF442C-6BE1-4B42-92FB-6F1F350B006A} - \{5961307D-DB6C-4729-A6DD-1CDB8C93C7F1} -> No File <==== ATTENTION
Task: {D4CF442C-6BE1-4B42-92FB-6F1F350B006A} - \{5961307D-DB6C-4729-A6DD-1CDB8C93C7F1} -> No File <==== ATTENTION
Task: {E278C566-FE13-46D0-8E54-DDB50FB36FAC} - \{5A3ED536-AA34-4640-B463-3E3151F85D3C} -> No File <==== ATTENTION
Task: {F573E53E-374E-40D0-A5CD-8EB8A4F02854} - \{86FE3BD1-1D9A-4B8E-BA45-6AF23F801FDA} -> No File <==== ATTENTION
Task: {FA0F4C05-D91A-49CB-A719-38E2B34125B5} - \Microsoft\extsetupSB -> No File <==== ATTENTION
Task: {FE764515-B463-47AB-83D1-6D65EFEC9DBA} - \Microsoft\F4F774FC379015F0A2B9EDC387CF2F5ASB -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AlterGeoUpdater-S-1-5-18.job => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
Task: C:\Windows\Tasks\AlterGeoUpdaterS-1-5-18.job => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
MSCONFIG\startupreg: amigo =>
MSCONFIG\startupreg: ba4c12bee3027d94da5c81db2d196bfd =>
MSCONFIG\startupreg: Kinoroom Browser =>
MSCONFIG\startupreg: njwzaoomgx => explorer "http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=D1445089F13D221FF2D1A1213CF7CE2A&utm_d=20160523"
MSCONFIG\startupreg: PBot =>
MSCONFIG\startupreg: setupsk_upd =>
MSCONFIG\startupreg: uldtzmxlzq => explorer "http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=D1445089F13D221FF2D1A1213CF7CE2A&utm_d=20160523"
CMD: ipconfig /flushdns
CMD: IPCONFIG /release
CMD: IPCONFIG /renew
CMD: gpupdate /force
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end |
|
Отключите до перезагрузки антивирус, запустите FRST, нажмите
Fix и подождите. Программа создаст лог-файл (
Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически
Вернуться к обсуждению:
Самовостанавливающийся svchost.exe.exe (именно с двумя .exe) Удаление вирусов
