O22 - ScheduledTask: (Ready) InternetA - {root} - "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://bkrfdf.xyz/ball
В HiJackThis эта строка отсутсвуетПофиксите в HijackThis следующие строчки:
Код:O22 - ScheduledTask: (Ready) InternetA - {root} - "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://bkrfdf.xyz/ball
прошу прощения, служба UCGuardЗависает при удалении службы USGuard
premiumgamepro.com
secret-deneg.ru
vezenie.club
vlk-casino4.com
start
CreateRestorePoint:
Task: {4108DE30-06FD-4FD7-81F3-3B15C30CF92D} - System32\Tasks\InternetA => Iexplore.exe hxxp://bkrfdf.xyz/ball
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
EmptyTemp:
Reboot:
end
Из перечисленных сайтов знаю только vezenie.club это один из сайтов которые выскакивали в браузере (я его закинул в черный список антивируса (см вложение)premiumgamepro.com
secret-deneg.ru
vezenie.club
vlk-casino4.com
ажмите кнопку Scan.
После окончания сканирования будут созданы отчеты FRST.txt, Addition.txt, Shortcut.txt в той же папке, откуда была запущена программа
start
CreateRestorePoint:
2016-11-09 17:55 - 2016-11-10 09:15 - 00197760 _____ () C:\Users\Buhgalter\AppData\Local\Temp\mcse64_00.dll
2016-11-09 17:55 - 2016-11-10 09:15 - 00179840 _____ () C:\Users\Buhgalter\AppData\Local\Temp\mcse32_00.dll
2016-11-10 09:17 - 2016-11-10 09:17 - 00239104 _____ () C:\Users\Buhgalter\AppData\Local\Temp\rn32.dll
2016-11-10 09:17 - 2016-11-10 09:17 - 00555008 _____ () C:\Users\Buhgalter\AppData\Local\Temp\nr_proto_32185758427010.tmp
IE restricted site: HKU\S-1-5-21-2011737770-3410199955-185553667-1000\...\premiumgamepro.com -> hxxp://premiumgamepro.com
IE restricted site: HKU\S-1-5-21-2011737770-3410199955-185553667-1000\...\secret-deneg.ru -> hxxp://secret-deneg.ru
IE restricted site: HKU\S-1-5-21-2011737770-3410199955-185553667-1000\...\vezenie.club -> hxxp://vezenie.club
IE restricted site: HKU\S-1-5-21-2011737770-3410199955-185553667-1000\...\vlk-casino4.com -> hxxp://vlk-casino4.com
ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay0] -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} => C:\Users\Buhgalter\AppData\Local\Temp\mcse64_00.dll [2016-11-10] ()
ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay1] -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} => C:\Users\Buhgalter\AppData\Local\Temp\mcse64_00.dll [2016-11-10] ()
ShellIconOverlayIdentifiers: [ MailRuCloudIconOverlay2] -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} => C:\Users\Buhgalter\AppData\Local\Temp\mcse64_00.dll [2016-11-10] ()
ShellIconOverlayIdentifiers-x32: [ MailRuCloudIconOverlay0] -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} => C:\Users\Buhgalter\AppData\Local\Temp\mcse32_00.dll [2016-11-10] ()
ShellIconOverlayIdentifiers-x32: [ MailRuCloudIconOverlay1] -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} => C:\Users\Buhgalter\AppData\Local\Temp\mcse32_00.dll [2016-11-10] ()
ShellIconOverlayIdentifiers-x32: [ MailRuCloudIconOverlay2] -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} => C:\Users\Buhgalter\AppData\Local\Temp\mcse32_00.dll [2016-11-10] ()
CHR HKLM-x32\...\Chrome\Extension: [ablpcikjmhamjanpibkccdmpoekjigja] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilhapdfjlmhfdgdbefpinebijmhjijpn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfigaoamnncijbgomifamkmkidnnlikl] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx
EmptyTemp:
Reboot:
end
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?