Откройте Блокнот (Старт =>Программы => Стандартные => Блокнот). Скопируйте в него следующий код:
Код:
CMD: wmic /Namespace:\\root\default Path SystemRestore Call Enable "%SystemDrive%"
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-x32: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Toolbar: HKLM - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-1034071241-2165608984-871899243-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\www\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF Plugin-x32: @altergeo.ru/Html5loc -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll [No File]
FF Plugin HKU\.DEFAULT: @altergeo.ru/Html5loc -> C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\npHtml5loc.dll [No File]
C:\Users\www\AppData\Local\Google\Chrome\User Data\Default\Extensions\phpkmckmaicpanafbbkgnboinbomaakd
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\default_apps\search.crx
CHR HKLM-x32\...\Chrome\Extension: [bgknpfancpeamejmcooedljjnaddldhg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhjcgomkanpkpblokebecknhahgkcmoo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\www\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\www\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gndaciceccgapjhpniecknjlmmlanaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hpcghcdjnehpkdecaflpedhklimnejia] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lanabbpahpjnaljebnpgkjemcbkepiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [necfmkplpminfjagblfabggomdpaakan] - hxxp://clients2.google.com/service/update2/crx
S4 892cc6a3; "C:\Windows\system32\rundll32.exe" "c:\progra~3\perfor~1\PerformanceOptimizerSvc.dll",service
S3 TicnoShExtMng; C:\Program Files (x86)\Ticno\ShExtMng\shextmngservice.exe [X]
S3 292BF8AE; \??\C:\Windows\TEMP\292BF8AE.sys [X]
S3 295F117E; \??\C:\Windows\TEMP\295F117E.sys [X]
S3 29C2C23F; \??\C:\Windows\TEMP\29C2C23F.sys [X]
2013-08-28 11:34 - 2013-08-27 19:37 - 000049664 _____ () C:\Users\www\AppData\Roaming\closer.exe
2013-08-28 11:34 - 2013-08-28 11:34 - 000000006 _____ () C:\Users\www\AppData\Roaming\smw_inst
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1-x32: [MRACMenu] -> {B495CAFE-D53F-408B-A081-0814BE80EB3E} => C:\Users\www\AppData\Roaming\Mail.Ru\Agent\Mra\dll\mramenu.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {7265E1F7-1A24-4EE9-8E74-C55DFAB13446} - System32\Tasks\AlterGeoUpdater-S-1-5-18 => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
Task: {758FA2E9-20A6-4291-9262-CED25EAD941F} - \{05303FCE-3262-47BB-8AEC-ED529694F19B} -> No File <==== ATTENTION
Task: {7651E89B-23C8-4D53-B0F2-EC5545549499} - \{9DB79920-36B4-47F7-9398-81114A34801E} -> No File <==== ATTENTION
Task: {92963071-CA58-438B-9101-E847EF713607} - \{44733A24-4A46-4017-B985-2F2C5EB4E151} -> No File <==== ATTENTION
Task: {B0AA8B27-E940-477F-B885-78C5ADFE58D5} - \{6E7A5C61-B1F0-436C-9174-D3EB6FA357D2} -> No File <==== ATTENTION
Task: {FAF0F1CD-9A17-4960-B33D-7B70697F67EC} - \{2D4F3586-67A2-4B00-8F7E-7E256CC549BC} -> No File <==== ATTENTION
MSCONFIG\startupfolder: C:^Users^www^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Schedule Games Browser.lnk => C:\Windows\pss\Schedule Games Browser.lnk.Startup
MSCONFIG\startupfolder: C:^Users^www^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zaxar Games Browser.lnk => C:\Windows\pss\Zaxar Games Browser.lnk.Startup
MSCONFIG\startupreg: AlterGeoUpdater => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
MSCONFIG\startupreg: MAgent => C:\Users\www\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU
MSCONFIG\startupreg: Ticno Go => "C:\Program Files (x86)\Ticno\Ticno GO\Go.exe" /autorun
FirewallRules: [TCP Query User{E499FB18-A5E8-427B-A9DB-E9F8F850F7E2}C:\users\www\appdata\local\mediaget2\mediaget.exe] => (Block) C:\users\www\appdata\local\mediaget2\mediaget.exe No File
FirewallRules: [UDP Query User{E0591409-66CA-4804-ABED-E34D4A030009}C:\users\www\appdata\local\mediaget2\mediaget.exe] => (Block) C:\users\www\appdata\local\mediaget2\mediaget.exe No File
CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D492942E-9368-48D9-BB8B-68E8E4CE2D43}" /f /reg:32
Reboot:
и сохраните как fixlist.txt в папку с Farbar Recovery Scan Tool.
При сохранении выберите кодировку Юникод!
Отключите до перезагрузки антивирус,
закройте все браузеры, запустите FRST.EXE/FRST64.EXE, нажмите один раз
Fix и подождите. Программа создаст лог-файл (
Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.
Сообщите, что с проблемами.