Заражение URL:Mal

[REDACTED]

При открытии браузера Аваста, Мозилы выходит блокировка инфекции обьект: http://vk.ijmelto.ru/index.xm......, Процес: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe. Видноус 8.1. Стоит Аваст. Проверила Касперским, Доктор Веб. В форуме есть такая тема. https://forum.avast.com/index.php?topic=178205.0. Мне тоже сделать рост 4426?

[polonus]

Wait for a qualified removal expert to arrive. I will inform him of this thread.
More than likely malware has corrupted/hijacked chrome browser startpage.
Follow his instructions to the dot.

polonus

[essexboy]

Please use this programme for analysis as it is more current

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Select  additions at the bottom
• Press Scan button.
  
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach both logs generated.

[REDACTED]

Спасибо за ответ. Прикрепила логи.

[essexboy]

Let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4213819828-333595612-3669788182-1002\...\Run: [ywfwryjjzq] => explorer "http://tumuri.ru/?utm_source=uoua03&utm_content=bbdfa0f489359ada6100c69b6a89c332" <===== ATTENTION
Startup: C:\Users\iitiii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk [2015-10-31]
ShortcutTarget: Punto Switcher.lnk ->  (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-4213819828-333595612-3669788182-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll No File
BHO: No Name -> {11111111-1111-1111-1111-110611211180} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611211180} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-4213819828-333595612-3669788182-1002 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max Design 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max Design 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max Design 2015\Inventor Server\Bin\TestServer.dll => No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {2EA4B1B7-1AF0-4715-B96E-37D73C7718E7} - \UpdaterEX -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {571EA3D5-9E0A-4B61-84BC-45EA7E729206} - System32\Tasks\{0217D19B-CB47-4B2F-A63E-A5E2B03522E7} => pcalua.exe -a C:\Users\iitiii\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=ima
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\iitiii\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[C1].txt as well.
  

[REDACTED]

Прикрепляю лог. Если можно перенесите в русскую ветку. На английском сложновато.

[polonus]

Hi salon-best and essexboy,

Logs attached....
Что сотрудничество и почти нет языковых барьеров - What cooperation and almost no language barriers.

polonus

[essexboy]

Вы все еще получаете оповещения?

Are you still getting alerts ?

[REDACTED]

 Спасибо за ответ.Да еще приходят уведомления.

[essexboy]

Is it chrome only or are other browsers affected

Could I have a fresh FRST scan please

Это хром только или затрагиваются другие браузеры


Может у меня есть свежие ФРСТ сканирования пожалуйста

[REDACTED]

Доброго дня. В мозиле это уведомление не приходит. Прикрепляю свежие логи. И скриншот самого уведомления.

[essexboy]

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\iitiii\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-25]
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that