Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › не получается удалить gamezonenews
- This topic has 7 ответов, 2 участника, and was last updated 8 years, 9 months назад by Admin.
-
АвторСообщения
-
10 февраля, 2016 в 4:50 пп #19084
Делал всё по инструкции
http://www.spyware-ru.com/udalit-gamezonenews-net-redirekt-instruktsiya/
Всё равно выскакивает:(
Не привязано к определёному браузеру, открывается в том, который стоит по умолчанию, будь то Хром или Опера14 февраля, 2016 в 3:06 дп #32688Здравствуйте.
Выполните сканирование компьютера программой FRST.
Скачайте программу FRST с этой страницы.
Запустите её. Ничего не меняйте в настройках, просто нажмите кнопку Scan.Когда сканирование будет завершено откроется блокнот с первым отчетом (frst.txt) вставьте его содержимое в ваш ответ. Чуть позже откроется второй отчёт Addition.txt.
Второй отчёт просто присоедините к вашему сообщению используя вкладку Добавить вложения.14 февраля, 2016 в 10:34 дп #32689Нажал на ссылку, выскакивает «Nothing Found for Download»
Скачаю с этой14 февраля, 2016 в 10:50 дп #32690Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by user (administrator) on ASUS-X75V (14-02-2016 12:39:12)
Running from D:userDownloads
Loaded Profiles: user & UpdatusUser (Available Profiles: user & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forums/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(AudioVkontakte.ru) C:ProgramDataVKSaverVKSaver.exe
(ESET) C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe
(Hi-Rez Studios) D:OlegGamesSmiteHiPatchService.exe
(Intel Corporation) C:WindowsSystem32hkcmd.exe
(Intel Corporation) C:WindowsSystem32igfxpers.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe
(ESET) C:Program FilesESETESET NOD32 Antivirusegui.exe
(Microsoft Corporation) C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.EXE
() C:UsersuserAppDataLocalViberViber.exe
() C:ProgramDataDatacardServiceHWDeviceService64.exe
(Intel(R) Corporation) C:Program FilesInteliCLS ClientHeciServer.exe
(Huawei Technologies Co., Ltd.) C:ProgramDataDatacardServiceDCSHelper.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALJhi_service.exe
() C:ProgramDataMobile InternetOnlineUpdateouc.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe
(AudioVkontakte.ru) C:ProgramDataVKSaverVKSaver.exe
(Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
(Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
(Dropbox, Inc.) C:UsersuserAppDataRoamingDropboxbinDropbox.exe
(Microsoft Corporation) C:Program Files (x86)Microsoft OfficeOffice14WINWORD.EXE
(Microsoft Corporation) C:Program Files (x86)Microsoft OfficeOffice14WINWORD.EXE
(Microsoft Corporation) C:Program Files (x86)Microsoft OfficeOffice14WINWORD.EXE
(Microsoft Corporation) C:Program Files (x86)Microsoft OfficeOffice14WINWORD.EXE
(Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE
(Microsoft Corporation) C:Windowssplwow64.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera_crashreporter.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Microsoft Corporation) C:Program Files (x86)Common Filesmicrosoft sharedSource EngineOSE.EXE
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe
(Opera Software) C:Program Files (x86)Opera35.0.2066.37opera.exe==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM…Run: [egui] => C:Program FilesESETESET NOD32 Antivirusegui.exe [2918656 2011-01-14] (ESET)
HKLM-x32…Run: [USB3MON] => C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32…Run: [BCSSync] => C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32…Run: [Adobe ARM] => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32…Run: [VKSaver] => C:ProgramDataVKSaverVKSaver.exe [239616 2014-10-04] (AudioVkontakte.ru)
WinlogonNotifyigfxcui: C:Windowssystem32igfxdev.dll (Intel Corporation)
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…Run: [OfficeSyncProcess] => C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.EXE [720064 2013-03-08] (Microsoft Corporation)
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…Run: [Steam] => D:OlegGamesSteamsteam.exe [3014224 2016-02-04] (Valve Corporation)
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…Run: [DAEMON Tools Lite] => C:Program Files (x86)DAEMON Tools LiteDTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…Run: [Dropbox Update] => C:UsersuserAppDataLocalDropboxUpdateDropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…Run: [Viber] => C:UsersuserAppDataLocalViberViber.exe [51657424 2015-11-09] ()
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…MountPoints2: H — H:AutoRun.exe
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…MountPoints2: {6715c394-5a03-11e3-935e-240a64211da4} — G:AutoRun.exe
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…MountPoints2: {6715c39f-5a03-11e3-935e-240a64211da4} — G:AutoRun.exe
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…MountPoints2: {c8cc644d-6420-11e3-a626-240a64211da4} — G:HTC_Sync_Manager_PC.exe
HKUS-1-5-21-3138997166-3486246742-2689789372-1000…MountPoints2: {f599d49f-5f5c-11e3-b9ba-001e101f57d0} — H:AutoRun.exe
AppInit_DLLs: C:Windowssystem32nvinitx.dll => C:Windowssystem32nvinitx.dll [245872 2013-05-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:WindowsSysWOW64nvinit.dll => C:WindowsSysWOW64nvinit.dll [201576 2013-05-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:PROGRA~3VKSavervksaver3.dll => C:ProgramDataVKSavervksaver3.dll [45056 2014-10-04] (AudioVkontakte.ru)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt64.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt1»] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt2»] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt3»] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt4»] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt5»] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt6»] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt7»] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [«DropboxExt8»] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:UsersuserAppDataRoamingDropboxbinDropboxExt.31.dll [2016-02-09] (Dropbox, Inc.)
Startup: C:UsersuserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk [2016-02-12]
ShortcutTarget: Dropbox.lnk -> C:UsersuserAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{7528B799-C1D5-4D68-AE69-FA28EB888CF3}: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{84CD9BEB-909A-4B63-B082-ABEB82495355}: [NameServer] 193.41.60.18 193.41.63.161
Tcpip..Interfaces{9A537A93-D5C1-4DA3-9EC6-382566B95214}: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{A164C1EA-6EFF-4474-8DE0-3E13A0B6E4DB}: [NameServer] 193.41.60.18 193.41.63.161Internet Explorer:
==================
HKUS-1-5-21-3138997166-3486246742-2689789372-1000SoftwareMicrosoftInternet ExplorerMain,Start Page = kino-filmov.net
SearchScopes: HKUS-1-5-21-3138997166-3486246742-2689789372-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg
SearchScopes: HKUS-1-5-21-3138997166-3486246742-2689789372-1000 -> {78E0CCCA-0F24-4462-B093-E73101273D04} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
SearchScopes: HKUS-1-5-21-3138997166-3486246742-2689789372-1000 -> {C9DFDB2C-A417-4285-A78D-DC5374E1FDE4} URL = hxxp://www.google.com.ua/search?hl=ru&q={searchTerms}
SearchScopes: HKUS-1-5-21-3138997166-3486246742-2689789372-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program FilesJavajre7binssv.dll [2013-09-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program FilesJavajre7binjp2ssv.dll [2013-09-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre7binssv.dll [2013-09-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre7binjp2ssv.dll [2013-09-05] (Oracle Corporation)
Handler-x32: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program Files (x86)Common FilesSkypeSkype4COM.dll [2014-05-02] (Skype Technologies)FireFox:
========
FF ProfilePath: C:UsersuserAppDataRoamingMozillaFirefoxProfilesqglple75.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://mail.ru/cnt/10445?gp=custom1
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:Windowssystem32npDeployJava1.dll [2013-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:Program FilesJavajre7binplugin2npjp2.dll [2013-09-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~1MICROS~3Office14NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:WindowsSysWOW64npDeployJava1.dll [2013-09-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:Program Files (x86)Javajre7binplugin2npjp2.dll [2013-09-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~2MICROS~2Office14NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:PROGRA~2MICROS~2Office14NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:UsersuserAppDataRoamingraidcallpluginsnprcplugin.dll [2014-05-22] (Raidcall)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.709 -> C:Program Files (x86)K-Lite Codec PackRealbrowserpluginsnppl3260.dll [2010-03-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.709 -> C:Program Files (x86)K-Lite Codec PackRealbrowserpluginsnprpjplug.dll [2010-03-14] (RealNetworks, Inc.)
FF Plugin-x32: @t.garena.com/garenatalk -> C:Program Files (x86)Garena PlusbbtalkpluginsnpPluginnpGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeReader 11.0ReaderAIRnppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-3138997166-3486246742-2689789372-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:UsersuserAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin HKUS-1-5-21-3138997166-3486246742-2689789372-1000: ubisoft.com/uplaypc -> D:OlegGamesTom Clancy’s Ghost Recon.Future Soldier.Deluxe Edition.v 1.7 + 3 DLCorbitnpuplaypc.dll [No File]
FF Extension: ReloadEvery — C:UsersuserAppDataRoamingMozillaFirefoxProfilesqglple75.defaultextensions{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-07-09]
FF Extension: Adblock Plus — C:UsersuserAppDataRoamingMozillaFirefoxProfilesqglple75.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM-x32…ThunderbirdExtensions: [eplgTb@eset.com] — C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird
FF Extension: ESET Smart Security Extension — C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2013-09-05] [not signed]Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> «hxxp://mail.ru/cnt/7993/»,»hxxp://www.google.com/»
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) — C:Program Files (x86)GoogleChromeApplication48.0.2564.109PepperFlashpepflashplayer.dll ()
CHR Plugin: (Native Client) — C:Program Files (x86)GoogleChromeApplication48.0.2564.109ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) — C:Program Files (x86)GoogleChromeApplication48.0.2564.109pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) — C:PROGRA~2MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) — C:PROGRA~2MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) — C:Program Files (x86)AdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) — C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) — C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) — C:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave Flash) — C:WindowsSysWOW64MacromedFlashNPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) — C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:UsersuserAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (Angry Birds) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsaknpkdffaafgjchaibgeefbgmgeghloj [2014-12-13]
CHR Extension: (Forge of Empires) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsanaphblkfplenhkephgneolhnmjminjg [2015-08-21]
CHR Extension: (Документы Google) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Диск Google) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Gismeteo) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsbfegaehidkkcfaikpaijcdahnpikhobf [2015-06-26]
CHR Extension: (YouTube) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Adblock Plus) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionscfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Документы офлайн) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (COD Modern Warfare 3 Theme (1280 x 800)) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsgkoiomlklcjdilkmmchchbkikiegchkb [2013-09-06]
CHR Extension: (Drakensang Online) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionslgloifppaepihckkhiocnodicehjdoof [2015-08-04]
CHR Extension: (Металлическая пуля жестокий 3) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsmaphilmnngnhkfigpjjoddpjpfbmpmcc [2014-12-06]
CHR Extension: (Платежная система Интернет-магазина Chrome) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (EmojiPlus) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsohdmafokcgelhmifjiapjbnkfcggkgnb [2016-01-29]
CHR Extension: (Bloxorz Блок головоломка) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionsphiaicokjaoaobiobphcfkmbeiejdang [2014-12-06]
CHR Extension: (Gmail) — C:UsersuserAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Google Drive) — C:UsersuserAppDataRoamingextensionsextension_chrome [2014-08-23]Opera:
=======
OPR Extension: (Adblock Plus) — C:UsersuserAppDataRoamingOpera SoftwareOpera StableExtensionsoidhhegpmlfpoeialbgcdocjalghfpkp [2016-02-06]==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 defragsvc; C:WindowsSystem32defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S3 EhttpSrv; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [42360 2011-01-14] (ESET)
R2 ekrn; C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe [810144 2011-01-14] (ESET)
R2 HiPatchService; D:OlegGamesSmiteHiPatchService.exe [9728 2016-02-02] (Hi-Rez Studios) [File not signed]
R2 HWDeviceService64.exe; C:ProgramDataDatacardServiceHWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Mobile Internet. RunOuc; C:Program Files (x86)Mobile InternetUpdateDogouc.exe [246112 2013-12-01] ()
R2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:WindowsSystem32wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:WindowsSysWOW64wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [283064 2013-11-27] (Disc Soft Ltd)
R2 eamonm; C:WindowsSystem32DRIVERSeamonm.sys [170640 2010-12-21] (ESET)
S3 ebdrv; C:Windowssystem32driversevbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:WindowsSystem32DRIVERSehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:WindowsSystem32DRIVERSepfwwfpr.sys [125296 2010-12-21] (ESET)
R0 iaStorF; C:WindowsSystem32DRIVERSiaStorF.sys [28216 2012-09-14] (Intel Corporation)
R3 keyboard; C:WindowsSystem32Driverskeyboard.sys [18536 2014-09-22] (Oblita)
R3 L1C; C:WindowsSystem32DRIVERSL1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 mountmgr; C:WindowsSystem32driversmountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
R3 mouse; C:WindowsSystem32Driversmouse.sys [18536 2014-09-22] (Oblita)
R0 volmgrx; C:WindowsSystem32driversvolmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S3 AthBTPort; system32DRIVERSbtath_flt.sys [X]
S3 BTATH_A2DP; system32driversbtath_a2dp.sys [X]
S3 btath_avdt; system32driversbtath_avdt.sys [X]
S3 BTATH_BUS; system32DRIVERSbtath_bus.sys [X]
S3 BTATH_HCRP; system32DRIVERSbtath_hcrp.sys [X]
S3 BTATH_RCP; system32DRIVERSbtath_rcp.sys [X]
S3 BtAudioBusSrv; System32DriversBtAudioBus.sys [X]
S3 BtFilter; system32DRIVERSbtfilter.sys [X]
S3 BthL2caScoIfSrv; System32DriversBtL2caScoIf.sys [X]
S3 EagleX64; ??C:Windowssystem32driversEagleX64.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-14 12:39 — 2016-02-14 12:39 — 00000000 ____D C:FRST
2016-02-12 19:49 — 2016-02-12 19:49 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsLeague of Legends
2016-02-12 11:53 — 2016-02-12 11:53 — 00000000 ____D C:UsersuserAppDataRoamingMicrosoftWindowsStart MenuProgramsDropbox
2016-02-11 12:01 — 2016-02-11 12:01 — 00000000 ____D C:UsersuserAppDataRoamingMEX
2016-02-11 11:44 — 2016-02-11 11:44 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsR.G. Games
2016-02-10 16:55 — 2016-02-10 19:01 — 00192216 _____ (Malwarebytes) C:Windowssystem32DriversMBAMSwissArmy.sys
2016-02-10 16:55 — 2016-02-10 16:55 — 00000000 ____D C:UsersВсе пользователиMalwarebytes
2016-02-10 16:55 — 2016-02-10 16:55 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2016-02-10 16:55 — 2016-02-10 16:55 — 00000000 ____D C:ProgramDataMalwarebytes
2016-02-10 16:55 — 2016-02-10 16:55 — 00000000 ____D C:Program Files (x86)Malwarebytes Anti-Malware
2016-02-10 16:55 — 2015-10-05 09:50 — 00109272 _____ (Malwarebytes) C:Windowssystem32Driversmbamchameleon.sys
2016-02-10 16:55 — 2015-10-05 09:50 — 00063704 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmwac.sys
2016-02-10 16:55 — 2015-10-05 09:50 — 00025816 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys
2016-02-10 16:36 — 2016-02-10 16:39 — 00000000 ____D C:AdwCleaner
2016-02-06 13:35 — 2016-02-06 13:36 — 00000000 ____D C:UsersuserAppDataRoamingFiraxisLive
2016-02-02 11:55 — 2016-02-02 11:55 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDarkest Dungeon
2016-01-21 18:14 — 2016-01-21 18:14 — 00000000 ____D C:UsersuserAppDataLocalLowCD Projekt RED S_A_
2016-01-21 17:59 — 2016-01-21 17:59 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsThe Witcher Adventure Game
2016-01-15 08:46 — 2016-01-15 08:46 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHard West Collector’s Edition==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-14 12:36 — 2009-07-14 06:45 — 00016832 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-14 12:36 — 2009-07-14 06:45 — 00016832 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-14 12:06 — 2015-06-17 15:55 — 00001106 _____ C:WindowsTasksDropboxUpdateTaskUserS-1-5-21-3138997166-3486246742-2689789372-1000UA.job
2016-02-14 12:06 — 2015-06-17 15:55 — 00001054 _____ C:WindowsTasksDropboxUpdateTaskUserS-1-5-21-3138997166-3486246742-2689789372-1000Core.job
2016-02-14 12:03 — 2013-09-06 22:03 — 00000970 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2016-02-14 12:03 — 2013-09-06 22:03 — 00000966 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2016-02-14 11:59 — 2015-10-03 19:06 — 00000896 _____ C:WindowsTasksAdobe Flash Player Updater.job
2016-02-14 02:14 — 2015-09-10 13:38 — 00000958 _____ C:WindowsTasksAdobe Flash Player PPAPI Notifier.job
2016-02-13 23:00 — 2014-03-12 19:58 — 00000000 ____D C:UsersuserAppDataLocalBattle.net
2016-02-12 18:50 — 2013-09-10 16:28 — 00000000 ____D C:UsersuserAppDataLocalElevatedDiagnostics
2016-02-12 18:50 — 2009-07-14 05:20 — 00000000 ____D C:Windowssystem32NDF
2016-02-12 17:41 — 2013-09-10 22:27 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsR.G. Catalyst
2016-02-12 11:54 — 2013-09-06 23:54 — 00000000 ___RD C:UsersuserDropbox
2016-02-12 11:54 — 2013-09-06 23:48 — 00000000 ____D C:UsersuserAppDataRoamingDropbox
2016-02-12 05:04 — 2015-12-13 22:45 — 00000000 ____D C:UsersuserAppDataRoamingViberPC
2016-02-12 05:02 — 2013-09-06 11:53 — 00000198 _____ C:WindowsTasksAutoKMS.job
2016-02-12 05:02 — 2009-07-14 07:08 — 00000006 ____H C:WindowsTasksSA.DAT
2016-02-12 04:16 — 2013-09-04 11:16 — 01172504 ____H C:UsersuserAppDataLocalIconCache.db.backup
2016-02-12 04:10 — 2013-09-05 19:34 — 00000000 ____D C:UsersuserAppDataRoamingSkype
2016-02-10 23:11 — 2013-09-06 22:04 — 00002211 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-02-10 17:21 — 2015-02-07 15:00 — 00000000 ____D C:WindowsLinux
2016-02-10 12:52 — 2013-09-06 22:14 — 00000000 ____D C:UsersuserAppDataRoaminguTorrent
2016-02-10 03:46 — 2015-07-18 11:04 — 00000003 _____ C:WindowsSysWOW64HRUPPROG.TXT
2016-02-10 00:59 — 2015-10-03 19:06 — 00003834 _____ C:WindowsSystem32TasksAdobe Flash Player Updater
2016-02-10 00:59 — 2015-09-10 13:38 — 00003952 _____ C:WindowsSystem32TasksAdobe Flash Player PPAPI Notifier
2016-02-10 00:59 — 2013-09-05 19:35 — 00796864 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe
2016-02-10 00:59 — 2013-09-05 19:35 — 00142528 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl
2016-02-09 04:33 — 2014-11-02 21:31 — 00000000 ____D C:UsersuserAppDataRoamingCurse Client
2016-02-06 13:34 — 2013-09-07 13:01 — 00000000 ____D C:WindowsSysWOW64directx
2016-02-06 11:22 — 2013-09-09 12:33 — 00000000 ____D C:UsersuserAppDataLocalCrashDumps
2016-02-05 17:39 — 2013-09-05 19:34 — 00000000 ____D C:UsersВсе пользователиSkype
2016-02-05 17:39 — 2013-09-05 19:34 — 00000000 ____D C:ProgramDataSkype
2016-02-04 14:38 — 2015-08-07 22:25 — 00003864 _____ C:WindowsSystem32TasksOpera scheduled Autoupdate 1438979132
2016-02-04 14:38 — 2015-08-07 22:24 — 00000000 ____D C:Program Files (x86)Opera
2016-02-03 18:26 — 2013-09-08 15:25 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsR.G. Mechanics
2016-02-02 11:58 — 2013-09-06 22:03 — 00003966 _____ C:WindowsSystem32TasksGoogleUpdateTaskMachineUA
2016-02-02 11:58 — 2013-09-06 22:03 — 00003714 _____ C:WindowsSystem32TasksGoogleUpdateTaskMachineCore
2016-01-27 00:58 — 2009-07-14 05:20 — 00000000 ____D C:Windowsinf
2016-01-25 17:51 — 2013-10-02 23:50 — 00000000 ____D C:UsersuserAppDataRoamingMedia Player Classic
2016-01-24 03:56 — 2015-11-05 21:56 — 00000000 ____D C:UsersuserAppDataRoamingTS3Client
2016-01-24 03:56 — 2014-07-28 03:02 — 00000000 ____D C:UsersuserAppDataRoamingWinamp
2016-01-24 03:56 — 2013-11-25 23:19 — 00000000 ____D C:UsersuserAppDataRoamingDAEMON Tools Lite
2016-01-24 03:54 — 2014-08-11 19:05 — 00000000 ____D C:WindowsMinidump
2016-01-19 06:42 — 2013-09-07 22:02 — 00000000 ____D C:UsersВсе пользователиVKSaver
2016-01-19 06:42 — 2013-09-07 22:02 — 00000000 ____D C:ProgramDataVKSaver
2016-01-15 14:31 — 2014-09-22 04:14 — 00000000 ____D C:UsersВсе пользователиPackage Cache
2016-01-15 14:31 — 2014-09-22 04:14 — 00000000 ____D C:ProgramDataPackage Cache==================== Files in the root of some directories =======
2014-10-21 02:08 — 2014-10-21 02:08 — 0004608 _____ () C:UsersuserAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 18:45 — 2015-11-17 18:45 — 0000230 _____ () C:ProgramDataHirezPipeError.txtSome files in TEMP:
====================
C:UsersuserAppDataLocalTempSkypeSetup.exe
C:UsersuserAppDataLocalTempsqlite3.dll==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:WindowsSysWOW64wininit.exe => File is digitally signed
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll
[2010-11-21 05:24] — [2010-11-21 05:24] — 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972EC:WindowsSysWOW64User32.dll
[2013-09-06 11:47] — [2013-09-06 11:47] — 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356C:Windowssystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:WindowsSysWOW64dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signedLastRegBack: 2016-02-08 07:05
==================== End of FRST.txt ============================
21 февраля, 2016 в 12:46 пп #32691Запустите программу Блокнот и вставьте в открытое окно следующий текст
CreateRestorePoint:
Task: {E35ADA03-03B8-452B-998D-49811429FAB0} - System32TasksMS => hxxp://gangnamgame.org
EmptyTemp:
Reboot:Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist
Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.Кроме этого:
1. выполните новую проверку программой FRST и оба её лога прикрепите к вашему ответу.
2. Скачайте AdwCleaner. Запустите программу, кликнув по ней правой клавишей мыши и выбрав «Запустить от имени администратора». Нажмите кнопку «Сканировать» и дождитесь окончания процесса. Когда сканирование закончиться, закройте программу и найдите отчет о сканировании. Он находиться в папке C:AdwCleaner и имеет имя AdwCleaner[S1]. Прикрепите этот отчет к своему следующему сообщению.21 февраля, 2016 в 8:19 пп #32692Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by user (2016-02-21 21:56:21) Run:1
Running from D:userDownloads
Loaded Profiles: user & UpdatusUser (Available Profiles: user & UpdatusUser)
Boot Mode: Normal
==============================================fixlist content:
*****************
CreateRestorePoint:
Task: {E35ADA03-03B8-452B-998D-49811429FAB0} — System32TasksMS => hxxp://gangnamgame.org
EmptyTemp:
Reboot:*****************
Restore point was successfully created.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheBoot{E35ADA03-03B8-452B-998D-49811429FAB0}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{E35ADA03-03B8-452B-998D-49811429FAB0}» => key removed successfully
C:WindowsSystem32TasksMS => moved successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMS» => key removed successfully
EmptyTemp: => 1.5 GB temporary data Removed.The system needed a reboot.
==== End of Fixlog 21:58:57 ====
22 февраля, 2016 в 1:27 пп #32693Кажется, всё получилось, ничего больше не выскакивает) Спасибо!
23 февраля, 2016 в 2:17 дп #32694Рад вам помочь 🙂
Программы FRST и AdwCleaner можете оставить на компьютере, но можете и удалить. Они не требуют специальной процедуры деинсталлирования. Папку AdwCleaner, которая находиться на диске C так же можете удалить.
Несколько завершающих действий.
1. Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
2. Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус. -
АвторСообщения
- Для ответа в этой теме необходимо авторизоваться.