- This topic has 23 ответа, 2 участника, and was last updated 7 years, 5 months назад by
.
-
Сообщения
-
Не могу удалить imwite, всплывающее окно в опере, Malwarebytes не помог, планировщик заданий тоже, не пойму что делать, помогите пожалуйста…
ВОТ РЕЗУЛЬТАТЫ СКАНИРОВАНИЯ frst.я В ЭТОМ НИЧЕГО НЕ ПОНИМАЮ, НАДЕЮСЬ ВЫ ПОМОЖЕТЕ…БУДУ ОЧЕНЬ БЛАГОДАРЕН.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-05-2017
Ran by Admin (administrator) on ADMIN-ПК (29-05-2017 11:34:13)
Running from C:\Users\Admin\Videos\фильмы
Loaded Profiles: Admin (Available Profiles: Admin & UpdatusUser)
Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files\Opera\45.0.2552.812\opera.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464 2012-01-16] (Realtek Semiconductor)
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\…\MountPoints2: {01fd0c14-5a29-11e2-a0ff-806e6f6e6963} — E:\Run.exe
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\…\MountPoints2: {2a494a4d-ace3-11e2-a174-902b340db217} — F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\…\MountPoints2: {2b8184f4-5d88-11e2-98a0-902b340db217} — F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\…\MountPoints2: {2b8184fe-5d88-11e2-98a0-902b340db217} — F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\…\MountPoints2: {5aefa3fa-c6a8-11e2-98ce-902b340db217} — F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\…\MountPoints2: {7b13eaa4-5437-11e6-af9b-902b340db217} — F:\Lenovo_Suite.exe
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 193.41.60.9 193.41.63.180
Tcpip\..\Interfaces\{A95F4F4A-F547-4731-B674-F3E3175656DB}: [DhcpNameServer] 193.41.60.9 193.41.63.180
Tcpip\..\Interfaces\{D77C421F-2B4C-422A-BED2-00B8F50630F3}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ru.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-2868414433-842378086-3155127884-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxp://yandex.ru/yandsearch?clid=2101082&text={searchTerms}
SearchScopes: HKU\S-1-5-21-2868414433-842378086-3155127884-1000 -> {B2D56063-0F5A-4332-B5FD-929F9E544DE7} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868414433-842378086-3155127884-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868414433-842378086-3155127884-1000 -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxp://yandex.ru/yandsearch?clid=2101082&text={searchTerms}
BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
Handler: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O [2017-03-17]FF NewTab: Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O -> about:newtab
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O -> Google (avast)
FF Extension: (top-page.ru) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\135794682@qertis.net.xpi [2012-03-13] [not signed]FF Extension: (Adblock Plus Pop-up Addon) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\adblockpopups@jessehakanen.net [2012-03-13] [not signed]FF Extension: (CensureBlock) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\censureblock@gmail.com [2012-03-13] [not signed]FF Extension: (IE Tab +) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\coralietab@mozdev.org [2012-03-13] [not signed]FF Extension: (Custom Buttons) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\custombuttons@xsms.org [2012-03-13] [not signed]FF Extension: (Element Hiding Helper for Adblock Plus) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\elemhidehelper@adblockplus.org [2012-03-13] [not signed]FF Extension: (ImgLikeOpera) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\imglikeopera@imfo.ru [2012-03-13] [not signed]FF Extension: (Link Alert) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\linkalert.conlan@addons.mozilla.com [2012-03-13] [not signed]FF Extension: (MinimizeToTray revived (MinTrayR)) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\mintrayr@tn123.ath.cx [2012-03-13] [not signed]FF Extension: (NoSquint) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\nosquint@urandom.ca [2012-03-13] [not signed]FF Extension: (Настройки Классической Компактной темы) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\notreal.ccoptions@environmentalchemistry.com [2012-03-13] [not signed]FF Extension: (RequestPolicy) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\requestpolicy@requestpolicy.com [2012-03-13] [not signed]FF Extension: (SkipScreen) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\SkipScreen@SkipScreen [2012-03-13] [not signed]FF Extension: (Tab Scope) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\tabscope@xuldev.org [2012-03-13] [not signed]FF Extension: (Google Translator for Firefox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\translator@zoli.bod [2012-03-13] [not signed]FF Extension: (Toolbar Buttons) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2012-03-13] [not signed]FF Extension: (ColorfulTabs) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2012-03-13] [not signed]FF Extension: (URL Fixer Plus RU and UA) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{18957df9-7f03-405d-a021-b847769de1a5} [2012-03-13] [not signed]FF Extension: (FlashGot) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2012-03-13] [not signed]FF Extension: (Flashblock) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2012-03-13] [not signed]FF Extension: (NoScript) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012-03-13] [not signed]FF Extension: (Mozilla Archive Format) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54} [2012-03-13] [not signed]FF Extension: (WOT) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012-03-13] [not signed]FF Extension: (DownloadHelper) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-03-13] [not signed]FF Extension: (FXChrome) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32} [2012-03-13] [not signed]FF Extension: (Fasterfox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91} [2012-03-13] [not signed]FF Extension: (wmlbrowser) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} [2012-03-13] [not signed]FF Extension: (Adblock Plus) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-03-13] [not signed]FF Extension: (BetterPrivacy) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-03-13] [not signed]FF Extension: (Классическая Компактная) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E} [2012-03-13] [not signed]FF Extension: (Download Statusbar) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012-03-13] [not signed]FF Extension: (Tab Mix Plus) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{dc572301-7619-498c-a57d-39143191b318} [2012-03-13] [not signed]FF Extension: (Memory Fox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2012-03-13] [not signed]FF Extension: (Menu Editor) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2012-03-13] [not signed]FF Extension: (New Tab King) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2012-03-13] [not signed]FF Extension: (Mouse Gestures Redox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\Extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2012-03-13] [not signed]FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\searchplugins\google-avast.xml [2014-12-10]FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\searchplugins\yandex-avast.xml [2014-10-26]FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\searchplugins\yandex.ru-081935.xml [2013-07-20]FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ih4mar5c.WIN-QN2E3649N7O\searchplugins\yandex.ru-20175326.xml [2017-02-26]FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК [2017-05-29]FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\user.js [2014-02-04]FF DefaultSearchEngine: Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК -> Яндекс
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК -> Яндекс
FF Homepage: Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК -> hxxp://www.yandex.ru/?win=130&clid=1976470
FF Extension: (Adblock Plus Pop-up Addon) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\adblockpopups@jessehakanen.net [2013-01-09] [not signed]FF Extension: (CensureBlock) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\censureblock@gmail.com [2013-01-09] [not signed]FF Extension: (IE Tab +) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\coralietab@mozdev.org [2013-01-09] [not signed]FF Extension: (Custom Buttons) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\custombuttons@xsms.org [2013-01-09] [not signed]FF Extension: (Info Enhancer for Firefox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\dldcbakcjliccckkmfjcblhciilpdcil@infoenhancer.com [2014-12-23] [not signed]FF Extension: (Element Hiding Helper for Adblock Plus) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\elemhidehelper@adblockplus.org [2013-01-09] [not signed]FF Extension: (ImgLikeOpera) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\imglikeopera@imfo.ru [2013-01-09] [not signed]FF Extension: (Link Alert) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\linkalert.conlan@addons.mozilla.com [2013-01-09] [not signed]FF Extension: (MinimizeToTray revived (MinTrayR)) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\mintrayr@tn123.ath.cx [2013-01-09] [not signed]FF Extension: (NoSquint) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\nosquint@urandom.ca [2013-01-09] [not signed]FF Extension: (Настройки Классической Компактной темы) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\notreal.ccoptions@environmentalchemistry.com [2013-01-09] [not signed]FF Extension: (RequestPolicy) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\requestpolicy@requestpolicy.com [2013-01-09] [not signed]FF Extension: (SkipScreen) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\SkipScreen@SkipScreen [2013-01-09] [not signed]FF Extension: (Tab Scope) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\tabscope@xuldev.org [2013-01-09] [not signed]FF Extension: (Google Translator for Firefox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\translator@zoli.bod [2013-01-09] [not signed]FF Extension: (Toolbar Buttons) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2013-01-09] [not signed]FF Extension: (ColorfulTabs) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-01-09] [not signed]FF Extension: (URL Fixer Plus RU and UA) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{18957df9-7f03-405d-a021-b847769de1a5} [2013-01-09] [not signed]FF Extension: (FlashGot) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2013-01-09] [not signed]FF Extension: (Flashblock) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-01-09] [not signed]FF Extension: (NoScript) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2013-01-09] [not signed]FF Extension: (Mozilla Archive Format) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54} [2013-01-09] [not signed]FF Extension: (WOT) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-01-09] [not signed]FF Extension: (DownloadHelper) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-01-09] [not signed]FF Extension: (FXChrome) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32} [2013-01-09] [not signed]FF Extension: (Fasterfox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91} [2013-01-09] [not signed]FF Extension: (wmlbrowser) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} [2013-01-09] [not signed]FF Extension: (Adblock Plus) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-01-09] [not signed]FF Extension: (BetterPrivacy) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2013-01-09] [not signed]FF Extension: (Классическая Компактная) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E} [2013-01-09] [not signed]FF Extension: (Download Statusbar) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013-01-09] [not signed]FF Extension: (Tab Mix Plus) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{dc572301-7619-498c-a57d-39143191b318} [2013-01-09] [not signed]FF Extension: (Memory Fox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-01-09] [not signed]FF Extension: (Menu Editor) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2013-01-09] [not signed]FF Extension: (New Tab King) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013-01-09] [not signed]FF Extension: (Mouse Gestures Redox) — C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\Extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2013-01-09] [not signed]FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c4r0c48j.ADMIN-ПК\searchplugins\yandex.ru-155032.xml [2014-06-29]FF HKLM\…\Thunderbird\Extensions: [eplgTb@eset.com] — C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-20] ()
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-05-27]CHR Extension: (Google Презентации) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-15]CHR Extension: (Документы Google) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-15]CHR Extension: (Диск Google) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-15]CHR Extension: (YouTube) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-15]CHR Extension: (Adblock Plus) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-24]CHR Extension: (Поиск Google) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-23]CHR Extension: (Tampermonkey) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-25]CHR Extension: (Google Таблицы) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-15]CHR Extension: (Google Документы офлайн) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-26]CHR Extension: (AdBlock) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-15]CHR Extension: (VkOpt) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoboppgpbgclpfnjfdidokiilachfcbb [2017-01-24]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-24]CHR Extension: (Gmail) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-15]CHR Extension: (Chrome Media Router) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-05-20]CHR Extension: (Tampermonkey) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-25]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-20]CHR HKLM\…\Chrome\Extension: [hhjmihalfdochhinhfogciaafppfgpjj] — hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: «hxxps://www.yandex.ru/?win=269&clid=2256540»
OPR Extension: (AdBlock) — C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-03-17] ==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2241992 2016-12-14] (ESET)
S3 SpotfluxUpdate; C:\Program Files\Spotflux\Spotflux Lite\Spotflux Updates.exe [367984 2013-12-27] (Spotflux) [File not signed]R2 Themes; C:\Windows\system32\themeservice.dll [37376 2012-03-12] (Microsoft Corporation) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2013-01-14] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-04-20] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-01-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [140984 2017-01-17] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [62528 2017-01-17] (ESET)
R1 epp; C:\EEK\bin32\epp.sys [95912 2017-01-03] (Emsisoft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [17488 2013-01-09] (Windows (R) 2000 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-01-14] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Корпорация Майкрософт)
S3 PTUMWBus; C:\Windows\System32\DRIVERS\PTUMWBus.sys [54544 2010-07-20] (DEVGURU Co., LTD.)
S3 PTUMWCDF; C:\Windows\System32\DRIVERS\PTUMWCDF.sys [22032 2010-07-20] (DEVGURU Co., LTD.)
S3 PTUMWCSP; C:\Windows\System32\DRIVERS\PTUMWCSP.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWFLT; C:\Windows\System32\DRIVERS\PTUMWFLT.sys [11920 2010-07-20] (DEVGURU Co., LTD.)
S3 PTUMWMdm; C:\Windows\System32\DRIVERS\PTUMWMdm.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWNET; C:\Windows\System32\DRIVERS\PTUMWNET.sys [115216 2010-07-20] (DEVGURU Co., LTD.)
S3 PTUMWNSP; C:\Windows\System32\DRIVERS\PTUMWNSP.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWVsp; C:\Windows\System32\DRIVERS\PTUMWVsp.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2014-09-06] (Duplex Secure Ltd.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)
U1 aswbdisk; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S1 ZAM; no ImagePath
S1 ZAM_Guard; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-27 23:12 — 2017-05-27 23:54 — 00000000 ___DC C:\Program Files\Zemana AntiMalware
2017-05-27 23:12 — 2017-05-27 23:53 — 00020659 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-27 23:12 — 2017-05-27 23:39 — 00093567 _____ C:\Windows\ZAM.krnl.trace
2017-05-27 23:12 — 2017-05-27 23:12 — 00000000 ____D C:\Users\Admin\AppData\Local\Zemana
2017-05-26 08:36 — 2017-05-26 08:36 — 00001053 _____ C:\Users\Public\Desktop\Opera.lnk
2017-05-26 08:36 — 2017-05-26 08:36 — 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-25 21:21 — 2017-05-25 21:21 — 00000980 _____ C:\Users\Public\Desktop\Reg Organizer.lnk
2017-05-25 21:21 — 2017-05-25 21:21 — 00000000 ___DC C:\Program Files\Reg Organizer
2017-05-25 21:21 — 2017-05-25 21:21 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
2017-05-23 21:43 — 2017-05-25 21:22 — 00000000 ____D C:\Users\Admin\AppData\Roaming\ChemTable Software
2017-05-23 21:43 — 2017-05-25 21:22 — 00000000 ____D C:\Users\Admin\AppData\Local\ChemTable Software
2017-05-23 21:43 — 2017-05-23 21:43 — 00000000 ____D C:\Users\Все пользователи\Chemtable Software
2017-05-23 21:43 — 2017-05-23 21:43 — 00000000 ____D C:\ProgramData\Chemtable Software
2017-05-23 21:38 — 2017-05-23 21:40 — 00000000 ___DC C:\Program Files\HideMy.name VPN
2017-05-23 20:32 — 2017-05-23 20:32 — 00000000 ____D C:\Users\Admin\Downloads\Чемпионат Англии 2016-17 Премьер-лига 38-й тур Челси — Сандерленд 720p 50fps
2017-05-21 21:40 — 2017-05-21 21:44 — 1467858944 _____ C:\Users\Admin\Downloads\K1dnap.2017.P.WEB-DLRip.14OOMB_KOSHARA.avi
2017-05-15 20:11 — 2017-05-15 20:15 — 1575305640 _____ C:\Users\Admin\Downloads\Yana.Yank0.2017.O.WEB-DLRip.AVC.ExKinoRay.mkv
2017-05-13 18:26 — 2017-05-13 18:31 — 1052472319 _____ C:\Users\Admin\Downloads\Hollywood Homicide.2003.HDRip.MP4. rip by [Assassin’s Creed].mp4
2017-05-13 18:23 — 2017-05-13 18:27 — 1554774016 _____ C:\Users\Admin\Downloads\Grown.Ups.2.2013_HDRip_r5__[scarabey.org].avi
2017-05-06 20:27 — 2017-05-06 20:31 — 1467275264 _____ C:\Users\Admin\Downloads\Hardcore.Henry.2016.D.WEB-DLRip.1400MB.avi
2017-05-06 13:01 — 2017-05-06 13:05 — 1565607936 _____ C:\Users\Admin\Downloads\Reid_Pulya_v_golove_2016_WEB-DLRip_VO_by_Dalemake.avi
2017-05-04 08:53 — 2017-05-04 08:57 — 1552730112 _____ C:\Users\Admin\Downloads\WALL-E.2008__[scarabey.org].avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-29 11:34 — 2014-12-24 00:35 — 00000000 ___DC C:\FRST
2017-05-29 11:10 — 2009-07-14 07:34 — 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-29 11:10 — 2009-07-14 07:34 — 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-29 11:05 — 2009-07-14 05:37 — 00000000 ____D C:\Windows\inf
2017-05-29 08:45 — 2011-04-12 01:46 — 00734490 _____ C:\Windows\system32\perfh019.dat
2017-05-29 08:45 — 2011-04-12 01:46 — 00153360 _____ C:\Windows\system32\perfc019.dat
2017-05-29 08:45 — 2010-11-21 00:01 — 01666892 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-29 08:41 — 2013-02-17 22:07 — 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-05-29 08:40 — 2013-01-09 10:35 — 00000000 ____D C:\Users\Все пользователи\NVIDIA
2017-05-29 08:40 — 2013-01-09 10:35 — 00000000 ____D C:\ProgramData\NVIDIA
2017-05-29 08:40 — 2013-01-09 10:06 — 00000000 ____D C:\Users\Admin
2017-05-29 08:40 — 2009-07-14 07:53 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-28 23:57 — 2017-03-05 00:52 — 00000000 ___DC C:\AdwCleaner
2017-05-28 13:49 — 2016-07-28 00:09 — 00000000 ___DC C:\MagicPlusMini
2017-05-28 13:45 — 2013-12-31 10:33 — 00000362 ____H C:\Windows\Tasks\spotfluxupdater.job
2017-05-28 12:58 — 2017-02-27 17:25 — 00000000 ___DC C:\Program Files\Malwarebytes
2017-05-28 11:35 — 2012-03-13 09:29 — 00000000 ____D C:\Windows\system32\Macromed
2017-05-27 23:52 — 2013-07-20 07:19 — 00000000 ____D C:\Users\Admin\AppData\Local\Yandex
2017-05-27 23:24 — 2014-12-23 12:25 — 00000258 __RSH C:\Users\Все пользователи\ntuser.pol
2017-05-27 23:24 — 2014-12-23 12:25 — 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-27 23:24 — 2012-03-13 09:33 — 00000866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpеrа.lnk
2017-05-26 08:36 — 2017-03-17 17:35 — 00000000 ___DC C:\Program Files\Opera
2017-05-26 08:08 — 2017-02-26 20:52 — 00000259 _____ C:\Windows\system32\Drivers\vwifikerneldrv.sys
2017-05-26 08:08 — 2017-02-26 20:52 — 00000259 _____ C:\Windows\system32\d3dx9_11.dll.tmp
2017-05-26 08:08 — 2017-02-26 20:52 — 00000259 _____ C:\Users\Все пользователи\fontcacheev1.dat
2017-05-26 08:08 — 2017-02-26 20:52 — 00000259 _____ C:\ProgramData\fontcacheev1.dat
2017-05-23 23:29 — 2014-02-27 11:45 — 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2017-05-23 22:26 — 2013-01-13 19:11 — 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2017-05-23 22:06 — 2013-01-09 10:36 — 00000000 ____D C:\Users\UpdatusUser
2017-05-23 20:32 — 2016-08-10 20:37 — 00000000 ____D C:\Users\Admin\AppData\LocalLow\uTorrent
2017-05-20 19:01 — 2017-02-27 18:16 — 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-20 19:01 — 2012-02-15 15:39 — 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-20 18:39 — 2015-01-08 09:58 — 00000000 ___DC C:\Program Files\Google
2017-05-20 14:51 — 2017-03-20 22:36 — 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
==================== Files in the root of some directories =======
2013-02-01 00:35 — 2013-02-01 00:35 — 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-25 13:04 — 2016-04-25 13:04 — 0000000 _____ () C:\Users\Admin\AppData\Local\{9E27601B-15F3-4843-BB5A-8903DE70B45B}
2016-04-30 23:58 — 2016-04-30 23:58 — 0000000 _____ () C:\Users\Admin\AppData\Local\{B8F13218-BDE9-44A3-A14E-48B2FE2D6AD8}
2014-12-15 09:18 — 2014-12-15 09:18 — 0047230 _____ () C:\ProgramData\1418624289.bdinstall.bin
2014-12-15 09:28 — 2014-12-15 09:28 — 0201662 _____ () C:\ProgramData\1418624859.bdinstall.bin
2014-12-15 10:58 — 2014-12-15 10:58 — 0037631 _____ () C:\ProgramData\1418630280.bdinstall.bin
2014-12-15 10:58 — 2014-12-15 10:58 — 0179768 _____ () C:\ProgramData\1418630281.bdinstall.bin
2014-12-15 11:14 — 2014-12-15 11:14 — 0037645 _____ () C:\ProgramData\1418631271.bdinstall.bin
2014-12-15 11:14 — 2014-12-15 11:14 — 0095785 _____ () C:\ProgramData\1418631274.bdinstall.bin
2014-12-15 11:19 — 2014-12-15 11:19 — 0410454 _____ () C:\ProgramData\1418631412.bdinstall.bin
2014-12-18 01:14 — 2014-12-18 01:14 — 0233269 _____ () C:\ProgramData\1418854412.bdinstall.bin
2014-12-18 01:24 — 2014-12-18 01:24 — 0200742 _____ () C:\ProgramData\1418854981.bdinstall.bin
2014-12-18 01:40 — 2014-12-18 01:40 — 0037631 _____ () C:\ProgramData\1418856005.bdinstall.bin
2014-12-18 01:40 — 2014-12-18 01:40 — 0179745 _____ () C:\ProgramData\1418856007.bdinstall.bin
2014-12-18 01:44 — 2014-12-18 01:44 — 0037646 _____ () C:\ProgramData\1418856258.bdinstall.bin
2014-12-18 01:46 — 2014-12-18 01:46 — 0096100 _____ () C:\ProgramData\1418856260.bdinstall.bin
2014-12-18 02:05 — 2014-12-18 02:05 — 0196542 _____ () C:\ProgramData\1418857471.bdinstall.bin
2014-12-18 02:29 — 2014-12-18 02:29 — 0037631 _____ () C:\ProgramData\1418858982.bdinstall.bin
2014-12-18 02:30 — 2014-12-18 02:30 — 0098925 _____ () C:\ProgramData\1418858983.bdinstall.bin
2014-12-18 02:43 — 2014-12-18 02:43 — 0198201 _____ () C:\ProgramData\1418859770.bdinstall.bin
2017-02-27 17:54 — 2017-02-27 17:54 — 0037630 _____ () C:\ProgramData\1488207276.bdinstall.bin
2017-02-27 17:55 — 2017-02-27 17:55 — 0181882 _____ () C:\ProgramData\1488207279.bdinstall.bin
2017-02-27 17:58 — 2017-02-27 17:58 — 0038557 _____ () C:\ProgramData\1488207531.bdinstall.bin
2017-02-27 18:01 — 2017-02-27 18:01 — 0095076 _____ () C:\ProgramData\1488207533.bdinstall.bin
2017-02-27 22:09 — 2017-02-27 22:09 — 0045898 _____ () C:\ProgramData\agent.1488222566.bdinstall.bin
2017-02-27 22:18 — 2017-02-27 22:18 — 0020198 _____ () C:\ProgramData\agent.1488223127.bdinstall.bin
2017-02-27 22:20 — 2017-02-27 22:20 — 0028977 _____ () C:\ProgramData\agent.1488223210.bdinstall.bin
2017-02-26 20:52 — 2017-05-26 08:08 — 0000259 _____ () C:\ProgramData\fontcacheev1.dat
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-24 04:52
==================== End of FRST.txt ============================
Вот второй.
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-05-2017
Ran by Admin (29-05-2017 11:34:37)
Running from C:\Users\Admin\Videos\фильмы
Microsoft Windows 7 Максимальная Service Pack 1 (X86) (2013-01-09 07:05:56)
Boot Mode: Normal
============================================================================== Accounts: =============================
Admin (S-1-5-21-2868414433-842378086-3155127884-1000 — Administrator — Enabled) => C:\Users\Admin
UpdatusUser (S-1-5-21-2868414433-842378086-3155127884-1001 — Limited — Enabled) => C:\Users\UpdatusUser
Администратор (S-1-5-21-2868414433-842378086-3155127884-500 — Administrator — Disabled)
Гость (S-1-5-21-2868414433-842378086-3155127884-501 — Limited — Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 10.0.390.0 (Enabled — Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 10.0.390.0 (Enabled — Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM\…\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.23 — GIGABYTE)
µTorrent (HKU\S-1-5-21-2868414433-842378086-3155127884-1000\…\uTorrent) (Version: 3.5.0.43804 — BitTorrent Inc.)
7-Zip 16.04 (HKLM\…\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 — Igor Pavlov)
Adobe Download Assistant (HKLM\…\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.2 — Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\…\Adobe Flash Player ActiveX) (Version: 25.0.0.171 — Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\…\Adobe Flash Player NPAPI) (Version: 25.0.0.171 — Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\…\Adobe Flash Player PPAPI) (Version: 25.0.0.171 — Adobe Systems Incorporated)
AIDA64 (HKLM\…\AIDA64) (Version: — )
AIMP v3.00 Build 981 (HKLM\…\AIMP3_is1) (Version: v3.00 Build 981 — © Habetdin)
CCleaner (HKLM\…\CCleaner) (Version: 4.04 — Piriform)
Crysis 2 (HKLM\…\{6033673D-2530-4587-8AD0-EB059FC263F9}_is1) (Version: 1.1 — 1C)
ESET NOD32 Antivirus (HKLM\…\{ABCE208D-B03C-4C88-83B0-11638D9E508B}) (Version: 10.0.390.0 — ESET, spol. s r.o.)
FIFA 11, версия 1.0 (HKLM\…\FIFA 11_is1) (Version: 1.0 — Shepards)
FormatFactory 2.60 (HKLM\…\FormatFactory) (Version: 2.60 — Free Time)
Google Update Helper (Version: 1.3.25.11 — Google Inc.) Hidden
HashTab v.4.0.0.2 (HKLM\…\HashTab) (Version: 4.0.0.2 — Cody Batt)
Intel(R) Management Engine Components (HKLM\…\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 — Intel Corporation)
K-Lite Mega Codec Pack 8.2.0 (HKLM\…\KLiteCodecPack_is1) (Version: 8.2.0 — )
Microsoft .NET Framework 4 Client Profile (HKLM\…\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 — Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\…\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.50727.42 (HKLM\…\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.51011 (HKLM\…\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.56336 (HKLM\…\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.59193 (HKLM\…\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001 (HKLM\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022 (HKLM\…\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022.218 (HKLM\…\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30411 (HKLM\…\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729 (HKLM\…\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148 (HKLM\…\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.5570 (HKLM\…\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable — 10.0.40219 (HKLM\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 ru) (HKLM\…\Mozilla Firefox 47.0.2 (x86 ru)) (Version: 47.0.2 — Mozilla)
Mozilla Maintenance Service (HKLM\…\MozillaMaintenanceService) (Version: 43.0.1 — Mozilla)
‘MX vs ATV Reflex’ (Английская версия) (HKLM\…\’MX vs ATV Reflex’_is1) (Version: — )
Notepad++ (HKLM\…\Notepad++) (Version: 5.9.8 — )
NVIDIA Аудиодрайвер HD 1.2.23.3 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 — NVIDIA Corporation)
NVIDIA Графический драйвер 311.06 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 — NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 311.06 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 — NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 280.19 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 — NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.10.0514 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 — NVIDIA Corporation)
Opera Stable 45.0.2552.812 (HKLM\…\Opera 45.0.2552.812) (Version: 45.0.2552.812 — Opera Software)
PANTECH USB Modem V2 (HKLM\…\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.7000.720 — PANTECH CO.,LTD)
Piriform Utilities 11.10a (HKLM\…\Piriform Utilities_is1) (Version: 11.10a — © Habetdin)
PotPlayer (HKLM\…\PotPlayer) (Version: — Kakao Corp.)
Pro Evolution Soccer 2015 v1.01 (HKLM\…\Pro Evolution Soccer 2015_is1) (Version: 1.01 — Scorp1oN)
Realtek Ethernet Controller Driver (HKLM\…\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 — Realtek)
Realtek High Definition Audio Driver (HKLM\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 — Realtek Semiconductor Corp.)
Reg Organizer (HKLM\…\Reg Organizer 7.80 Final) (Version: — )
Skype™ 6.13 (HKLM\…\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.13.104 — Skype Technologies S.A.)
SopCast 3.5.0 (HKLM\…\SopCast) (Version: 3.5.0 — http://www.sopcast.com)
Spotflux Lite (HKLM\…\{8EE274DE-9B69-4731-BA45-8A245C58BF2A}) (Version: 0.0.7 — Spotflux)
The KMPlayer with LAV Filters (HKLM\…\{ACBA5A14-2D62-4820-8206-D768C74C1E10}_is1) (Version: — ©7sh3. [Сборка от 01.02.2012])
UltraISO (HKLM\…\UltraISO) (Version: — )
Unlocker 1.9.1 (HKLM\…\Unlocker) (Version: 1.9.1 — Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\…\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 — AVG Technologies CZ, s.r.o.)
VZAccess Manager (HKLM\…\{51051DC1-4D39-4702-B00F-11375FA9B146}) (Version: 7.3.15.0 — Smith Micro Software Inc.)
WinRAR 5.40 (32-разрядная) (HKLM\…\WinRAR archiver) (Version: 5.40.0 — win.rar GmbH)
WRC FIA World Rally Championship (HKLM\…\WRC FIA World Rally Championship_is1) (Version: — )
Обновления NVIDIA 1.11.3 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 — NVIDIA Corporation)
Панель управления NVIDIA 311.06 (Version: 311.06 — NVIDIA Corporation) Hidden
Языковой пакет клиентского профиля Microsoft.NET Framework 4 — RUS (HKLM\…\Microsoft .NET Framework 4 Client Profile RUS Language Pack) (Version: 4.0.30319 — Корпорация Майкрософт)
Языковой пакет расширенной версии Microsoft.NET Framework 4 — RUS (HKLM\…\Microsoft .NET Framework 4 Extended RUS Language Pack) (Version: 4.0.30319 — Корпорация Майкрософт)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {12CFA6B2-433B-4ECD-9572-EEA1ABDA5A43} — System32\Tasks\spotfluxupdater => C:\Program Files\Spotflux\Spotflux Lite\Spotflux Updates.exe [2013-12-27] (Spotflux)
Task: {20F0B909-6892-4785-AFFD-7B9BB23D036C} — System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-20] (Adobe Systems Incorporated)
Task: {39301CFF-5545-473A-A4A9-1D9BB7345FE4} — System32\Tasks\fornews2017comtgb => C:\Program Files\Opera\45.0.2552.812\opera.exe [2017-05-15] (Opera Software)
Task: {5406C43E-030D-4B7D-8418-EFF13699E465} — System32\Tasks\Opera scheduled Autoupdate 1495777003 => C:\Program Files\Opera\launcher.exe [2017-05-15] (Opera Software)
Task: {5822FB9A-3868-46E8-9D1A-3CE5FD18EE66} — System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-20] (Adobe Systems Incorporated)
Task: {8E256924-C43D-4DEC-BDBF-6EEB8C001AB3} — System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {AB825121-678B-4E72-A38C-99FB80424FCB} — System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} — System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {D281224E-A247-4976-8DCD-01E20A9D254B} — System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\spotfluxupdater.job => C:\Program Files\Spotflux\Spotflux Lite\Spotflux Updates.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Admin\Desktop\WRС FIА Wоrld Rаlly Сhаmpiоnship.lnk -> D:\WRC FIA World Rally Championship\Launcher.exe (Milestone S.r.l.) <===== Cyrillic
Shortcut: C:\Users\Admin\Desktop\Настройка.lnk -> D:\Pro Evolution Soccer 2015\Settings.exe (Konami Digital Entertainment Co., Ltd.) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIDA64\Запустить AIDA64.lnk -> C:\Program Files\AIDA64\aida64.exe (FinalWire Ltd.) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIDA64\Удалить AIDA64.lnk -> C:\Program Files\AIDA64\Uninstall.exe (FinalWire Ltd.) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr (2).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr (3).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr (4).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpеrа.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\FIFA 13.(Лаунчер).lnk -> C:\Program Files\FIFA 13.v 1.1.0.0\Game\fifasetup\fifaconfig.exe (Electronic Arts Canada) <===== Cyrillic
==================== Loaded Modules (Whitelisted) ==============
2013-01-17 15:32 — 2013-01-18 17:20 — 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-03-13 09:30 — 2010-07-05 00:32 — 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2017-05-26 08:36 — 2017-05-15 09:11 — 66244184 ____C () C:\Program Files\Opera\45.0.2552.812\opera_browser.dll
2017-05-26 08:36 — 2017-05-15 09:11 — 02926680 ____C () C:\Program Files\Opera\45.0.2552.812\libglesv2.dll
2017-05-26 08:36 — 2017-05-15 09:11 — 00088152 ____C () C:\Program Files\Opera\45.0.2552.812\libegl.dll
2017-05-20 14:50 — 2017-05-20 14:50 — 17779192 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer32_25_0_0_171.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => «»=»Service»
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => «»=»Service»
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-02-17 14:17 — 2017-03-17 11:22 — 00000054 _____ C:\Windows\system32\Drivers\etc\hosts==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2868414433-842378086-3155127884-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.41.60.9 — 193.41.63.180
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: RocketDock => «C:\Program Files\RocketDock\RocketDock,1.exe»
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{982B56AF-C7D9-4A25-BCC8-B814560B0201}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{3EFA4D50-BB8C-45B0-A0EA-29061BB62C62}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C52FDE8F-FD45-4542-9730-BDDA9339911A}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0308F827-346A-400A-B27D-012502431096}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2EB6E415-BA0D-47F1-B7C0-4277F0A90EE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{856B175F-405B-4A07-B742-D93AB5222858}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3C5D752C-4BD4-4151-AAD1-CF266332DBAE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{3BBE4FEF-EBC5-40C5-8F5A-574B13C7D0A9}D:\counter-strike 1.6 kiev classik 2009\hl.exe] => (Block) D:\counter-strike 1.6 kiev classik 2009\hl.exe
FirewallRules: [UDP Query User{C3C3500B-E783-40F0-886D-6DCB2C688E20}D:\counter-strike 1.6 kiev classik 2009\hl.exe] => (Block) D:\counter-strike 1.6 kiev classik 2009\hl.exe
FirewallRules: [TCP Query User{85FE6CB0-45E5-4F8C-B569-F173B7820F64}D:\fifa 12\game\fifa.exe] => (Allow) D:\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{08ADC498-1F0E-4C11-8390-6D255705F2EC}D:\fifa 12\game\fifa.exe] => (Allow) D:\fifa 12\game\fifa.exe
FirewallRules: [{0735AF6C-7B28-47E6-BA74-0A30C5AAF633}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1104CBB5-39BD-4C3F-8864-DE6F044ECC8A}D:\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{3FBF5C60-DFCA-489F-AFCF-E37E23CDDFEC}D:\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{DD03E788-AE86-4F33-99D6-A39729BF39A8}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{7AE4F786-60A2-43B9-AF0C-E9657A9E5C3D}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{C0BA6943-5142-4E7E-8797-73BD63F798EE}D:\counter-strike 1.6 kiev classik 2009\hl.exe] => (Block) D:\counter-strike 1.6 kiev classik 2009\hl.exe
FirewallRules: [UDP Query User{BB8C0403-49F5-47EB-BCD5-BC334F4E7E56}D:\counter-strike 1.6 kiev classik 2009\hl.exe] => (Block) D:\counter-strike 1.6 kiev classik 2009\hl.exe
FirewallRules: [TCP Query User{F40FCBEF-F322-4863-867A-0F9AA9E91EC6}E:\easysetupassistant\easysetupassistant.exe] => (Allow) E:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{BA899337-5CA4-4871-A992-A27697501E2A}E:\easysetupassistant\easysetupassistant.exe] => (Allow) E:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{AD0D866A-F826-4921-A871-74BABC336050}] => (Block) E:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{D5F978AD-D3F3-4E95-B0C2-BAFE8CE5EF09}] => (Block) E:\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{E992EE7A-5E19-471B-8604-019ECE0DB6CC}C:\program files\fifa 11\game\fifa.exe] => (Block) C:\program files\fifa 11\game\fifa.exe
FirewallRules: [UDP Query User{33FFBD3C-FA3D-444D-BD9D-856A8732AB50}C:\program files\fifa 11\game\fifa.exe] => (Block) C:\program files\fifa 11\game\fifa.exe
FirewallRules: [TCP Query User{D06AB9F4-9C5F-4EDA-89A5-4A03BEEEF081}D:\fifa 12\game\fifa.exe] => (Allow) D:\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{312ECCD0-5D0C-41D2-AE8F-4A70B0189BBE}D:\fifa 12\game\fifa.exe] => (Allow) D:\fifa 12\game\fifa.exe
FirewallRules: [{C4699758-05D8-4C4A-BCB7-502A6C15A34E}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{909B95FA-09DF-4C31-A7C3-902A8EE402AB}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{3A3F7D39-BB5B-405F-94CB-8FD15D3A3E77}C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe] => (Allow) C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe
FirewallRules: [UDP Query User{78D5E95B-BD9E-4E33-BD30-453D8102B79F}C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe] => (Allow) C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe
FirewallRules: [{6F690405-4A9A-48F0-8026-C1C89E3788E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4B9A990F-9DC6-4CB1-8D8F-CCADB3894E73}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF89AFF7-F379-4622-A6DA-DA895961EBEA}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{92AF449B-4BDD-4AF1-8208-32842A1CBB29}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{E0E33FB6-C869-44A4-ADCD-2A3DF582FB5B}C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe] => (Allow) C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe
FirewallRules: [UDP Query User{1DD89419-2C55-453D-99A7-63486F7AB3FF}C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe] => (Allow) C:\program files\fifa 13.v 1.1.0.0\game\fifa13.exe
FirewallRules: [{9EDF5C4D-D91C-4DFF-8279-49D077B9CAC6}] => (Allow) C:\Program Files\Opera\45.0.2552.812\opera.exe
==================== Restore Points =========================
28-05-2017 15:31:49 Запланированная контрольная точка
==================== Faulty Device Manager Devices =============
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2017 08:42:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/28/2017 09:15:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/28/2017 04:45:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/28/2017 11:43:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа opera.exe версии 45.0.2552.812 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.
ИД процесса: 704
Время запуска: 01d2d78ce1211ef2
Время завершения: 5
Путь приложения: C:\Program Files\Opera\45.0.2552.812\opera.exe
ИД отчета: b443d462-4381-11e7-8d4d-902b340db217
Error: (05/28/2017 11:27:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/28/2017 12:12:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: mbamservice.exe, версия: 3.1.0.479, отметка времени: 0x58f6aabc
Имя сбойного модуля: unknown, версия: 0.0.0.0, отметка времени 0x00000000
Код исключения: 0xc0000005
Смещение ошибки: 0x00650048
Идентификатор сбойного процесса: 0x740
Время запуска сбойного приложения: 0x01d2d72b654483f3
Путь сбойного приложения: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Путь сбойного модуля: unknown
Код отчета: 32cfa164-4321-11e7-aa11-902b340db217
Error: (05/27/2017 11:55:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/27/2017 11:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/27/2017 10:25:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/27/2017 07:16:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.System errors:
=============
Error: (05/29/2017 08:43:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «NVIDIA Update Service Daemon» из-за ошибки
Служба не запущена из-за ошибки входа в систему.
Error: (05/29/2017 08:43:06 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Службе «nvUpdatusService» не удалось войти в систему с именем «.\UpdatusUser» и текущим паролем, поскольку произошла ошибка:
Вход в систему не произведен: срок действия указанного пароля истек.Чтобы правильно настроить эту службу, используйте оснастку «Службы» в Консоли управления (MMC).
Error: (05/29/2017 08:41:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Сбой при загрузке драйвера(ов) перезагрузки или запуска системы:
sptd
Error: (05/29/2017 08:40:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «atksgt» из-за ошибки
Загрузка драйвера была заблокирована
Error: (05/29/2017 08:40:59 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Загрузка драйвера atksgt.sys заблокирована.
Error: (05/29/2017 08:40:43 AM) (Source: sptd) (EventID: 4) (User: )
Description: Обнаружена внутренняя ошибка в структуре данных драйвера для .
Error: (05/28/2017 09:16:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «NVIDIA Update Service Daemon» из-за ошибки
Служба не запущена из-за ошибки входа в систему.
Error: (05/28/2017 09:16:16 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Службе «nvUpdatusService» не удалось войти в систему с именем «.\UpdatusUser» и текущим паролем, поскольку произошла ошибка:
Вход в систему не произведен: срок действия указанного пароля истек.Чтобы правильно настроить эту службу, используйте оснастку «Службы» в Консоли управления (MMC).
Error: (05/28/2017 09:14:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Сбой при загрузке драйвера(ов) перезагрузки или запуска системы:
sptd
Error: (05/28/2017 09:14:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «atksgt» из-за ошибки
Загрузка драйвера была заблокированаCodeIntegrity:
===================================
Date: 2017-05-29 10:14:18.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-29 10:14:18.267
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-29 10:14:18.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-29 10:14:18.257
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-29 10:14:18.254
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-29 10:14:18.250
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-28 15:25:05.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-28 15:25:05.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-28 15:25:05.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-05-28 15:25:05.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3564.11 MB
Available physical RAM: 2132.58 MB
Total Virtual: 7126.5 MB
Available Virtual: 5166.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:79.98 GB) (Free:15.16 GB) NTFS
Drive d: () (Fixed) (Total:385.68 GB) (Free:351.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 20562739)
Partition 1: (Active) — (Size=100 MB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=80 GB) — (Type=07 NTFS)
Partition 3: (Not Active) — (Size=385.7 GB) — (Type=07 NTFS)
==================== End of Addition.txt ============================
Помогите пожалуйста удалить эту гадость.Жду ответа.SpyHunter деинсталлируйте.
ВНИМАНИЕ! Данный скрипт написан специально для этого пользователя, использование его на другом компьютере может привести к неработоспособности Windows!
Временно выгрузите антивирус, файрволл и прочее защитное ПО.
Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:CreateRestorePoint: CloseProcesses: Task: {39301CFF-5545-473A-A4A9-1D9BB7345FE4} - System32\Tasks\fornews2017comtgb => C:\Program Files\Opera\45.0.2552.812\opera.exe [2017-05-15] (Opera Software) EmptyTemp:Запустите FRST и нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
Обратите внимание, что компьютер будет перезагружен.Сегодня за день ни разу не открывалось окно с рекламой.Огромное вам спасибо.А в браузере гугл хром как решить такую же проблему?Только там трафик-медиа реклама, и тоже новая вкладка открывается.Я оперой стал пользоваться из-за того что в хроме с этой рекламой не мог справиться.Поможете с хромом?
Опера уже без всплывающей рекламы работает.Только после того как я сделал по вашей инструкции с программой FRST, включаю компьютер, захожу в опера, и ни одну страницу не могу открыть, приходиться повторно выходить из оперы чтобы открывались сайты.А в первый когда открываю опера, и пробую зайти на какой-то сайт, то бесконечно идёт загрузка.Странно.В хроме все расширения отключены.Я у вас один наверное такой проблемный.)
- Для ответа в этой теме необходимо авторизоваться.
