Игр106 спросил 8 лет назад
pluginplus.net/install.php постоянно всплывает сообщение KTS? , мешает работать. Все ваши рекомендации выполнил, не помогает.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Пользователь (administrator) on MEGA (18-10-2016 21:00:48)
Running from D:\Загрузки\FRST-OlderVersion
Loaded Profiles: Пользователь (Available Profiles: Пользователь)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.9.1.1192\service_update.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(© 2015 Microsoft Corporation) C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(BitTorrent Inc.) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Users\Пользователь\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1514528 2015-10-13] (NVIDIA Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\Run: [BingSvc] => C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\Run: [uTorrent] => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe [1142864 2014-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\Run: [GameCenterMailRu] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5545888 2016-10-15] (LLC Mail.Ru)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DA0DAD3F-8714-42B0-A948-7E419F26C095}: [DhcpNameServer] 192.168.0.1 Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=191&clid=2105524-500&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> 5AC25DAC72072DB8F69E28028DBA1BBC URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=191&clid=2105524-500&text={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: No Name -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox:
========
FF ProfilePath: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2016-10-18]FF user.js: detected! => C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-12-07]FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> yafd:tabs
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://go.mail.ru/distib/ep/?product_id={9F950E03-3A9D-43F5-A1C4-B18B137F4AA8}&gp=820333
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-06-23]FF Extension: (Поиск@Mail.Ru) - C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-06-23]FF Extension: (Visual Bookmarks) - C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru.xpi [2015-12-07] [not signed]FF Extension: (&Yandex Elements&) - C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru.xpi [2015-12-07]FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2015-12-26]FF Extension: (HTML5 location provider) - C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{B100D0FF-0001-8CE4-2790-AACE49B8AE35} [2015-02-08] [not signed]FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [not found]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-06-23]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-121647.xml [2015-01-05]FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16]FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [No File]FF Plugin-x32: @altergeo.ru/Html5loc -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll [No File]FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Пользователь\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-18] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011927263-3324289307-1760038168-1000: @mail.ru/GameCenter -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2016-09-24] (LLC Mail.Ru) Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> yandex.ru/?clid=2163430
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.8
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default [2016-10-18]CHR Extension: (Mail.Ru) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnphcmhmhcjjcjhmnnjjlbmaeljecga [2016-06-23]CHR Extension: (Яндекс) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdfomeimchipjggcigmbmeocjncbdgo [2016-09-15]CHR Extension: (Яндекс) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\laddjijkcfpakbbnnedbhnnciecidncp [2016-09-16]CHR Extension: (Стартовая — Яндекс) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfiodohdgaejjccfgfmmngggpplmhp [2016-09-28]CHR Extension: (Kaspersky Protection) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-30]CHR Extension: (Менеджер браузеров) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkbofmmnlpcojllljenlamflhidfkna [2015-10-24]CHR Extension: (Яндекс) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehapofakghljopfegjogpgpeljkhjjn [2016-09-28]CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]CHR Extension: (Визуальные закладки) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchfckkccldkbclgdepkaonamkignanh [2016-10-11]CHR Extension: (Chrome Media Router) - C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\...\Chrome\Extension: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.ru/?win=153&clid=1987499" ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-06-01] (Mail.Ru)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.9.1.1192\service_update.exe [869368 2016-09-20] (YANDEX LLC) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [77600 2014-03-26] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-02-13] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-09-06] (Highresolution Enterprises [www.highrez.co.uk])
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-16] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-10-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-06 00:36 - 2016-10-06 00:36 - 00001318 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2016-10-06 00:36 - 2016-10-06 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2016-09-29 16:57 - 2016-09-29 16:57 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-24 20:06 - 2016-09-24 20:06 - 00000000 ____D C:\Users\Пользователь\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru
2016-09-24 20:05 - 2016-09-24 20:05 - 00000000 ____D C:\Users\Пользователь\AppData\Local\Mail.Ru
2016-09-24 19:27 - 2016-09-24 19:27 - 00000000 ____D C:\Users\Все пользователи\Mail.Ru
2016-09-24 19:27 - 2016-09-24 19:27 - 00000000 ____D C:\ProgramData\Mail.Ru ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-18 21:01 - 2014-12-05 16:28 - 00000000 ____D C:\Users\Пользователь\AppData\Roaming\uTorrent
2016-10-18 21:00 - 2016-09-06 16:22 - 00000000 ____D C:\FRST
2016-10-18 20:28 - 2014-12-05 16:45 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-18 20:14 - 2016-07-02 03:37 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-18 19:25 - 2014-12-05 16:59 - 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab
2016-10-18 19:25 - 2014-12-05 16:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-18 19:24 - 2016-08-07 09:24 - 00000468 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job
2016-10-18 18:23 - 2016-07-02 03:37 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-18 16:24 - 2015-10-19 19:05 - 00000426 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job
2016-10-18 15:17 - 2015-10-19 19:05 - 00003424 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс
2016-10-18 12:08 - 2011-04-12 16:26 - 00736180 _____ C:\Windows\system32\perfh019.dat
2016-10-18 12:08 - 2011-04-12 16:26 - 00155888 _____ C:\Windows\system32\perfc019.dat
2016-10-18 12:08 - 2009-07-14 08:13 - 01682974 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-18 12:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-10-18 11:07 - 2009-07-14 07:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-18 11:07 - 2009-07-14 07:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-18 11:00 - 2016-08-07 09:24 - 00003560 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс
2016-10-18 11:00 - 2014-12-05 16:15 - 00000000 ____D C:\Users\Все пользователи\NVIDIA
2016-10-18 11:00 - 2014-12-05 16:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-18 11:00 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-15 22:12 - 2016-03-28 22:43 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-11 15:31 - 2014-12-05 16:45 - 00003834 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 15:31 - 2014-12-05 16:41 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-11 15:31 - 2014-12-05 16:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-11 15:31 - 2013-12-11 06:00 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-11 15:31 - 2013-12-11 06:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-09 20:10 - 2014-12-06 19:37 - 00000000 ____D C:\Users\Пользователь\AppData\Local\ElevatedDiagnostics
2016-10-07 22:20 - 2016-02-10 12:17 - 00000000 ___SD C:\Users\Пользователь\AppData\LocalLow\Temp
2016-10-07 22:20 - 2015-09-18 17:45 - 00000000 ____D C:\Users\Пользователь\AppData\LocalLow\uTorrent
2016-10-06 08:12 - 2016-05-24 18:53 - 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab Setup Files
2016-10-06 08:12 - 2016-05-24 18:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-10-06 00:36 - 2014-12-05 16:59 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-10-04 19:16 - 2016-07-06 19:24 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-04 19:16 - 2016-07-02 03:43 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-02 08:50 - 2015-01-05 12:26 - 00002532 _____ C:\Users\Пользователь\Desktop\Yandex.lnk
2016-10-02 08:50 - 2014-12-05 21:18 - 00000000 ____D C:\Users\Все пользователи\Yandex
2016-10-02 08:50 - 2014-12-05 21:18 - 00000000 ____D C:\ProgramData\Yandex
2016-10-01 19:59 - 2014-12-05 16:30 - 00000000 ____D C:\Users\Пользователь\AppData\Roaming\vlc
2016-09-29 17:13 - 2016-08-08 15:42 - 00000000 ____D C:\Program Files\Intel
2016-09-29 17:13 - 2016-08-08 15:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-09-29 17:11 - 2016-08-08 11:22 - 00000000 ____D C:\Users\Все пользователи\McAfee
2016-09-29 17:11 - 2016-08-08 11:22 - 00000000 ____D C:\ProgramData\McAfee
2016-09-29 17:04 - 2014-12-05 16:31 - 00000000 ____D C:\Users\Пользователь\AppData\Local\Adobe
2016-09-29 16:57 - 2014-12-05 16:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-09-26 18:38 - 2016-08-08 15:42 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-09-25 12:43 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-24 20:06 - 2016-07-05 20:51 - 00000406 _____ C:\Users\Пользователь\Desktop\Warface.url
2016-09-24 19:28 - 2016-06-23 20:45 - 00000258 __RSH C:\Users\Пользователь\ntuser.pol
2016-09-24 19:28 - 2014-12-05 16:03 - 00000000 ____D C:\Users\Пользователь
2016-09-24 19:25 - 2016-08-29 20:27 - 00000000 ____D C:\AdwCleaner
2016-09-24 19:20 - 2016-06-23 20:45 - 00001506 __RSH C:\Users\Все пользователи\ntuser.pol
2016-09-24 19:20 - 2016-06-23 20:45 - 00001506 __RSH C:\ProgramData\ntuser.pol ==================== Files in the root of some directories ======= 2014-12-05 16:11 - 2014-12-05 16:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-29 20:39 - 2016-08-29 20:39 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2015-09-11 21:24 - 2015-09-11 21:24 - 0000016 _____ () C:\ProgramData\mntemp
2015-09-11 21:24 - 2015-09-11 21:24 - 0004105 _____ () C:\ProgramData\wmzddnmb.cix Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat
Some files in TEMP:
====================
C:\Users\Пользователь\AppData\Local\Temp\downloader_upd.exe
C:\Users\Пользователь\AppData\Local\Temp\libeay32.dll
C:\Users\Пользователь\AppData\Local\Temp\msvcr120.dll
C:\Users\Пользователь\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\Пользователь\AppData\Local\Temp\sqlite3.dll
C:\Users\Пользователь\AppData\Local\Temp\yupdate-exec-yabrowser.exe
==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-15 14:13 ==================== End of FRST.txt ============================ dditional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Пользователь (18-10-2016 21:01:35)
Running from D:\Загрузки\FRST-OlderVersion
Windows 7 Ultimate Service Pack 1 (X64) (2014-12-05 13:03:36)
Boot Mode: Normal
==========================================================
==================== Accounts: ============================= ASPNET (S-1-5-21-4011927263-3324289307-1760038168-1002 - Limited - Enabled)
Администратор (S-1-5-21-4011927263-3324289307-1760038168-500 - Administrator - Disabled)
Гость (S-1-5-21-4011927263-3324289307-1760038168-501 - Limited - Disabled)
Пользователь (S-1-5-21-4011927263-3324289307-1760038168-1000 - Administrator - Enabled) => C:\Users\Пользователь ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\uTorrent) (Version: 3.3.2.30416 - BitTorrent Inc.)
ABBYY FineReader 11 Corporate Edition (HKLM-x32\...\{F1100000-0007-0000-0000-074957833700}) (Version: 11.0.289 - ABBYY)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.0.7.148 - Adobe Systems, Inc.)
Adobe Update version 1.0 (HKLM-x32\...\{A676F2B7-54DE-49B0-A2F0-6DB40CC85984}_is1) (Version: 1.0 - Adobe System Incorporated)
AIMP v2.61 Build 583 (HKLM-x32\...\AIMP2_is1) (Version: v2.61 Build 583 - © Habetdin)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
DAEMON Tools Pro 5.3.0.0359 (HKLM\...\DAEMON Tools Pro_is1) (Version: 5.3.0.0359 - l-rePack®)
FastStone Image Viewer (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Foxit Reader 6.0.3.524 (HKLM\...\Foxit Reader) (Version: v 6.0.3.524 - oszone.net)
Google Chrome (HKLM-x32\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 53.0.2785.143 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Html5 geolocation provider (HKLM-x32\...\{D492942E-9368-48D9-BB8B-68E8E4CE2D43}) (Version: 3.8.0.912 - AlterGeo)
ICE Book Reader Professional (HKLM-x32\...\ICE Book Reader Professional) (Version: 9.1.0 - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.5.485 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Лаборатория Касперского)
Kaspersky Total Security (x32 Version: 16.0.1.445 - Лаборатория Касперского) Hidden
K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Light Alloy 4.7.6.799 (HKLM-x32\...\Light Alloy) (Version: 4.7.6.799 - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Service Pack 1 (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Service Pack 1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Стандартный 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
MPC-HC 1.7.1.158 (HKLM-x32\...\MPC HomeCinema_is1) (Version: 1.7.1.158 - MPC-HC Team)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
Nero Burning ROM (HKLM-x32\...\Nero Burning ROM) (Version: - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{1B9B5B3B-28E7-4E59-A80D-D670AA984514}) (Version: 7.1.29.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.51.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.51.0 - Nokia) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Графический драйвер 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OSCAR Editor (HKLM-x32\...\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 - A4TECH)
OSCAR Editor (x32 Version: 12.03.0004 - A4TECH) Hidden
PC Connectivity Solution (HKLM-x32\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PCRADIO 4.0.5 (HKLM-x32\...\PCRadio_is1) (Version: - pcradio)
RadioSure (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\RadioSure) (Version: - )
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.2.13009.198 - raidcall.com.ru)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7348 - Realtek Semiconductor Corp.)
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.35 - www.SamLab.ws)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
STDU Viewer Utilities 1.6.160.0 (HKLM\...\STDU Viewer Utilities) (Version: v 1.6.160.0 - liben, oszone.net)
Total Commander 8.01 PowerPack (HKLM-x32\...\Total Commander) (Version: - )
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Warface (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\Warface) (Version: 1.169 - Mail.Ru)
WarfaceLoader, версия 1.8 (HKLM-x32\...\{6860B37E-5EF3-4F62-B496-A4278EFCCAFB}_is1) (Version: 1.8 - )
WarfacePts (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\WarfacePts) (Version: 1.63 - Mail.Ru)
WinRAR 5.01 (64-разрядная) (HKLM\...\WinRAR Archiver) (Version: 5.0.1.0 - win.rar GmbH)
Yandex (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\YandexBrowser) (Version: 16.9.1.1192 - ООО «ЯНДЕКС»)
Игровой центр (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\...\GameCenterMailRu) (Version: 3.1231 - ООО "Мэйл.Ру Геймз")
Менеджер браузеров (x32 Version: 2.3.0.619 - Яндекс) Hidden
Обновления NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Пакет драйверов Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Панель управления NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden
Поддержка программ Apple (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06059F3E-F600-4E51-8601-5F7079401E82} - System32\Tasks\AlterGeoUpdater-S-1-5-18 => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
Task: {0DCF57B9-5605-498E-864B-6C306B636814} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {19DAFFDD-3AE4-4558-878F-AF9E44474BA6} - System32\Tasks\System_service => c:\Temp\System32\start.vbs [2016-06-17] () <==== ATTENTION
Task: {1FBF7811-A10C-4DB1-96D7-09C4F4559D75} - System32\Tasks\MailRuUpdater => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
Task: {3D55FF49-A1D9-40A2-91C3-903143EAE499} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: {667EB224-3007-4B57-8F2A-4CC88C5469D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated)
Task: {81614080-0BE1-45BD-841B-B146F1E32129} - System32\Tasks\MailRuUpdateTask => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
Task: {84EFF3AC-F754-470F-BA6C-338B159C0A66} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-09-20] (YANDEX LLC)
Task: {90A640AB-79DF-45B7-9D55-5DB477DB210D} - System32\Tasks\{657A95D2-9512-4C42-BA97-ACDCF908E79B} => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe [2014-12-05] (BitTorrent Inc.)
Task: {915FFD99-99FD-45C9-9B9B-9E822339E04C} - System32\Tasks\System_update => c:\Temp\System32\start.vbs [2016-06-17] () <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {C047E1C5-F836-427B-B9AD-6E8BC865DBF3} - System32\Tasks\{E345F56A-8DA5-431F-AE11-9F0250CAC2ED} => c:\users\Пользователь\appdata\local\yandex\yandexbrowser\application\browser.exe [2016-09-20] (YANDEX LLC)
Task: {C7D0241A-A431-4400-9CD3-27B3EDDFDDEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {CC4A08C2-9821-4CB7-BE30-2221A89E37E8} - System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\16.9.1.1192\service_update.exe [2016-09-20] (YANDEX LLC)
Task: {D2881EEE-2785-40C9-8C92-C0D58ED88C83} - System32\Tasks\{DE39EEB2-5CA9-4B0D-B9C6-9AA8C9A333FE} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.66.105&LastError=404
Task: {DD598093-7C12-40B4-A3B3-7CA598ED5F92} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Обновление Браузера Яндекс.job => C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\Windows\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\16.9.1.1192\service_update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Пользователь\Links\Яндекс.Диск.lnk -> C:\Users\Пользователь\YandexDisk (No File) <===== Cyrillic
Shortcut: C:\Users\Пользователь\Downloads\Локальный диск (C) - Ярлык.lnk -> C:\ () <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\Data (D) - Ярлык.lnk -> D:\ () <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\Игровой центр Mail.Ru.lnk -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\Игровой центр@Mail.Ru.lnk -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\СП\Новая папка\MyDocs\Рабочий стол\Загрузки готовые.lnk -> D:\Загрузки готовые () <===== Cyrillic
Shortcut: C:\Users\Пользователь\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru\Игровой центр Mail.Ru\Игровой центр Mail.Ru.lnk -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <===== Cyrillic ShortcutWithArgument: C:\Users\Пользователь\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс\Менеджер браузеров\Менеджер браузеров.lnk -> C:\Users\Пользователь\AppData\Local\Yandex\BrowserManager\BrowserManager.exe (Yandex LLC) -> /gui <===== Cyrillic
ShortcutWithArgument: C:\Users\Public\Desktop\Безопасные платежи.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe (AO Kaspersky Lab) -> -safebanking <===== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2014-12-05 16:15 - 2015-10-13 20:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 22:42 - 2016-07-13 22:42 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1049.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll
2016-09-24 20:05 - 2016-09-24 20:05 - 00144896 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\zlib1.dll
2016-09-24 20:05 - 2016-09-24 20:05 - 00076192 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\pxd.dll
2016-09-24 20:05 - 2016-09-24 20:05 - 00186272 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\LightUpdate.dll
2016-09-24 20:05 - 2016-09-24 20:05 - 02318240 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\BigUp2.dll
2016-05-23 21:36 - 2016-05-23 21:36 - 48962048 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\Chrome\3.2623.1401\libcef.dll
2016-07-15 12:06 - 2016-07-15 12:06 - 00434128 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ipm_service.dll
2016-10-02 08:50 - 2016-09-20 18:33 - 01772536 _____ () C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\16.9.1.1192\libglesv2.dll
2016-10-02 08:50 - 2016-09-20 18:33 - 00094712 _____ () C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\16.9.1.1192\libegl.dll
2016-10-04 19:16 - 2016-09-25 06:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-04 19:16 - 2016-09-25 06:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2016-08-08 13:16 - 00001489 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 activate-sea.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Пользователь\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: kpm.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe -autoStart
MSCONFIG\startupreg: MAgent => C:\Program Files (x86)\Mail.RU\Agent\magent.exe -LM
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A1F3B7EE-8715-4C64-B703-5DC331EB8F48}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{0A394DB3-8962-465C-8DBA-AB82B38C9E9C}] => (Allow) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52BCE2FD-8C74-4D8F-8476-490A76518AD6}] => (Allow) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E4BAF62-627C-4ADF-8E60-DBEB00EB7765}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D727E8E3-0FFC-4A2D-BB34-12F0AD9A6EB7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{83643B78-9527-4B48-B782-8EAAD0DDAF04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8E9B5C64-C5B8-4DC1-9394-71B4E31E91F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F6E781C2-56C5-40B6-8057-5F3800CC8F98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B447E5FD-F807-44CB-AE87-F41968730218}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA3094D4-8827-4E5E-BB1C-A7659D591847}] => (Allow) D:\Dima\Steam.exe
FirewallRules: [{A2C9501B-D1FB-4C23-A34E-FA5C91C75B4D}] => (Allow) D:\Dima\Steam.exe
FirewallRules: [TCP Query User{09AE13C3-56F0-4600-B233-9E1C6C761D6D}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{8858EE3E-0176-4BA9-B9E6-656523FF6C4B}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{D245C3F5-BF9B-45A4-9DF3-D2EFB2D2905C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{22068047-0794-4F80-8D69-561C3C8848A5}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{8BA1A968-FBE9-4ADE-81E7-484863CC2AD6}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{079DB4BC-E24D-4735-83CA-933E18B2AB87}] => (Allow) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{D0587A84-B8B8-48C5-B452-E2610CF4F1A3}] => (Allow) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{5C32FC70-9E53-4350-B069-142EC66418EC}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EC61ECB2-15D0-4131-AB99-E4CD47468077}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E8555E1C-FD64-4FCE-8B06-1194979B02A9}] => (Allow) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{BA5B8BD5-2348-4505-94E7-31E99982C4D9}] => (Allow) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{5165D100-1D25-45F9-9166-6A29DDC25F00}] => (Allow) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{7EC9EBA5-EF4E-48CA-8341-076A3C6F2928}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: ========================= Application errors:
==================
Error: (10/18/2016 11:01:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/17/2016 04:09:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/17/2016 08:33:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/16/2016 10:30:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/15/2016 12:53:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/14/2016 09:36:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/13/2016 07:52:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/12/2016 11:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: GFExperience.exe, версия: 17.12.8.0, отметка времени: 0x54b8aef5
Имя сбойного модуля: KERNELBASE.dll, версия: 6.1.7601.18015, отметка времени 0x50b83c8a
Код исключения: 0xe0434352
Смещение ошибки: 0x0000c41f
Идентификатор сбойного процесса: 0x63c
Время запуска сбойного приложения: 0x01d224c3718e5024
Путь сбойного приложения: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
Путь сбойного модуля: C:\Windows\syswow64\KERNELBASE.dll
Код отчета: d3ef9fbb-90b6-11e6-8ebb-448a5b5cb823 Error: (10/12/2016 11:02:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GFExperience.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Collections.Generic.KeyNotFoundException
Stack:
at System.Reactive.Concurrency.AsyncLock.Wait(System.Action)
at System.Reactive.Concurrency.EventLoopScheduler+<>c__DisplayClass6`1[[System.Int64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<SchedulePeriodic>b__4(System.Reactive.Concurrency.IScheduler, System.Object)
at System.Reactive.Concurrency.ScheduledItem`2[[System.TimeSpan, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeCore()
at System.Reactive.Concurrency.EventLoopScheduler.Run()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart() Error: (10/12/2016 04:08:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (10/17/2016 04:08:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Регистрация сервера {995C996E-D918-4A8C-A302-45719A6F4EA7} DCOM не прошла за отведенное время ожидания. Error: (10/15/2016 02:12:21 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Теневая копия тома C: прервана, поскольку не удалось увеличить хранилище теневых копий из-за ограничения, установленного пользователем.
CodeIntegrity:
===================================
Date: 2016-07-30 08:42:17.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-30 08:42:17.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-30 08:41:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-30 08:41:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-30 08:41:56.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-30 08:41:56.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-30 08:41:55.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-30 08:41:55.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-05 21:33:59.014
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-05 21:33:58.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info =========================== Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 43%
Total physical RAM: 8191.18 MB
Available physical RAM: 4630.69 MB
Total Virtual: 20475.36 MB
Available Virtual: 16255.27 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:50.86 GB) (Free:14.04 GB) NTFS
Drive d: (Data) (Fixed) (Total:414.8 GB) (Free:202.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0420C600)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=414.8 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================
1 ответ
Admin Админ. ответил 8 лет назад
Пожалуйста создайте новую тему на форуме http://www.spyware-ru.com/forums/forum/lechim-kompyutery/udalenie-virusov-troyanov-spajvare/ . К вашему сообщению присоедините оба FRST лога.
Поможем удалить рекламный вирус, который пытается открыть страницу pluginplus.net/install.php
