Во время работы всплывает объявление КТS- опасный веб адрес

 в ходе работы всплывает нижеуказанное объявление
Kaspersky
Total Security
ДОСТУП ЗАПРЕЩЕН
Запрашиваемый веб-адрес не может быть предоставлен
Веб-адрес:
http://pluginplus.net/install.php
Заблокирован Веб-Антивирусом
Причина: опасный веб-адрес
Способ обнаружения: базы. как удалить эту веб- страницу?Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Пользователь (administrator) on MEGA (12-09-2016 19:10:45)
Running from D:\Загрузки
Loaded Profiles: Пользователь (Available Profiles: Пользователь)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kerish Products) C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(© 2015 Microsoft Corporation) C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(BitTorrent Inc.) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\Загрузки\FRST64 (3).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\…\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1514528 2015-10-13] (NVIDIA Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [BingSvc] => C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [uTorrent] => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe [1142864 2014-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [MailRuUpdater] => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe [5179608 2016-09-01] (Mail.Ru)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [GameCenterMailRu] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5485472 2016-09-09] (LLC Mail.Ru)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{DA0DAD3F-8714-42B0-A948-7E419F26C095}: [NameServer] 80.82.32.9,80.82.33.65
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=820323
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id={9D1D88C4-3D39-4459-96A6-A1B0BA8B2001}&gp=820333
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> 5AC25DAC72072DB8F69E28028DBA1BBC URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=191&clid=2105524-500&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id={9D1D88C4-3D39-4459-96A6-A1B0BA8B2001}&gp=820333
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\x64\ie_engine.dll [2015-12-11] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll [2014-09-24] (Altergeo)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\ie_engine.dll [2015-12-11] (AO Kaspersky Lab)
Toolbar: HKLM — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 — True Key — {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} — C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
Toolbar: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> No Name — {91397D20-1446-11D4-8AF4-0040CA1127B6} — No File
Handler: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: yafd:tabs
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: about:home
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id={9F950E03-3A9D-43F5-A1C4-B18B137F4AA8}&gp=820333
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [No File]FF Plugin-x32: @altergeo.ru/Html5loc -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll [2014-09-24] (Altergeo)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Пользователь\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-18] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011927263-3324289307-1760038168-1000: @mail.ru/GameCenter -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2016-08-22] (LLC Mail.Ru)
FF user.js: detected! => C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-12-07]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-06-23]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-121647.xml [2015-01-05]FF Extension: (&Yandex Elements&) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru.xpi [2015-12-07]FF Extension: (Visual Bookmarks) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\vb@yandex.ru.xpi [2015-12-07] [not signed]FF Extension: (HTML5 location provider) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{B100D0FF-0001-8CE4-2790-AACE49B8AE35} [2015-02-08] [not signed]FF Extension: (Визуальные закладки @Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2015-12-26]FF Extension: (No Name) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [not found]FF Extension: (Домашняя страница Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-06-23]FF Extension: (Поиск@Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-06-23]FF HKLM-x32\…\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16] Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> «hxxp://www.yandex.ru/?win=45&clid=1969031″,»hxxp://mail.yandex.ru/?win=50&clid=187997″,»hxxp://www.google.ru/»,»hxxp://mail.ru/cnt/10445?gp=820323″
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.8
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mail.Ru) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnphcmhmhcjjcjhmnnjjlbmaeljecga [2016-06-23]CHR Extension: (Домашняя страница Mail.Ru) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfjihahbphdpljpiadbkmgmhnfehhgi [2016-06-23]CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdfomeimchipjggcigmbmeocjncbdgo [2016-07-06]CHR Extension: (Стартовая — Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdkihdhlegcdggknokfekoemkjjnjhgi [2015-07-15]CHR Extension: (Стартовая — Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfiodohdgaejjccfgfmmngggpplmhp [2016-07-29]CHR Extension: (Kaspersky Protection) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-30]CHR Extension: (Менеджер браузеров) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkbofmmnlpcojllljenlamflhidfkna [2015-10-24]CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehapofakghljopfegjogpgpeljkhjjn [2016-08-21]CHR Extension: (Визуальные закладки) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2016-09-05]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]CHR Extension: (Визуальные закладки) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchfckkccldkbclgdepkaonamkignanh [2016-08-22]CHR Extension: (Chrome Media Router) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]CHR HKLM\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] — hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\…\Chrome\Extension: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [ehfjihahbphdpljpiadbkmgmhnfehhgi] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] — C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]CHR HKLM-x32\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
Opera:
=======
OPR StartupUrls: «hxxp://www.yandex.ru/?win=153&clid=1987499»
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel(R) Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-06-01] (Mail.Ru)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [922152 2016-08-25] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-25] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-25] (McAfee, Inc.)
R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [5179608 2016-09-01] (Mail.Ru)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe [768320 2016-08-08] (YANDEX LLC)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X] ===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [77600 2014-03-26] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-02-13] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-09-06] (Highresolution Enterprises [www.highrez.co.uk])
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-16] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-06 17:01 — 2016-09-06 17:01 — 00015008 _____ (Highresolution Enterprises [www.highrez.co.uk]) C:\Windows\system32\Drivers\inpoutx64.sys
2016-09-06 17:01 — 2016-09-06 17:01 — 00001172 _____ C:\Users\Public\Desktop\Kerish Doctor 2016.lnk
2016-09-06 17:01 — 2016-09-06 17:01 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerish Doctor
2016-09-06 17:01 — 2016-08-09 09:35 — 00059880 _____ (Kerish Products) C:\Windows\SysWOW64\GPUTemp.dll
2016-09-06 17:01 — 2011-01-20 01:07 — 00098304 _____ (Highresolution Enterprises) C:\Windows\SysWOW64\inpout32.dll
2016-09-06 16:22 — 2016-09-12 19:10 — 00000000 ____D C:\FRST
2016-09-03 22:47 — 2016-09-03 22:47 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-09-03 22:47 — 2016-09-03 22:47 — 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Users\Все пользователи\fontcacheev1.dat
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\ProgramData\fontcacheev1.dat
2016-08-29 20:27 — 2016-08-29 20:28 — 00000000 ____D C:\AdwCleaner
2016-08-22 21:42 — 2016-08-22 21:42 — 00001855 _____ C:\Users\Пользователь\Desktop\RCGamebox.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 19:09 — 2014-12-05 16:28 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\uTorrent
2016-09-12 19:05 — 2014-12-05 16:59 — 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab
2016-09-12 19:05 — 2014-12-05 16:59 — 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-12 18:56 — 2011-04-12 16:26 — 00736180 _____ C:\Windows\system32\perfh019.dat
2016-09-12 18:56 — 2011-04-12 16:26 — 00155888 _____ C:\Windows\system32\perfc019.dat
2016-09-12 18:56 — 2009-07-14 08:13 — 01682974 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-12 18:56 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\inf
2016-09-12 18:55 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-12 18:55 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-12 18:47 — 2016-08-07 09:24 — 00003562 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс
2016-09-12 18:47 — 2016-08-07 09:24 — 00000470 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job
2016-09-12 18:47 — 2016-07-02 03:37 — 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-12 18:47 — 2016-06-23 20:45 — 00001506 __RSH C:\Users\Все пользователи\ntuser.pol
2016-09-12 18:47 — 2016-06-23 20:45 — 00001506 __RSH C:\ProgramData\ntuser.pol
2016-09-12 18:47 — 2016-06-23 20:45 — 00000258 __RSH C:\Users\Пользователь\ntuser.pol
2016-09-12 18:47 — 2016-01-28 08:58 — 00003244 _____ C:\Windows\System32\Tasks\Kerish Doctor
2016-09-12 18:47 — 2015-10-19 19:05 — 00003424 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс
2016-09-12 18:47 — 2015-10-19 19:05 — 00000426 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job
2016-09-12 18:47 — 2014-12-05 16:15 — 00000000 ____D C:\Users\Все пользователи\NVIDIA
2016-09-12 18:47 — 2014-12-05 16:15 — 00000000 ____D C:\ProgramData\NVIDIA
2016-09-12 18:47 — 2014-12-05 16:03 — 00000000 ____D C:\Users\Пользователь
2016-09-12 18:47 — 2009-07-14 08:08 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-12 13:28 — 2014-12-05 16:45 — 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-12 13:14 — 2016-07-02 03:37 — 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-12 10:25 — 2015-09-18 17:45 — 00000000 ____D C:\Users\Пользователь\AppData\LocalLow\uTorrent
2016-09-11 08:16 — 2014-12-05 21:07 — 00000000 ____D C:\Program Files (x86)\Kerish Doctor
2016-09-10 23:12 — 2016-03-28 22:43 — 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-10 23:09 — 2014-12-05 17:02 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\Skype
2016-09-09 09:26 — 2016-07-06 19:24 — 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-09 09:26 — 2016-07-02 03:43 — 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-09 08:16 — 2016-08-08 15:42 — 00000000 ____D C:\Program Files (x86)\McAfee
2016-09-09 08:16 — 2016-08-08 11:22 — 00000000 ____D C:\Program Files\TrueKey
2016-09-08 21:14 — 2016-08-08 15:42 — 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-09-06 22:15 — 2014-12-06 19:37 — 00000000 ____D C:\Users\Пользователь\AppData\Local\ElevatedDiagnostics
2016-09-06 22:15 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\system32\NDF
2016-09-02 21:30 — 2016-02-10 12:17 — 00000000 ___SD C:\Users\Пользователь\AppData\LocalLow\Temp
2016-09-02 20:38 — 2016-02-24 17:55 — 00003114 _____ C:\Windows\System32\Tasks\MailRuUpdater
2016-09-02 20:38 — 2014-12-05 21:32 — 00000000 ____D C:\Users\Пользователь\AppData\Local\Mail.Ru
2016-08-31 12:16 — 2009-07-14 08:08 — 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-30 14:11 — 2014-12-05 16:43 — 00000000 ____D C:\Users\Все пользователи\Package Cache
2016-08-30 14:11 — 2014-12-05 16:43 — 00000000 ____D C:\ProgramData\Package Cache
2016-08-27 20:21 — 2016-01-11 10:04 — 00000000 ____D C:\Users\Пользователь\AppData\Local\NVIDIA Corporation
2016-08-21 17:44 — 2016-08-08 15:42 — 00000000 ____D C:\Users\Пользователь\AppData\Local\tkdata
2016-08-21 17:44 — 2014-12-05 16:33 — 00000000 ____D C:\Program Files\CCleaner
2016-08-16 12:51 — 2016-07-30 08:41 — 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-16 12:51 — 2016-04-29 00:09 — 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-16 12:51 — 2015-12-03 11:10 — 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-15 23:02 — 2015-01-05 12:26 — 00002532 _____ C:\Users\Пользователь\Desktop\Yandex.lnk
2016-08-14 23:15 — 2014-12-05 16:31 — 00000000 ____D C:\Users\Пользователь\AppData\Local\Adobe
==================== Files in the root of some directories =======
2014-12-05 16:11 — 2014-12-05 16:11 — 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-29 20:39 — 2016-08-29 20:39 — 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2015-09-11 21:24 — 2015-09-11 21:24 — 0000016 _____ () C:\ProgramData\mntemp
2015-09-11 21:24 — 2015-09-11 21:24 — 0004105 _____ () C:\ProgramData\wmzddnmb.cix
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat
Some files in TEMP:
====================
C:\Users\Пользователь\AppData\Local\Temp\downloader_upd.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-09 14:59
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Пользователь (administrator) on MEGA (12-09-2016 19:11:19)
Running from D:\Загрузки
Loaded Profiles: Пользователь (Available Profiles: Пользователь)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kerish Products) C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(© 2015 Microsoft Corporation) C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(BitTorrent Inc.) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\Загрузки\FRST64 (3).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\…\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1514528 2015-10-13] (NVIDIA Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [BingSvc] => C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [uTorrent] => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe [1142864 2014-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [MailRuUpdater] => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe [5179608 2016-09-01] (Mail.Ru)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [GameCenterMailRu] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5485472 2016-09-09] (LLC Mail.Ru)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{DA0DAD3F-8714-42B0-A948-7E419F26C095}: [NameServer] 80.82.32.9,80.82.33.65
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=820323
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id={9D1D88C4-3D39-4459-96A6-A1B0BA8B2001}&gp=820333
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> 5AC25DAC72072DB8F69E28028DBA1BBC URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=191&clid=2105524-500&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id={9D1D88C4-3D39-4459-96A6-A1B0BA8B2001}&gp=820333
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\x64\ie_engine.dll [2015-12-11] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll [2014-09-24] (Altergeo)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\ie_engine.dll [2015-12-11] (AO Kaspersky Lab)
Toolbar: HKLM — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 — True Key — {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} — C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
Toolbar: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> No Name — {91397D20-1446-11D4-8AF4-0040CA1127B6} — No File
Handler: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: yafd:tabs
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: about:home
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id={9F950E03-3A9D-43F5-A1C4-B18B137F4AA8}&gp=820333
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [No File]FF Plugin-x32: @altergeo.ru/Html5loc -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll [2014-09-24] (Altergeo)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Пользователь\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-18] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011927263-3324289307-1760038168-1000: @mail.ru/GameCenter -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2016-08-22] (LLC Mail.Ru)
FF user.js: detected! => C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-12-07]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-06-23]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-121647.xml [2015-01-05]FF Extension: (&Yandex Elements&) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru.xpi [2015-12-07]FF Extension: (Visual Bookmarks) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\vb@yandex.ru.xpi [2015-12-07] [not signed]FF Extension: (HTML5 location provider) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{B100D0FF-0001-8CE4-2790-AACE49B8AE35} [2015-02-08] [not signed]FF Extension: (Визуальные закладки @Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2015-12-26]FF Extension: (No Name) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [not found]FF Extension: (Домашняя страница Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-06-23]FF Extension: (Поиск@Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-06-23]FF HKLM-x32\…\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16] Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> «hxxp://www.yandex.ru/?win=45&clid=1969031″,»hxxp://mail.yandex.ru/?win=50&clid=187997″,»hxxp://www.google.ru/»,»hxxp://mail.ru/cnt/10445?gp=820323″
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.8
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mail.Ru) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnphcmhmhcjjcjhmnnjjlbmaeljecga [2016-06-23]CHR Extension: (Домашняя страница Mail.Ru) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfjihahbphdpljpiadbkmgmhnfehhgi [2016-06-23]CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdfomeimchipjggcigmbmeocjncbdgo [2016-07-06]CHR Extension: (Стартовая — Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdkihdhlegcdggknokfekoemkjjnjhgi [2015-07-15]CHR Extension: (Стартовая — Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfiodohdgaejjccfgfmmngggpplmhp [2016-07-29]CHR Extension: (Kaspersky Protection) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-30]CHR Extension: (Менеджер браузеров) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkbofmmnlpcojllljenlamflhidfkna [2015-10-24]CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehapofakghljopfegjogpgpeljkhjjn [2016-08-21]CHR Extension: (Визуальные закладки) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2016-09-05]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]CHR Extension: (Визуальные закладки) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchfckkccldkbclgdepkaonamkignanh [2016-08-22]CHR Extension: (Chrome Media Router) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]CHR HKLM\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] — hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\…\Chrome\Extension: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [ehfjihahbphdpljpiadbkmgmhnfehhgi] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] — C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]CHR HKLM-x32\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
Opera:
=======
OPR StartupUrls: «hxxp://www.yandex.ru/?win=153&clid=1987499»
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel(R) Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-06-01] (Mail.Ru)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [922152 2016-08-25] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-25] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-25] (McAfee, Inc.)
R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [5179608 2016-09-01] (Mail.Ru)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe [768320 2016-08-08] (YANDEX LLC)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X] ===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [77600 2014-03-26] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-02-13] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-09-06] (Highresolution Enterprises [www.highrez.co.uk])
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-16] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-06 17:01 — 2016-09-06 17:01 — 00015008 _____ (Highresolution Enterprises [www.highrez.co.uk]) C:\Windows\system32\Drivers\inpoutx64.sys
2016-09-06 17:01 — 2016-09-06 17:01 — 00001172 _____ C:\Users\Public\Desktop\Kerish Doctor 2016.lnk
2016-09-06 17:01 — 2016-09-06 17:01 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerish Doctor
2016-09-06 17:01 — 2016-08-09 09:35 — 00059880 _____ (Kerish Products) C:\Windows\SysWOW64\GPUTemp.dll
2016-09-06 17:01 — 2011-01-20 01:07 — 00098304 _____ (Highresolution Enterprises) C:\Windows\SysWOW64\inpout32.dll
2016-09-06 16:22 — 2016-09-12 19:11 — 00000000 ____D C:\FRST
2016-09-03 22:47 — 2016-09-03 22:47 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-09-03 22:47 — 2016-09-03 22:47 — 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Users\Все пользователи\fontcacheev1.dat
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\ProgramData\fontcacheev1.dat
2016-08-29 20:27 — 2016-08-29 20:28 — 00000000 ____D C:\AdwCleaner
2016-08-22 21:42 — 2016-08-22 21:42 — 00001855 _____ C:\Users\Пользователь\Desktop\RCGamebox.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 19:11 — 2014-12-05 16:28 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\uTorrent
2016-09-12 19:05 — 2014-12-05 16:59 — 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab
2016-09-12 19:05 — 2014-12-05 16:59 — 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-12 18:56 — 2011-04-12 16:26 — 00736180 _____ C:\Windows\system32\perfh019.dat
2016-09-12 18:56 — 2011-04-12 16:26 — 00155888 _____ C:\Windows\system32\perfc019.dat
2016-09-12 18:56 — 2009-07-14 08:13 — 01682974 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-12 18:56 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\inf
2016-09-12 18:55 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-12 18:55 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-12 18:47 — 2016-08-07 09:24 — 00003562 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс
2016-09-12 18:47 — 2016-08-07 09:24 — 00000470 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job
2016-09-12 18:47 — 2016-07-02 03:37 — 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-12 18:47 — 2016-06-23 20:45 — 00001506 __RSH C:\Users\Все пользователи\ntuser.pol
2016-09-12 18:47 — 2016-06-23 20:45 — 00001506 __RSH C:\ProgramData\ntuser.pol
2016-09-12 18:47 — 2016-06-23 20:45 — 00000258 __RSH C:\Users\Пользователь\ntuser.pol
2016-09-12 18:47 — 2016-01-28 08:58 — 00003244 _____ C:\Windows\System32\Tasks\Kerish Doctor
2016-09-12 18:47 — 2015-10-19 19:05 — 00003424 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс
2016-09-12 18:47 — 2015-10-19 19:05 — 00000426 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job
2016-09-12 18:47 — 2014-12-05 16:15 — 00000000 ____D C:\Users\Все пользователи\NVIDIA
2016-09-12 18:47 — 2014-12-05 16:15 — 00000000 ____D C:\ProgramData\NVIDIA
2016-09-12 18:47 — 2014-12-05 16:03 — 00000000 ____D C:\Users\Пользователь
2016-09-12 18:47 — 2009-07-14 08:08 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-12 13:28 — 2014-12-05 16:45 — 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-12 13:14 — 2016-07-02 03:37 — 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-12 10:25 — 2015-09-18 17:45 — 00000000 ____D C:\Users\Пользователь\AppData\LocalLow\uTorrent
2016-09-11 08:16 — 2014-12-05 21:07 — 00000000 ____D C:\Program Files (x86)\Kerish Doctor
2016-09-10 23:12 — 2016-03-28 22:43 — 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-10 23:09 — 2014-12-05 17:02 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\Skype
2016-09-09 09:26 — 2016-07-06 19:24 — 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-09 09:26 — 2016-07-02 03:43 — 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-09 08:16 — 2016-08-08 15:42 — 00000000 ____D C:\Program Files (x86)\McAfee
2016-09-09 08:16 — 2016-08-08 11:22 — 00000000 ____D C:\Program Files\TrueKey
2016-09-08 21:14 — 2016-08-08 15:42 — 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-09-06 22:15 — 2014-12-06 19:37 — 00000000 ____D C:\Users\Пользователь\AppData\Local\ElevatedDiagnostics
2016-09-06 22:15 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\system32\NDF
2016-09-02 21:30 — 2016-02-10 12:17 — 00000000 ___SD C:\Users\Пользователь\AppData\LocalLow\Temp
2016-09-02 20:38 — 2016-02-24 17:55 — 00003114 _____ C:\Windows\System32\Tasks\MailRuUpdater
2016-09-02 20:38 — 2014-12-05 21:32 — 00000000 ____D C:\Users\Пользователь\AppData\Local\Mail.Ru
2016-08-31 12:16 — 2009-07-14 08:08 — 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-30 14:11 — 2014-12-05 16:43 — 00000000 ____D C:\Users\Все пользователи\Package Cache
2016-08-30 14:11 — 2014-12-05 16:43 — 00000000 ____D C:\ProgramData\Package Cache
2016-08-27 20:21 — 2016-01-11 10:04 — 00000000 ____D C:\Users\Пользователь\AppData\Local\NVIDIA Corporation
2016-08-21 17:44 — 2016-08-08 15:42 — 00000000 ____D C:\Users\Пользователь\AppData\Local\tkdata
2016-08-21 17:44 — 2014-12-05 16:33 — 00000000 ____D C:\Program Files\CCleaner
2016-08-16 12:51 — 2016-07-30 08:41 — 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-16 12:51 — 2016-04-29 00:09 — 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-16 12:51 — 2015-12-03 11:10 — 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-15 23:02 — 2015-01-05 12:26 — 00002532 _____ C:\Users\Пользователь\Desktop\Yandex.lnk
2016-08-14 23:15 — 2014-12-05 16:31 — 00000000 ____D C:\Users\Пользователь\AppData\Local\Adobe
==================== Files in the root of some directories =======
2014-12-05 16:11 — 2014-12-05 16:11 — 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-29 20:39 — 2016-08-29 20:39 — 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2015-09-11 21:24 — 2015-09-11 21:24 — 0000016 _____ () C:\ProgramData\mntemp
2015-09-11 21:24 — 2015-09-11 21:24 — 0004105 _____ () C:\ProgramData\wmzddnmb.cix
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat
Some files in TEMP:
====================
C:\Users\Пользователь\AppData\Local\Temp\downloader_upd.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-09 14:59
==================== End of FRST.txt ============================
Addition.txt не показывает.