Re: Re: Блочит сайты и игры

8 марта, 2016 в 8:48 дп #32774

Participant

Темы:1
Сообщений:12

☆

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Юра (administrator) on ЮРА-ПК (08-03-2016 10:44:25)
Running from C:UsersЮраDesktop
Loaded Profiles: Юра (Available Profiles: Юра)
Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) Language: Русский (Россия)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forums/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program FilesNVIDIA Corporation3D VisionnvSCPAPISvr.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(Innova Co S.a r.l.) C:Program Files4game3.5.8.1804game-service.exe
(Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avp.exe
(Microsoft Corporation) C:Program FilesMicrosoft Office 15ClientX86officeclicktorun.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe
(Pandora.TV) C:Program FilesPANDORA.TVPanServiceKMPService.exe
(PandoraTV) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
(Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avpui.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationUpdate CoreNvBackend.exe
(BioWare) D:OldGAMESStar Wars-The Old Republiclauncher.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: G — G:setup.exe
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: {d414f997-050c-11e3-a5d6-001cc079f9a0} — F:setup.exe
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: {d414f9b0-050c-11e3-a5d6-001cc079f9a0} — H:setup.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
CHR HKUS-1-5-21-2060737710-1981992819-119070258-1000SOFTWAREPoliciesGoogle: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) TcpipParameters: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{2819289A-8805-4D65-9465-A3277B00F999}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
HKUS-1-5-21-2060737710-1981992819-119070258-1000SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
HKUS-1-5-21-2060737710-1981992819-119070258-1000SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
URLSearchHook: [S-1-5-21-2060737710-1981992819-119070258-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> DefaultScope {0DBC05A7-B305-443E-AD9D-11984F226399} URL = hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k={searchTerms}
SearchScopes: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> {0DBC05A7-B305-443E-AD9D-11984F226399} URL = hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k={searchTerms}
SearchScopes: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> {96C61647-90DD-4B4C-A20D-8159B39342FA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft Office 15rootOffice15OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtContentBlockerie_content_blocker_plugin.dll [2014-12-14] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:OldGAMESArcPluginsArcPluginIE.dll [2016-02-24] (Perfect World Entertainment Inc)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtOnlineBankingonline_banking_bho.dll [2014-12-14] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft Office 15rootOffice15URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtUrlAdvisorklwtbbho.dll [2014-12-14] (Kaspersky Lab ZAO)
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name — {4B4D5056-3700-A76A-76A7-7A786E7484D7} — No File
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name — {1C4D6E93-BFFF-496C-887D-FD3223999279} — No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf — {D924BDC6-C83A-4BD5-90D0-095128A113D1} — C:Program FilesMicrosoft Office 15rootOffice15MSOSB.DLL [2015-06-06] (Microsoft Corporation)
Handler: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program FilesCommon FilesSkypeSkype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.default
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k=
FF DefaultSearchEngine: eShield Safe Web
FF Homepage: hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
FF NewTab: hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
FF Plugin: @4game.com/plugin -> C:Program Files4game3.5.8.180npplugin4game.dll [2015-12-25] (Innova Co S.a r.l.)
FF Plugin: @adobe.com/FlashPlayer -> D:OldGAMESArcpluginsNPSWF32.dll [2016-02-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft Office 15rootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~1MICROS~3Office14NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft Office 15rootOffice15NPSPWRAP.DLL [2015-06-06] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:Program FilesNVIDIA Corporation3D Visionnpnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:Program FilesNVIDIA Corporation3D Visionnpnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:OldGAMESArcPluginsnpArcPluginFF.dll [2016-02-24] (Perfect World Entertainment Inc)
FF Plugin: @raidcall.en/RCplugin -> C:UsersЮраAppDataRoamingraidcallpluginsnprcplugin.dll [2014-03-04] (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:Program FilesGoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:Program FilesGoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-2060737710-1981992819-119070258-1000: @mail.ru/GameCenter -> C:UsersЮраAppDataLocalMail.RuGameCenterNPDetector.dll [2015-12-21] (LLC Mail.Ru)
FF user.js: detected! => C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultuser.js [2015-12-18]
FF Extension: eShield — C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultExtensionstoolbar11467@eshield.com.xpi [2015-12-18] [not signed]
FF HKLM…FirefoxExtensions: [url_advisor@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExturl_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExturl_advisor@kaspersky.com [2014-12-19] [not signed]
FF HKLM…FirefoxExtensions: [virtual_keyboard@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtvirtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtvirtual_keyboard@kaspersky.com [2014-12-19] [not signed]
FF HKLM…FirefoxExtensions: [content_blocker@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtcontent_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtcontent_blocker@kaspersky.com [2014-12-19] [not signed]

Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn10
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:UsersЮраAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (Google Презентации) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2016-03-07]
CHR Extension: (Документы Google) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2016-03-07]
CHR Extension: (Диск Google) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2016-03-07]
CHR Extension: (Kaspersky Protection) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsblbkdnmdcafmfhinpmnlhhddbepgkeaa [2016-03-07]
CHR Extension: (YouTube) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-07]
CHR Extension: (Модуль проверки ссылок) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsdchlnpcodkpfdpacogkljefecpegganj [2016-03-07]
CHR Extension: (eShield) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsdkmjljdbbgogihjcapfhgkonfmccbffp [2016-03-07]
CHR Extension: (Google Таблицы) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2016-03-07]
CHR Extension: (Google Документы офлайн) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-07]
CHR Extension: (Модуль блокирования опасных веб-сайтов) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionshghkgaeecgjhjkannahfamoehjmkjail [2016-03-07]
CHR Extension: (Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsilamgbdaebkbpkkmfmmfbnaamkhijdek [2016-03-07]
CHR Extension: (Платежная система Интернет-магазина Chrome) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2016-03-07]
CHR Extension: (Домашняя страница Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsofdgafmdegfkhfdfkmllfefmcmcjllec [2016-03-07]
CHR Extension: (Gmail) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2016-03-07]
CHR Extension: (Визуальные Закладки Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionspnooffjhclkocplopffdbcdghmiffhji [2016-03-07]
CHR HKLM…ChromeExtension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] — hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM…ChromeExtension: [dchlnpcodkpfdpacogkljefecpegganj] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExturladvisor.crx [2013-10-11]
CHR HKLM…ChromeExtension: [dkmjljdbbgogihjcapfhgkonfmccbffp] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [hghkgaeecgjhjkannahfamoehjmkjail] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExtcontent_blocker_chrome.crx [2013-10-11]
CHR HKLM…ChromeExtension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [jagncdcchgajhfhijbbhecadmaiegcmh] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExtvirtkbd.crx [2014-12-19]
CHR HKLM…ChromeExtension: [mfmjpfoggikolkfilofbpgcnhdcgahib] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pfjgibhmcgncmjhdodpaolfbjpjjajal] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pgaidlfgjkmeendhknafahppllbniejm] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pnooffjhclkocplopffdbcdghmiffhji] — hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: «hxxp://mail.ru/cnt/10445»
OPR Session Restore: -> is enabled.

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 4game-service; C:Program Files4game3.5.8.1804game-service.exe [1561312 2015-12-25] (Innova Co S.a r.l.)
S3 appdrvrem01; C:WindowsSystem32appdrvrem01.exe [316816 2014-08-21] (Protection Technology)
S3 ArcService; D:OldGAMESArcArcService.exe [88024 2016-02-24] (Perfect World Entertainment Inc)
R2 AVP; C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avp.exe [214512 2013-10-11] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:Program FilesMicrosoft Office 15ClientX86OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S3 defragsvc; C:WindowsSystem32defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)
S3 GfExperienceService; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [921208 2015-08-27] (NVIDIA Corporation)
R2 NvNetworkService; C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
S3 NvStreamSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [4305016 2015-08-27] (NVIDIA Corporation)
R2 PanService; C:Program FilesPANDORA.TVPanServiceKMPService.exe [1922600 2013-07-08] (Pandora.TV)
S2 pr2ajtsc; C:Windowssystem32pr2ajtsc.exe [411000 2008-03-07] (1C: Multimedia)
R2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:WindowsSystem32wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appdrv01; C:WindowsSystem32Driversappdrv01.sys [3110512 2014-08-21] (Protection Technology)
S3 hamachi; C:WindowsSystem32DRIVERShamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 inpout32; C:WindowsSystem32Driversinpout32.sys [11936 2016-02-03] (Highresolution Enterprises [www.highrez.co.uk])
R1 ISODrive; C:Program FilesUltraISOdriversISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R0 kl1; C:WindowsSystem32DRIVERSkl1.sys [135776 2014-12-14] (Kaspersky Lab ZAO)
S4 klflt; C:WindowsSystem32DRIVERSklflt.sys [94304 2014-12-14] (Kaspersky Lab ZAO)
R1 KLIF; C:WindowsSystem32DRIVERSklif.sys [576608 2014-12-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:WindowsSystem32DRIVERSklim6.sys [25696 2013-10-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:WindowsSystem32DRIVERSklkbdflt.sys [25184 2014-12-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:WindowsSystem32DRIVERSklmouflt.sys [25696 2013-10-11] (Kaspersky Lab ZAO)
R1 klpd; C:WindowsSystem32DRIVERSklpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:WindowsSystem32DRIVERSkltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:WindowsSystem32DRIVERSkneps.sys [144992 2014-12-14] (Kaspersky Lab ZAO)
R0 mountmgr; C:WindowsSystem32driversmountmgr.sys [78208 2010-11-20] (Корпорация Майкрософт)
S3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [18552 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:WindowsSystem32driversnvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
R0 pe3ajtsc; C:WindowsSystem32driverspe3ajtsc.sys [64640 2008-03-07] (1C: Multimedia)
R3 phaudlwr; C:WindowsSystem32DRIVERSphaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
R0 ps7ajtsc; C:WindowsSystem32driversps7ajtsc.sys [68744 2008-03-07] (1C: Multimedia)
S1 qutmipc; C:Windowssystem32driversqutmipc.sys [53960 2015-09-06] (360.cn)
R3 SPC520; C:WindowsSystem32driversSPC520.sys [483328 2007-10-01] (Philips )
R3 SPC520m; C:WindowsSystem32driversSPC520m.sys [7680 2007-10-01] (Philips )
S3 ssudserd; C:WindowsSystem32DRIVERSssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
R0 volmgrx; C:WindowsSystem32driversvolmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)
S3 BRDriver_1_3_3_E02B25FC; ??C:ProgramDataBitRaidersupport1.3.3E02B25FCBRDriver.sys [X]
S3 cpuz134; ??C:Users6EDA~1AppDataLocalTempcpuz134cpuz134_x32.sys [X]
S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [X]
S3 npkcrypt; ??D:OldGAMESЛ2 Интераsystemnpkcrypt.sys [X]
S3 npkcusb; ??D:OldGAMESЛ2 Интераsystemnpkcusb.sys [X]
S3 Synth3dVsc; System32driverssynth3dvsc.sys [X]
S3 tsusbhub; system32driverstsusbhub.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 10:44 — 2016-03-08 10:44 — 00020800 _____ C:UsersЮраDesktopFRST.txt
2016-03-08 10:44 — 2016-03-08 10:44 — 00000000 ____D C:FRST
2016-03-08 10:43 — 2016-03-08 10:43 — 01725440 _____ (Farbar) C:UsersЮраDesktopFRST.exe
2016-03-07 19:30 — 2016-03-07 19:35 — 00000000 ____D C:UsersВсе пользователиBitRaider
2016-03-07 19:30 — 2016-03-07 19:35 — 00000000 ____D C:ProgramDataBitRaider
2016-03-07 19:30 — 2016-03-07 19:30 — 00000000 ____D C:Usersް܁ppData
2016-03-07 19:14 — 2016-03-07 19:18 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPerfect World Entertainment
2016-03-07 19:14 — 2016-03-07 19:16 — 00000000 ____D C:UsersЮраAppDataRoamingArc
2016-03-07 19:13 — 2016-03-07 19:13 — 00999096 _____ (Perfect World Entertainment) C:UsersЮраDownloadsNeverwinter_ArcSetup.exe
2016-03-07 19:13 — 2016-03-07 19:13 — 00000000 ____D C:UsersЮраDownloadsLog
2016-03-07 19:13 — 2016-02-05 20:43 — 10478336 _____ (Perfect World Entertainment) C:UsersЮраDownloadsArcInstall_NW_20151009a.exe
2016-03-07 19:08 — 2016-03-07 19:08 — 00002214 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-03-07 19:08 — 2016-03-07 19:08 — 00002202 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2016-03-07 19:07 — 2016-03-08 10:12 — 00000950 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2016-03-07 19:07 — 2016-03-07 19:12 — 00000946 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2016-03-07 18:20 — 2016-03-07 18:20 — 00000000 ____D C:UsersЮраDownloadsbackups
2016-03-07 17:42 — 2016-03-07 17:42 — 00388608 _____ (Trend Micro Inc.) C:UsersЮраDownloadsHijackThis.exe
2016-03-07 17:06 — 2016-03-07 17:06 — 00987728 _____ (Google Inc.) C:UsersЮраDownloadsChromeSetup.exe
2016-03-07 10:24 — 2016-03-07 10:24 — 00000970 _____ C:UsersЮраDesktopUltraISO.lnk
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:UsersЮраDocumentsMy ISO Files
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsUltraISO
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:Program FilesUltraISO
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:Program FilesCommon FilesEZB Systems
2016-03-07 03:49 — 2016-03-07 10:38 — 00000958 _____ C:WindowsTasksAdobe Flash Player PPAPI Notifier.job
2016-03-07 03:49 — 2016-03-07 10:38 — 00000896 _____ C:WindowsTasksAdobe Flash Player Updater.job
2016-03-07 03:47 — 2016-03-07 04:00 — 00112640 _____ C:UsersЮраAppDataLocalGDIPFONTCACHEV1.DAT
2016-03-07 03:46 — 2016-03-07 03:46 — 00001410 _____ C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk
2016-03-07 02:33 — 2016-03-07 02:35 — 00000140 _____ C:WindowsReimage.ini
2016-03-06 22:27 — 2016-03-07 10:38 — 00440560 _____ C:Windowssystem32FNTCACHE.DAT
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-19a3-0
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-0ea3-1
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:ProgramData811b4c8b-19a3-0
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:ProgramData811b4c8b-0ea3-1
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-7515-0
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-1a87-1
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:ProgramData811b4c8b-7515-0
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:ProgramData811b4c8b-1a87-1
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-2941-0
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-0403-1
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:ProgramData811b4c8b-2941-0
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:ProgramData811b4c8b-0403-1
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-6827-0
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-4c13-1
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:ProgramData811b4c8b-6827-0
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:ProgramData811b4c8b-4c13-1
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-5b93-1
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-1c63-0
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:ProgramData811b4c8b-5b93-1
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:ProgramData811b4c8b-1c63-0
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-7c67-0
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-1035-1
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:ProgramData811b4c8b-7c67-0
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:ProgramData811b4c8b-1035-1
2016-02-20 15:39 — 2016-02-20 15:39 — 00000000 ____D C:UsersЮраAppDataRoamingAC3Filter
2016-02-20 14:19 — 2016-02-20 14:19 — 00000000 ____D C:UsersЮраDocumentsCriterion Games
2016-02-20 13:39 — 2016-02-20 13:39 — 00000000 ___HD C:Program FilesCommon FilesEAInstaller
2016-02-20 12:27 — 2016-03-06 22:39 — 00000000 ____D C:UsersВсе пользователиElectronic Arts
2016-02-20 12:27 — 2016-03-06 22:39 — 00000000 ____D C:ProgramDataElectronic Arts
2016-02-19 18:17 — 2016-03-04 23:08 — 00000000 ____D C:UsersВсе пользователи811b4c8b-0a11-0
2016-02-19 18:17 — 2016-03-04 23:08 — 00000000 ____D C:ProgramData811b4c8b-0a11-0
2016-02-19 18:12 — 2016-03-06 22:19 — 00000000 ____D C:UsersВсе пользователиcfa54b68
2016-02-19 18:12 — 2016-03-06 22:19 — 00000000 ____D C:ProgramDatacfa54b68
2016-02-19 18:12 — 2016-03-04 23:08 — 00000000 ____D C:UsersВсе пользователи811b4c8b-40f1-0
2016-02-19 18:12 — 2016-03-04 23:08 — 00000000 ____D C:ProgramData811b4c8b-40f1-0
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:UsersВсе пользователи{319c6ae5-112c-0}
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:UsersВсе пользователи{008c7bcb-012c-1}
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:ProgramData{319c6ae5-112c-0}
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:ProgramData{008c7bcb-012c-1}
2016-02-14 09:04 — 2015-11-12 11:50 — 00027040 ____H (LogMeIn, Inc.) C:Windowssystem32hamachi.sys
2016-02-14 09:03 — 2016-02-18 14:48 — 00000000 ____D C:UsersЮраAppDataLocalLogMeIn Hamachi
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:UsersЮраAppDataLocalLogMeIn
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:UsersВсе пользователиLogMeIn
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:ProgramDataLogMeIn
2016-02-14 00:25 — 2016-02-14 00:25 — 00000000 ____D C:UsersЮраAppDataRoamingEurekaLog
2016-02-14 00:25 — 2016-02-14 00:25 — 00000000 _____ C:Windowssystem32Access.dat
2016-02-14 00:23 — 2015-12-21 17:01 — 00043568 _____ (Tunngle.net) C:Windowssystem32Driverstap0901t.sys
2016-02-14 00:12 — 2016-02-20 12:28 — 00000000 ____D C:UsersЮраAppDataRoamingOrigin
2016-02-14 00:11 — 2016-03-06 22:39 — 00000000 ____D C:UsersВсе пользователиOrigin
2016-02-14 00:11 — 2016-03-06 22:39 — 00000000 ____D C:ProgramDataOrigin
2016-02-13 20:15 — 2016-02-13 20:16 — 00000000 ____D C:UsersЮраDocumentsNFS Most Wanted
2016-02-13 20:12 — 2016-02-13 20:12 — 00000000 ____D C:UsersЮраAppDataRoamingNeed for Speed — Most Wanted
2016-02-13 20:12 — 2016-02-13 20:12 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsR.G. Mechanics
2016-02-13 12:49 — 2016-02-13 18:56 — 00000000 ____D C:UsersЮраDesktopМаша

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 22:55 — 2014-02-22 20:51 — 00000000 ____D C:UsersЮраAppDataRoamingMumble
2016-03-07 20:24 — 2013-08-14 18:59 — 00000000 ____D C:UsersЮраAppDataRoamingAIMP3
2016-03-07 19:39 — 2009-07-14 04:37 — 00000000 ____D C:Windowsinf
2016-03-07 19:18 — 2013-08-14 19:45 — 00000000 ___RD C:UsersЮраDesktopИгры
2016-03-07 19:14 — 2014-04-09 15:02 — 00000000 ___HD C:Program FilesInstallShield Installation Information
2016-03-07 19:08 — 2013-08-14 18:52 — 00000000 ____D C:UsersЮраAppDataLocalGoogle
2016-03-07 19:07 — 2014-05-07 13:54 — 00000000 ____D C:Program FilesGoogle
2016-03-07 18:55 — 2013-08-14 19:59 — 00000000 ____D C:UsersВсе пользователиKaspersky Lab
2016-03-07 18:55 — 2013-08-14 19:59 — 00000000 ____D C:ProgramDataKaspersky Lab
2016-03-07 18:46 — 2009-07-14 06:34 — 00026256 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 18:46 — 2009-07-14 06:34 — 00026256 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 18:39 — 2013-08-14 18:29 — 00000000 ____D C:UsersВсе пользователиNVIDIA
2016-03-07 18:39 — 2013-08-14 18:29 — 00000000 ____D C:ProgramDataNVIDIA
2016-03-07 18:39 — 2009-07-14 06:53 — 00000006 ____H C:WindowsTasksSA.DAT
2016-03-07 17:01 — 2014-07-01 15:27 — 00000000 ____D C:Program FilesSteam
2016-03-07 17:01 — 2013-08-14 18:54 — 00000000 ____D C:UsersЮраAppDataRoaminguTorrent
2016-03-07 16:52 — 2013-08-14 18:32 — 00000000 ____D C:UsersЮраAppDataLocalOpera Software
2016-03-07 16:52 — 2013-08-14 18:32 — 00000000 ____D C:Program FilesOpera
2016-03-07 14:59 — 2013-09-07 22:09 — 00000000 ____D C:UsersЮраAppDataLocalElevatedDiagnostics
2016-03-07 03:49 — 2014-08-20 12:34 — 00000000 ____D C:UsersЮраAppDataLocalAdobe
2016-03-07 03:49 — 2013-08-14 19:28 — 00796864 _____ (Adobe Systems Incorporated) C:Windowssystem32FlashPlayerApp.exe
2016-03-07 03:49 — 2013-08-14 19:28 — 00142528 _____ (Adobe Systems Incorporated) C:Windowssystem32FlashPlayerCPLApp.cpl
2016-03-07 03:47 — 2015-12-18 21:45 — 00000000 ____D C:UsersВсе пользователиsimplitec
2016-03-07 03:47 — 2015-12-18 21:45 — 00000000 ____D C:ProgramDatasimplitec
2016-03-07 00:22 — 2015-12-18 21:43 — 00000000 ____D C:Program FilesSearch Extensions
2016-03-06 22:43 — 2014-11-12 16:28 — 00000000 ____D C:Program Files360
2016-03-06 22:35 — 2009-07-14 06:52 — 00000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsGames
2016-03-06 22:17 — 2013-08-14 18:51 — 00000000 ____D C:UsersЮраAppDataRoamingSkype
2016-03-06 21:35 — 2015-09-09 11:10 — 00000000 ____D C:Program FilesCommon FilesAV
2016-03-05 17:38 — 2015-06-03 22:17 — 00000000 ____D C:UsersЮраAppDataLocalBattle.net
2016-03-04 14:12 — 2015-12-28 20:37 — 00000133 _____ C:UsersЮраDesktopцитаты.txt
2016-03-04 13:49 — 2013-08-14 18:51 — 00000000 ____D C:UsersВсе пользователиSkype
2016-03-04 13:49 — 2013-08-14 18:51 — 00000000 ____D C:ProgramDataSkype
2016-03-02 08:16 — 2015-06-03 22:17 — 00000000 ____D C:UsersЮраAppDataRoamingBattle.net
2016-03-02 08:16 — 2015-06-03 22:15 — 00000000 ____D C:UsersВсе пользователиBattle.net
2016-03-02 08:16 — 2015-06-03 22:15 — 00000000 ____D C:ProgramDataBattle.net
2016-02-27 13:20 — 2009-07-14 04:37 — 00000000 ____D C:Windowssystem32NDF
2016-02-23 04:50 — 2015-06-06 14:33 — 00000000 ____D C:UsersВсе пользователиregid.1991-06.com.microsoft
2016-02-23 04:50 — 2015-06-06 14:33 — 00000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2016-02-23 04:50 — 2013-08-25 23:10 — 00000000 ____D C:UsersВсе пользователиMicrosoft Help
2016-02-23 04:48 — 2015-06-06 14:31 — 00000000 ____D C:Program FilesMicrosoft Office 15
2016-02-20 15:36 — 2013-08-14 19:16 — 00000000 ____D C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsGames
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:UsersВсе пользователи102d5787-6bd3-0
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:UsersВсе пользователи102d5787-4813-1
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:ProgramData102d5787-6bd3-0
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:ProgramData102d5787-4813-1
2016-02-18 14:48 — 2014-11-12 17:46 — 00000000 __SHD C:UsersВсе пользователи360Quarant
2016-02-18 14:48 — 2014-11-12 17:46 — 00000000 __SHD C:ProgramData360Quarant
2016-02-18 14:48 — 2014-11-12 16:45 — 00000000 __SHD C:$360Section
2016-02-18 10:56 — 2013-08-14 23:47 — 00000000 ____D C:UsersЮраAppDataLocalMail.Ru
2016-02-15 08:15 — 2014-11-12 16:41 — 00000000 ____D C:WindowsTasks360Disabled
2016-02-14 09:36 — 2015-11-19 17:56 — 00000000 ____D C:UsersЮраAppDataRoamingTunngle
2016-02-14 00:11 — 2014-02-23 23:15 — 00000000 ____D C:UsersВсе пользователиPackage Cache
2016-02-14 00:11 — 2014-02-23 23:15 — 00000000 ____D C:ProgramDataPackage Cache
2016-02-13 12:53 — 2013-08-14 18:28 — 01648658 _____ C:Windowssystem32PerfStringBackup.INI
2016-02-13 12:53 — 2009-07-14 10:41 — 00724852 _____ C:Windowssystem32perfh019.dat
2016-02-13 12:53 — 2009-07-14 10:41 — 00149680 _____ C:Windowssystem32perfc019.dat

==================== Files in the root of some directories =======

2014-08-12 22:01 — 2014-08-12 22:01 — 0000040 _____ () C:Program Files{AACE8122-B27D-421C-A5BB-95060941AFD7}.sys
2013-12-19 00:52 — 2015-03-24 02:52 — 0000107 _____ () C:UsersЮраAppDataRoamingWB.CFG
2014-02-23 23:19 — 2014-02-23 23:19 — 0000000 ___SH () C:UsersЮраAppDataLocalLumaEmu
2015-07-08 11:48 — 2015-07-08 11:48 — 0000017 _____ () C:UsersЮраAppDataLocalresmon.resmoncfg

Some files in TEMP:
====================
C:UsersЮраAppDataLocalTempBRSVC_1589306_hlp.exe
C:UsersЮраAppDataLocalTempICReinstall_FlashVideoPlayer.exe
C:UsersЮраAppDataLocalTempReimagePackage.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:Windowsexplorer.exe => File is digitally signed
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed

LastRegBack: 2016-03-07 14:52

==================== End of FRST.txt ============================

Второй документ добавить нельзя, т.к. превышен размер. Отправлю его содержимое вторым сообщением.

Re: Re: Блочит сайты и игры

Добро пожаловать

Поиск

Важные инструкции

Как запустить компьютер в безопасном режиме (Safe Mode)

Какой лучший антивирус ? Как выбрать антивирус ?

Нет доступа в интернет после удаления вируса — Как восстановить

Как сбросить настройки Firefox (Инструкция)

Как удалить вирус с телефона Андроид (Инструкция)

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки