В Google Chrome загружается страница funday24.ru

[timina-al]

Раньше при открытии в Google Chrome загружалась страница funday24.ru. В настройках браузера поменяла стартовую страницу. Теперь при открытии браузера загружается установленная мной страница, но потом открывается страница funday24.ru
Помогите, пожалуйста

Результат FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Rusya (administrator) on TIMINA-AL (06-04-2016 19:00:33)
Running from C:UsersRusyaDownloads
Loaded Profiles: Rusya & UpdatusUser & (Available Profiles: Rusya & UpdatusUser)
Platform: Windows 8.1 Enterprise (Update 1) (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forums/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATK HotkeyAsLdrSrv.exe
(ASUS) C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
(Kingsoft Corporation) C:Program Files (x86)cmcmClean Mastercmcore.exe
(ASUS) C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
(ESET) C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe
(Realsil Microelectronics Inc.) C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
(Intel(R) Corporation) C:Program FilesInteliCLS ClientHeciServer.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALJhi_service.exe
(MDL Forum, mod by Ratiborus) C:ProgramDataKMSAutoSbinKMSSS.exe
(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe
(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe
(ASUS) C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe
(Dropbox, Inc.) C:Program Files (x86)DropboxUpdateDropboxUpdate.exe
(ASUS) C:Program FilesASUSP4GBatteryLife.exe
(ASUS) C:Program Files (x86)ASUSASUS InstantOnInsOnCfg.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe
(AsusTek) C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe
(ASUSTeK Computer Inc.) C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe
(AsusTek) C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe
(Kingsoft Corporation) C:Program Files (x86)cmcmClean Mastercmtray.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe
(ESET) C:Program FilesESETESET NOD32 Antivirusegui.exe
(Intel Corporation) C:WindowsSystem32igfxtray.exe
(Intel Corporation) C:WindowsSystem32igfxsrvc.exe
(Intel Corporation) C:WindowsSystem32hkcmd.exe
(Intel Corporation) C:WindowsSystem32igfxpers.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
(CANON INC.) C:Program FilesCanonCanon MF Network Scan UtilityCNMFSUT6.EXE
(AsusTek) C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe
() C:UsersRusyaAppDataLocalViberViber.exe
(Skype Technologies S.A.) C:Program Files (x86)SkypePhoneSkype.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Dropbox, Inc.) C:Program Files (x86)DropboxClientDropbox.exe
(Telegram Messenger LLP) C:UsersRusyaAppDataRoamingTelegram DesktopTelegram.exe
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Microsoft Corporation) C:Program Files (x86)Microsoft OfficeOffice15MSOSYNC.EXE
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Microsoft Corporation) C:WindowsSysWOW64wbemWmiPrvSE.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
(Microsoft Corporation) C:Windowsregedit.exe
(SAP AG) C:Program Files (x86)SAPSapSetupSetupUpdaterNwSapAutoWorkstationUpdateService.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice15msoia.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM…Run: [egui] => C:Program FilesESETESET NOD32 Antivirusegui.exe [5581888 2014-02-24] (ESET)
HKLM…Run: [MFNetworkScanUtility] => C:Program FilesCanonCanon MF Network Scan UtilityCNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
HKLM-x32…Run: [Dropbox] => C:Program Files (x86)DropboxClientDropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32…Run: [cmsc] => c:program files (x86)cmcmClean Mastercmtray.exe [468328 2016-01-20] (Kingsoft Corporation)
WinlogonNotifyigfxcui: C:Windowssystem32igfxdev.dll (Intel Corporation)
HKUS-1-5-21-1573865328-3615463135-1480589829-1001…Run: [Viber] => C:UsersRusyaAppDataLocalViberViber.exe [59171920 2016-03-03] ()
HKUS-1-5-21-1573865328-3615463135-1480589829-1001…Run: [Skype] => C:Program Files (x86)SkypePhoneSkype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKUS-1-5-21-1573865328-3615463135-1480589829-1001…Run: [poowqdfnde] => explorer «hxxp://tutsifi.ru/?utm_source=uoua03&utm_content=71939b02451863c8fba27634e3b849e6&utm_term=8432BFE8A8C3DBDA91535F402865FEF5&utm_d=20160406» <===== ATTENTION
HKUS-1-5-21-1573865328-3615463135-1480589829-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0…Run: [Viber] => C:UsersRusyaAppDataLocalViberViber.exe [59171920 2016-03-03] ()
HKUS-1-5-21-1573865328-3615463135-1480589829-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0…Run: [Skype] => C:Program Files (x86)SkypePhoneSkype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKUS-1-5-21-1573865328-3615463135-1480589829-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0…Run: [poowqdfnde] => explorer «hxxp://tutsifi.ru/?utm_source=uoua03&utm_content=71939b02451863c8fba27634e3b849e6&utm_term=8432BFE8A8C3DBDA91535F402865FEF5&utm_d=20160406» <===== ATTENTION
HKUS-1-5-21-1573865328-3615463135-1480589829-1002…MountPoints2: {96a5ee67-51d4-11e4-824e-806e6f6e6963} — «F:AsInsWiz.exe»
HKUS-1-5-21-1573865328-3615463135-1480589829-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0…MountPoints2: {96a5ee67-51d4-11e4-824e-806e6f6e6963} — «F:AsInsWiz.exe»
AppInit_DLLs: C:Windowssystem32nvinitx.dll => C:Windowssystem32nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:WindowsSysWOW64nvinit.dll => C:WindowsSysWOW64nvinit.dll [141336 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:UsersRusyaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupRhymes 3.lnk [2015-09-28]
ShortcutTarget: Rhymes 3.lnk -> C:UsersRusyaAppDataLocalRhymes 3Rhymes.exe (No File)
Startup: C:UsersRusyaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTelegram.lnk [2015-09-17]
ShortcutTarget: Telegram.lnk -> C:UsersRusyaAppDataRoamingTelegram DesktopTelegram.exe (Telegram Messenger LLP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{046F0AA4-6E94-49A6-A24C-FA4185564105}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficeOffice15OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:Program FilesMicrosoft OfficeOffice15GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficeOffice15OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_65binssv.dll [2015-11-03] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program Files (x86)Microsoft OfficeOffice15URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:Program Files (x86)Microsoft OfficeOffice15GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_65binjp2ssv.dll [2015-11-03] (Oracle Corporation)
Handler-x32: saphtmlp — {D1F8BD1E-7967-11D2-B43A-006094B9EADB} — c:program files (x86)sapfrontendsapguisaphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: sapr3 — {D1F8BD1E-7967-11D2-B43A-006094B9EADB} — c:program files (x86)sapfrontendsapguisaphtmlp.dll [2012-06-20] (SAP, Walldorf)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_18_0_0_232.dll [2015-09-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.30514.0npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_18_0_0_232.dll [2015-09-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:Program Files (x86)Javajre1.8.0_65bindtpluginnpDeployJava1.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:Program Files (x86)Javajre1.8.0_65binplugin2npjp2.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program Files (x86)Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.30514.0npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:PROGRA~2MICROS~1Office15NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnpMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32…ThunderbirdExtensions: [eplgTb@eset.com] — C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird
FF Extension: ESET Smart Security Extension — C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2014-10-13] [not signed]

Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> «hxxps://www.google.com.ua/»
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=chxtn9.0.1__PARAM__
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:UsersRusyaAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (Google Презентации) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Документы Google) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Диск Google) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Таблицы) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Документы офлайн) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Cisco WebEx Extension) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionsjlhmfgmfgeifomenelglieieghnjghma [2015-03-26]
CHR Extension: (Gmail) — C:UsersRusyaAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM-x32…ChromeExtension: [ahkmpjnmnhjkpkacdhkliipnncobgkhk] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [oelpkepjlgmehajehfeicfbjdiobdkfj] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [phokcamelcbnjikjgomjjadeihhbbidh] — hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 cmcore; c:program files (x86)cmcmClean Mastercmcore.exe [315240 2016-01-20] (Kingsoft Corporation)
S2 dbupdate; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
R2 ekrn; C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe [1343408 2014-02-24] (ESET)
R2 Intel(R) ME Service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 KMSEmulator; C:ProgramDataKMSAutoSbinKMSSS.exe [303616 2014-02-02] (MDL Forum, mod by Ratiborus) [File not signed]
R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NWSAPAutoWorkstationUpdateSvc; C:Program Files (x86)SAPSAPsetupSetupUpdaterNwSapAutoWorkstationUpdateService.exe [165568 2012-06-19] (SAP AG)
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:Windowssystem32DRIVERSathwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:WindowsSystem32driversAsusTP.sys [65784 2013-06-28] (ASUS Corporation)
R1 eamonm; C:WindowsSystem32DRIVERSeamonm.sys [239320 2013-09-17] (ESET)
S0 ebdrv; C:WindowsSystem32driversevbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 edevmon; C:WindowsSystem32Driversedevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:Windowssystem32DRIVERSehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:Windowssystem32DRIVERSepfwwfpr.sys [157432 2013-09-17] (ESET)
R3 kbfiltr; C:WindowsSystem32driverskbfiltr.sys [14992 2012-08-02] ( )
S3 ksapi64; C:Windowssystem32driversksapi64.sys [56680 2016-01-20] (Kingsoft Corporation)
S3 m76usb; C:WindowsSystem32driversm76usb.sys [538312 2013-11-25] (Ralink Technology Corp.)
R3 MBAMProtector; C:Windowssystem32driversmbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [192216 2016-04-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 USBAAPL64; C:WindowsSystem32Driversusbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:Windowssystem32driversWdBoot.sys [35856 2013-10-31] (Microsoft Corporation)
S3 WdFilter; C:Windowssystem32driversWdFilter.sys [236888 2013-10-31] (Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 ASUSProcObsrv; ??F:I386AsPrOb64.sys [X]
S3 BtAudioBusSrv; SystemRootSystem32DriversBtAudioBus.sys [X]
S3 BthL2caScoIfSrv; SystemRootSystem32DriversBtL2caScoIf.sys [X]
S3 btUrbFilterDrv; SystemRootSystem32DriversIvtUrbBtFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-06 19:00 — 2016-04-06 19:02 — 00022589 _____ C:UsersRusyaDownloadsFRST.txt
2016-04-06 19:00 — 2016-04-06 19:00 — 00000000 ____D C:FRST
2016-04-06 18:55 — 2016-04-06 18:56 — 02374144 _____ (Farbar) C:UsersRusyaDownloadsFRST64.exe
2016-04-06 18:44 — 2016-04-06 18:45 — 00192216 _____ (Malwarebytes) C:Windowssystem32DriversMBAMSwissArmy.sys
2016-04-06 18:44 — 2016-04-06 18:44 — 00001118 _____ C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
2016-04-06 18:44 — 2016-04-06 18:44 — 00000000 ____D C:UsersВсе пользователиMalwarebytes
2016-04-06 18:44 — 2016-04-06 18:44 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2016-04-06 18:44 — 2016-04-06 18:44 — 00000000 ____D C:ProgramDataMalwarebytes
2016-04-06 18:44 — 2016-04-06 18:44 — 00000000 ____D C:Program Files (x86)Malwarebytes Anti-Malware
2016-04-06 18:44 — 2016-03-10 14:09 — 00065408 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmwac.sys
2016-04-06 18:44 — 2016-03-10 14:08 — 00140672 _____ (Malwarebytes) C:Windowssystem32Driversmbamchameleon.sys
2016-04-06 18:44 — 2016-03-10 14:08 — 00027008 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys
2016-04-06 18:40 — 2016-04-06 18:41 — 22851472 _____ (Malwarebytes ) C:UsersRusyaDownloadsmbam-setup-2.2.1.1043.exe
2016-04-06 18:31 — 2016-04-06 18:31 — 00002905 _____ C:UsersRusyaDesktopAdwCleaner[C1].txt
2016-04-06 18:25 — 2016-04-06 18:28 — 00000000 ____D C:AdwCleaner
2016-04-06 18:25 — 2016-04-06 18:25 — 03119168 _____ C:UsersRusyaDownloadsadwcleaner_5.109.exe
2016-04-06 11:56 — 2016-04-06 15:56 — 00000000 ____D C:UsersRusyaAppDataLocalSearchGo
2016-04-06 11:56 — 2016-04-06 13:56 — 00000000 ____D C:UsersRusyaAppDataLocalLowSearchGo
2016-04-06 11:56 — 2016-04-06 11:57 — 00000000 ____D C:UsersRusyaAppDataLocalLowUnity
2016-04-06 11:56 — 2016-04-06 11:57 — 00000000 ____D C:UsersRusyaAppDataLocalUnity
2016-04-06 11:56 — 2016-04-06 11:56 — 00003486 _____ C:WindowsSystem32TasksSearchGo Task
2016-04-06 11:50 — 2016-04-06 11:54 — 15675152 _____ C:UsersRusyaDownloadspm4rus.exe
2016-04-06 11:49 — 2016-04-06 11:50 — 16233495 _____ C:UsersRusyaDownloadsSTOIK_Color_By_Number.rar
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:UsersВсе пользователи3969
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:UsersВсе пользователи3495
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:UsersВсе пользователи2198
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:UsersRusyaDocuments250
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:UsersRusyaAppDataRoaming078
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:UsersPublicDocuments6681
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:ProgramData3969
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:ProgramData3495
2016-04-06 11:49 — 2016-04-06 11:49 — 00000012 _____ C:ProgramData2198
2016-04-06 11:49 — 2016-04-06 11:49 — 00000000 ____D C:UsersВсе пользователиSTOIK
2016-04-06 11:49 — 2016-04-06 11:49 — 00000000 ____D C:UsersRusyaAppDataRoamingPaintBN
2016-04-06 11:49 — 2016-04-06 11:49 — 00000000 ____D C:ProgramDataSTOIK
2016-04-06 11:47 — 2016-04-06 11:47 — 11799827 _____ C:UsersRusyaDownloadsSTOIK_ColorByNumber.zip
2016-04-06 11:37 — 2016-04-06 11:37 — 02651954 _____ C:UsersRusyaDownloadsMC2.zip
2016-04-05 15:44 — 2016-04-05 15:44 — 04000768 _____ C:UsersRusyaDownloadssividov.ppt
2016-04-04 16:10 — 2016-04-04 16:10 — 00035470 _____ C:UsersRusyaDownloadsДля Лины__Финал__Доступы__Категория Бизнес_SHAREPOINT (2).xlsx
2016-04-01 22:52 — 2016-04-01 22:52 — 00318976 _____ C:UsersRusyaDownloadsStroy_Prise_List.xls
2016-04-01 19:21 — 2016-04-01 19:21 — 00022490 _____ C:UsersRusyaDownloadsГруппы_доступы_Верх_уровень.xlsx
2016-04-01 16:25 — 2016-04-01 16:25 — 00762533 _____ C:UsersRusyaDownloadsCall Web Service (2).pdf
2016-04-01 15:57 — 2016-04-01 15:57 — 00035284 _____ C:UsersRusyaDownloadsДля Лины__Финал__Доступы__Категория Бизнес_SHAREPOINT (1).xlsx
2016-03-31 19:06 — 2016-03-31 19:09 — 331438608 _____ C:UsersRusyaDownloadsNaruto Shippuuden — 454 RainDeath [720p].mkv
2016-03-31 13:09 — 2016-03-31 13:09 — 00019042 _____ C:UsersRusyaDownloads2016-03-31-13-09-04.xlsx
2016-03-31 12:13 — 2016-03-31 12:13 — 00017772 _____ C:UsersRusyaDownloads2016-03-31-12-13-19.xlsx
2016-03-31 11:57 — 2016-03-31 11:57 — 00028166 _____ C:UsersRusyaDownloads2016-03-31-11-57-07.xlsx
2016-03-31 11:51 — 2016-03-31 11:51 — 00033074 _____ C:UsersRusyaDownloads2016-03-31-11-51-16.xlsx
2016-03-31 11:50 — 2016-03-31 11:50 — 00029315 _____ C:UsersRusyaDownloads2016-03-31-11-49-53.xlsx
2016-03-30 15:12 — 2016-03-30 15:12 — 00165700 _____ C:UsersRusyaDownloadsПолугодие_-_Создание_истории_к_карточкам.nwf
2016-03-30 14:57 — 2016-03-30 14:57 — 00165040 _____ C:UsersRusyaDownloadsКвартал_-_Создание_истории_к_карточкам.nwf
2016-03-29 16:10 — 2016-03-29 16:10 — 00087574 _____ C:UsersRusyaDownloadsДОП_Участники_НАЗНАЧИТЬ_совещание.nwf
2016-03-29 16:00 — 2016-03-29 16:00 — 00109289 _____ C:UsersRusyaDownloadsМесяц_-_Создание_истории_к_карточкам.nwf
2016-03-28 14:59 — 2016-03-28 14:59 — 00700440 _____ C:UsersRusyaDownloadsИзменение Пароля с Ipad.pdf
2016-03-25 14:40 — 2016-03-25 14:40 — 00345487 _____ C:UsersRusyaDownloadsЛе Карре Джон. Русский Дом — royallib.com.txt.zip
2016-03-25 14:40 — 2016-03-25 14:40 — 00276920 _____ C:UsersRusyaDownloadsЛе Карре Джон. Особо опасен — royallib.com.txt.zip
2016-03-25 11:56 — 2016-03-25 11:56 — 00001194 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsTeamViewer 8.lnk
2016-03-24 17:26 — 2016-03-24 17:26 — 00664165 _____ C:UsersRusyaDownloadsСогласование_и_подписание_Приказа.nwf
2016-03-24 14:43 — 2016-03-24 14:43 — 00035660 _____ C:UsersRusyaDownloadsДля Лины__Финал__Доступы__Категория Бизнес_SHAREPOINT.xlsx
2016-03-24 13:25 — 2016-03-24 13:25 — 00000000 ____D C:UsersRusyaAppDataLocalViber
2016-03-23 12:48 — 2016-03-23 12:48 — 00015389 _____ C:UsersRusyaDownloadstickets (6).html
2016-03-22 14:06 — 2016-03-22 14:06 — 00762533 _____ C:UsersRusyaDownloadsCall Web Service (1).pdf
2016-03-20 22:56 — 2016-03-21 00:30 — 2654537030 _____ C:UsersRusyaDownloadsMeru.2015.L1.BDRip.1080p.[PashaUp].mkv
2016-03-20 15:34 — 2016-03-20 15:34 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDropbox
2016-03-18 14:04 — 2016-03-18 14:04 — 00000000 ____D C:UsersRusyaDownloadsХилтон Джеймс. Затерянный горизонт — royallib.com.txt
2016-03-18 14:03 — 2016-03-18 14:03 — 01286146 _____ C:UsersRusyaDownloadsVokzal-poteryannyh-snov.txt
2016-03-18 14:02 — 2016-03-18 14:02 — 00197131 _____ C:UsersRusyaDownloadsХилтон Джеймс. Затерянный горизонт — royallib.com.txt.zip
2016-03-18 13:54 — 2016-03-18 13:54 — 00358780 _____ C:UsersRusyaDownloadsHosseyni_-_Beguschiy_za_vetrom.fb2.zip
2016-03-18 13:53 — 2016-03-18 13:53 — 00451808 _____ C:UsersRusyaDownloadsÄæåðîì_-_Òðîå_â_ëîäêå_(íå_ñ÷èòàÿ_ñîáàêè)_(Äîíñêîé).mobi
2016-03-18 13:53 — 2016-03-18 13:53 — 00398371 _____ C:UsersRusyaDownloadsÄæåðîì_-_Òðîå_â_ëîäêå_(íå_ñ÷èòàÿ_ñîáàêè)_(Äîíñêîé).epub
2016-03-18 13:53 — 2016-03-18 13:53 — 00385460 _____ C:UsersRusyaDownloadsÄæåðîì_-_Òðîå_â_ëîäêå_(íå_ñ÷èòàÿ_ñîáàêè).txt
2016-03-18 13:53 — 2016-03-18 13:53 — 00187518 _____ C:UsersRusyaDownloadsДжером_-_Трое_в_лодке_(не_считая_собаки)_(Донской).fb2.zip
2016-03-18 12:55 — 2016-03-18 12:55 — 05555052 _____ C:UsersRusyaDownloadsfresco-010.pdf
2016-03-18 12:40 — 2016-03-18 12:40 — 00067601 _____ C:UsersRusyaDownloadsАвтоматическое_закрытие_подт_присутствия.nwf
2016-03-17 11:23 — 2016-03-17 11:23 — 00037614 _____ C:UsersRusyaDownloadsbill_07009101308_24271423 (1).pdf
2016-03-16 18:58 — 2016-03-16 18:58 — 01207632 _____ C:UsersRusyaDownloads16-03-2016_17-57-13.zip
2016-03-15 17:16 — 2016-03-15 17:16 — 00000980 _____ C:UsersRusyaDownloadsСписок ЦО.txt
2016-03-15 17:16 — 2016-03-15 17:16 — 00000396 _____ C:UsersRusyaDownloadsСписок РУ.txt
2016-03-14 14:11 — 2016-03-14 14:11 — 00176485 _____ C:UsersRusyaDownloadsМайнові права Тіміна Анна Леонідівна.pdf
2016-03-14 14:11 — 2016-03-14 14:11 — 00154196 _____ C:UsersRusyaDownloadsКУПІВЛЯ-ПРОДАЖ ДЕРИВАТИВУ_ Тіміна Анна Леонідівна.pdf
2016-03-12 22:20 — 2016-03-28 16:01 — 00000000 ____D C:UsersRusyaDocumentsквартира
2016-03-12 21:53 — 2016-03-12 21:57 — 476803121 _____ C:UsersRusyaDownloadsArchiCAD 14.zip
2016-03-12 21:50 — 2016-03-12 21:53 — 47695168 _____ (eTeks ) C:UsersRusyaDownloadsSweetHome3D-5.2-windows (1).exe
2016-03-12 21:50 — 2016-03-12 21:52 — 224046280 _____ C:UsersRusyaDownloadsSweetHome3D-5.2-portable.7z
2016-03-12 21:49 — 2016-03-12 21:49 — 01521049 _____ (eTeks ) C:UsersRusyaDownloadsSweetHome3D-5.2-windows.exe
2016-03-12 20:42 — 2016-03-12 20:42 — 00773280 _____ C:UsersRusyaDownloadsoptimizilla.zip
2016-03-10 18:11 — 2016-03-10 18:11 — 00015413 _____ C:UsersRusyaDownloadstickets (5).html
2016-03-10 15:24 — 2016-03-10 15:24 — 00148988 _____ C:UsersRusyaDownloadstour-print-5924.pdf
2016-03-10 12:05 — 2016-03-10 12:05 — 00034626 _____ C:UsersRusyaDownloadstickets (4).html
2016-03-09 13:30 — 2016-03-09 13:30 — 00762533 _____ C:UsersRusyaDownloadsCall Web Service.pdf
2016-03-09 12:30 — 2016-03-09 12:30 — 00059283 _____ C:UsersRusyaDownloadsСверка_таблицы_полномочий_с_присвоенными_полномочиями_в_системе.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-06 18:57 — 2014-11-06 16:43 — 00005038 _____ C:WindowsSystem32TasksMicrosoft Office 15 Sync Maintenance for timina-al-Rusya timina-al
2016-04-06 18:55 — 2014-10-12 20:31 — 00000000 ____D C:UsersRusyaAppDataRoamingSkype
2016-04-06 18:50 — 2014-10-12 09:13 — 00003598 _____ C:WindowsSystem32TasksOptimize Start Menu Cache Files-S-1-5-21-1573865328-3615463135-1480589829-1001
2016-04-06 18:32 — 2015-10-06 14:14 — 00000000 ___RD C:UsersRusyaDropbox
2016-04-06 18:32 — 2015-10-06 14:09 — 00000000 ____D C:UsersRusyaAppDataLocalDropbox
2016-04-06 18:31 — 2014-10-12 20:23 — 00000000 ____D C:UsersRusyaAppDataRoamingViberPC
2016-04-06 18:30 — 2015-12-06 22:03 — 00000992 _____ C:WindowsTasksGoogleUpdateTaskMachineCore1d13058d7930f0d.job
2016-04-06 18:30 — 2015-10-06 14:09 — 00001114 _____ C:WindowsTasksDropboxUpdateTaskMachineCore.job
2016-04-06 18:30 — 2015-09-15 19:21 — 00000992 _____ C:WindowsTasksGoogleUpdateTaskMachineCore1d0efd2a5aff680.job
2016-04-06 18:30 — 2015-09-15 09:39 — 00000000 ____D C:UsersRusyaAppDataRoamingTelegram Desktop
2016-04-06 18:30 — 2015-05-12 10:21 — 00000992 _____ C:WindowsTasksGoogleUpdateTaskMachineCore1d08c84484e29b5.job
2016-04-06 18:30 — 2014-10-14 14:10 — 00000992 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2016-04-06 18:29 — 2013-08-22 17:45 — 00000006 ____H C:WindowsTasksSA.DAT
2016-04-06 18:29 — 2013-08-22 16:25 — 00262144 ___SH C:Windowssystem32configBBI
2016-04-06 18:27 — 2014-11-12 22:16 — 00000996 _____ C:WindowsTasksGoogleUpdateTaskMachineUA1cffead28c14a57.job
2016-04-06 15:21 — 2014-10-14 14:10 — 00000996 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2016-04-06 11:54 — 2013-08-22 18:36 — 00000000 ___HD C:Windowssystem32GroupPolicy
2016-04-06 11:54 — 2013-08-22 18:36 — 00000000 ____D C:WindowsSysWOW64GroupPolicy
2016-04-06 11:49 — 2014-10-12 09:09 — 00000000 ___HD C:Program Files (x86)InstallShield Installation Information
2016-04-05 20:09 — 2014-10-12 09:02 — 00000000 ____D C:UsersRusyaAppDataLocalPackages
2016-04-05 14:54 — 2014-10-12 20:24 — 00000000 ____D C:UsersRusyaDocumentsViberDownloads
2016-04-04 07:50 — 2014-10-12 09:01 — 00000000 ____D C:UsersRusya
2016-04-04 07:49 — 2016-01-12 16:52 — 00000000 ____D C:UsersRusyaAppDataRoamingAIMP
2016-04-03 21:02 — 2013-09-30 07:17 — 01805464 _____ C:Windowssystem32PerfStringBackup.INI
2016-04-03 21:02 — 2013-09-30 06:58 — 00790124 _____ C:Windowssystem32perfh019.dat
2016-04-03 21:02 — 2013-09-30 06:58 — 00161810 _____ C:Windowssystem32perfc019.dat
2016-04-03 21:02 — 2013-08-22 16:36 — 00000000 ____D C:WindowsInf
2016-03-31 10:57 — 2014-10-14 14:11 — 00002211 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-03-30 22:03 — 2015-06-02 15:27 — 00000000 ____D C:UsersRusyaAppDataRoamingAtlassian
2016-03-30 14:06 — 2015-12-02 11:05 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHipChat
2016-03-30 12:38 — 2016-02-24 22:11 — 00491256 _____ C:Windowssystem32FNTCACHE.DAT
2016-03-29 16:01 — 2016-02-26 13:37 — 00000000 ____D C:UsersRusyaDesktopКопия телефона
2016-03-26 20:20 — 2014-10-15 11:28 — 00000000 ___RD C:UsersRusyaDesktopЯрлыки
2016-03-25 11:59 — 2014-10-17 19:10 — 00000000 ____D C:UsersRusyaAppDataRoamingTeamViewer
2016-03-20 15:34 — 2015-10-06 14:09 — 00000000 ____D C:Program Files (x86)Dropbox
2016-03-16 17:40 — 2014-11-09 13:32 — 00000000 ____D C:UsersВсе пользователиKMSAutoS
2016-03-16 17:40 — 2014-11-09 13:32 — 00000000 ____D C:ProgramDataKMSAutoS
2016-03-14 14:26 — 2015-08-13 20:57 — 00000000 ____D C:output
2016-03-13 20:56 — 2016-02-16 13:15 — 00000000 ____D C:UsersRusyaDesktopDemo_E
2016-03-12 21:56 — 2015-09-04 08:58 — 00000000 ____D C:UsersRusya.oracle_jre_usage
2016-03-10 10:29 — 2014-10-12 20:30 — 00000000 ____D C:UsersВсе пользователиSkype
2016-03-10 10:29 — 2014-10-12 20:30 — 00000000 ____D C:ProgramDataSkype
2016-03-08 21:59 — 2016-01-12 18:04 — 00002457 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2016-03-08 21:40 — 2013-08-22 18:36 — 00000000 ____D C:Windowssystem32NDF

==================== Files in the root of some directories =======

2016-04-06 11:49 — 2016-04-06 11:49 — 0000012 _____ () C:UsersRusyaAppDataRoaming078
2015-03-18 18:25 — 2015-03-18 18:25 — 0000046 _____ () C:UsersRusyaAppDataRoamingCamdata.ini
2015-03-18 18:25 — 2015-03-18 18:25 — 0000408 _____ () C:UsersRusyaAppDataRoamingCamLayout.ini
2015-03-18 18:25 — 2015-03-18 18:25 — 0000408 _____ () C:UsersRusyaAppDataRoamingCamShapes.ini
2015-03-18 18:25 — 2015-03-18 18:25 — 0004510 _____ () C:UsersRusyaAppDataRoamingCamStudio.cfg
2016-04-06 11:49 — 2016-04-06 11:49 — 0000012 _____ () C:ProgramData2198
2016-04-06 11:49 — 2016-04-06 11:49 — 0000012 _____ () C:ProgramData3495
2016-04-06 11:49 — 2016-04-06 11:49 — 0000012 _____ () C:ProgramData3969

Some files in TEMP:
====================
C:UsersRusyaAppDataLocalTemplibeay32.dll
C:UsersRusyaAppDataLocalTempmsvcr120.dll
C:UsersRusyaAppDataLocalTempsqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:WindowsSysWOW64dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed

LastRegBack: 2016-04-06 11:24

==================== End of FRST.txt ============================

[Admin]

Здравствуйте, Добро пожаловать на Spyware-ru форум.

Запустите программу Блокнот и вставьте в открытое окно следующий текст

CreateRestorePoint:

HKUS-1-5-21-1573865328-3615463135-1480589829-1001...Run: [poowqdfnde] => explorer "hxxp://tutsifi.ru/?utm_source=uoua03&utm_content=71939b02451863c8fba27634e3b849e6&utm_term=8432BFE8A8C3DBDA91535F402865FEF5&utm_d=20160406" <===== ATTENTION

HKUS-1-5-21-1573865328-3615463135-1480589829-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...Run: [poowqdfnde] => explorer "hxxp://tutsifi.ru/?utm_source=uoua03&utm_content=71939b02451863c8fba27634e3b849e6&utm_term=8432BFE8A8C3DBDA91535F402865FEF5&utm_d=20160406" <===== ATTENTION

HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION

S3 ASUSProcObsrv; ??F:I386AsPrOb64.sys [X]

S3 BtAudioBusSrv; SystemRootSystem32DriversBtAudioBus.sys [X]

S3 BthL2caScoIfSrv; SystemRootSystem32DriversBtL2caScoIf.sys [X]

S3 btUrbFilterDrv; SystemRootSystem32DriversIvtUrbBtFlt.sys [X]

Task: {FF212210-C831-448A-A97B-C301D41AAD30} - System32TasksSearchGo Task => C:UsersRusyaAppDataLocalSearchGosearchgo.exe

EmptyTemp:

Reboot:

Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist

Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.

Кроме этого:
1. выполните новую проверку программой FRST и получившийся лог прикрепите к вашему ответу.

[timina-al]

Спасибо за такой быстрый ответ!
FixLog

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Rusya (2016-04-07 11:13:06) Run:1
Running from C:FRST
Loaded Profiles: Rusya & UpdatusUser (Available Profiles: Rusya & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKUS-1-5-21-1573865328-3615463135-1480589829-1001…Run: [poowqdfnde] => explorer «hxxp://tutsifi.ru/?utm_source=uoua03&utm_content=71939b02451863c8fba27634e3b849e6&utm_term=8432BFE8A8C3DBDA91535F402865FEF5&utm_d=20160406» <===== ATTENTION
HKUS-1-5-21-1573865328-3615463135-1480589829-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0…Run: [poowqdfnde] => explorer «hxxp://tutsifi.ru/?utm_source=uoua03&utm_content=71939b02451863c8fba27634e3b849e6&utm_term=8432BFE8A8C3DBDA91535F402865FEF5&utm_d=20160406» <===== ATTENTION
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
S3 ASUSProcObsrv; ??F:I386AsPrOb64.sys [X]
S3 BtAudioBusSrv; SystemRootSystem32DriversBtAudioBus.sys [X]
S3 BthL2caScoIfSrv; SystemRootSystem32DriversBtL2caScoIf.sys [X]
S3 btUrbFilterDrv; SystemRootSystem32DriversIvtUrbBtFlt.sys [X]
Task: {FF212210-C831-448A-A97B-C301D41AAD30} — System32TasksSearchGo Task => C:UsersRusyaAppDataLocalSearchGosearchgo.exe
EmptyTemp:
Reboot:
*****************

Restore point was successfully created.
HKUS-1-5-21-1573865328-3615463135-1480589829-1001SoftwareMicrosoftWindowsCurrentVersionRun\poowqdfnde => value removed successfully
HKUS-1-5-21-1573865328-3615463135-1480589829-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SoftwareMicrosoftWindowsCurrentVersionRun\poowqdfnde => value not found.
«HKLMSOFTWAREPoliciesMicrosoftInternet Explorer» => key removed successfully
ASUSProcObsrv => service removed successfully
BtAudioBusSrv => service removed successfully
BthL2caScoIfSrv => service removed successfully
btUrbFilterDrv => service removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{FF212210-C831-448A-A97B-C301D41AAD30}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{FF212210-C831-448A-A97B-C301D41AAD30}» => key removed successfully
C:WindowsSystem32TasksSearchGo Task => moved successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeSearchGo Task» => key removed successfully
EmptyTemp: => 1.5 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 11:17:35 ====

[Admin]

Какова сейчас ситуация с Хромом ? выскакивает ли сайт funday24.ru?

[timina-al]

Спасибо большое! Все работает нормально)

[Admin]

Несколько завершающих действий.

1. Обновите ваши программы.
Зайдите на сайт update.microsoft.com и проверьте наличие обновлений для Windows.

2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать новые версии их заново.

Оставьте программу Malwarebytes Anti-malware. Обновляйте эту программу время от времени, и выполняйте полное сканирование компьютера раз в неделю.

3. И несколько дополнительных советов.

Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.

Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.

Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.

Всего доброго!

[Автор]

Сообщения